Loading init/Android.mk +2 −2 Original line number Original line Diff line number Diff line Loading @@ -5,9 +5,9 @@ LOCAL_PATH:= $(call my-dir) # -- # -- ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) init_options += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_DISABLE_SELINUX=1 init_options += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_PERMISSIVE_SELINUX=1 else else init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_DISABLE_SELINUX=0 init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_PERMISSIVE_SELINUX=0 endif endif init_options += -DLOG_UEVENTS=0 init_options += -DLOG_UEVENTS=0 Loading init/init.cpp +11 −29 Original line number Original line Diff line number Diff line Loading @@ -860,7 +860,7 @@ static void selinux_init_all_handles(void) sehandle_prop = selinux_android_prop_context_handle(); sehandle_prop = selinux_android_prop_context_handle(); } } enum selinux_enforcing_status { SELINUX_DISABLED, SELINUX_PERMISSIVE, SELINUX_ENFORCING }; enum selinux_enforcing_status { SELINUX_PERMISSIVE, SELINUX_ENFORCING }; static selinux_enforcing_status selinux_status_from_cmdline() { static selinux_enforcing_status selinux_status_from_cmdline() { selinux_enforcing_status status = SELINUX_ENFORCING; selinux_enforcing_status status = SELINUX_ENFORCING; Loading @@ -870,9 +870,7 @@ static selinux_enforcing_status selinux_status_from_cmdline() { if (value == nullptr) { return; } if (value == nullptr) { return; } *value++ = '\0'; *value++ = '\0'; if (strcmp(name, "androidboot.selinux") == 0) { if (strcmp(name, "androidboot.selinux") == 0) { if (strcmp(value, "disabled") == 0) { if (strcmp(value, "permissive") == 0) { status = SELINUX_DISABLED; } else if (strcmp(value, "permissive") == 0) { status = SELINUX_PERMISSIVE; status = SELINUX_PERMISSIVE; } } } } Loading @@ -882,24 +880,9 @@ static selinux_enforcing_status selinux_status_from_cmdline() { return status; return status; } } static bool selinux_is_disabled(void) { if (ALLOW_DISABLE_SELINUX) { if (access("/sys/fs/selinux", F_OK) != 0) { // SELinux is not compiled into the kernel, or has been disabled // via the kernel command line "selinux=0". return true; } return selinux_status_from_cmdline() == SELINUX_DISABLED; } return false; } static bool selinux_is_enforcing(void) static bool selinux_is_enforcing(void) { { if (ALLOW_DISABLE_SELINUX) { if (ALLOW_PERMISSIVE_SELINUX) { return selinux_status_from_cmdline() == SELINUX_ENFORCING; return selinux_status_from_cmdline() == SELINUX_ENFORCING; } } return true; return true; Loading @@ -907,10 +890,6 @@ static bool selinux_is_enforcing(void) int selinux_reload_policy(void) int selinux_reload_policy(void) { { if (selinux_is_disabled()) { return -1; } INFO("SELinux: Attempting to reload policy files\n"); INFO("SELinux: Attempting to reload policy files\n"); if (selinux_android_reload_policy() == -1) { if (selinux_android_reload_policy() == -1) { Loading Loading @@ -947,10 +926,6 @@ static void selinux_initialize(bool in_kernel_domain) { cb.func_audit = audit_callback; cb.func_audit = audit_callback; selinux_set_callback(SELINUX_CB_AUDIT, cb); selinux_set_callback(SELINUX_CB_AUDIT, cb); if (selinux_is_disabled()) { return; } if (in_kernel_domain) { if (in_kernel_domain) { INFO("Loading SELinux policy...\n"); INFO("Loading SELinux policy...\n"); if (selinux_android_load_policy() < 0) { if (selinux_android_load_policy() < 0) { Loading @@ -958,8 +933,15 @@ static void selinux_initialize(bool in_kernel_domain) { security_failure(); security_failure(); } } bool kernel_enforcing = (security_getenforce() == 1); bool is_enforcing = selinux_is_enforcing(); bool is_enforcing = selinux_is_enforcing(); security_setenforce(is_enforcing); if (kernel_enforcing != is_enforcing) { if (security_setenforce(is_enforcing)) { ERROR("security_setenforce(%s) failed: %s\n", is_enforcing ? "true" : "false", strerror(errno)); security_failure(); } } if (write_file("/sys/fs/selinux/checkreqprot", "0") == -1) { if (write_file("/sys/fs/selinux/checkreqprot", "0") == -1) { security_failure(); security_failure(); Loading Loading
init/Android.mk +2 −2 Original line number Original line Diff line number Diff line Loading @@ -5,9 +5,9 @@ LOCAL_PATH:= $(call my-dir) # -- # -- ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) init_options += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_DISABLE_SELINUX=1 init_options += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_PERMISSIVE_SELINUX=1 else else init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_DISABLE_SELINUX=0 init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_PERMISSIVE_SELINUX=0 endif endif init_options += -DLOG_UEVENTS=0 init_options += -DLOG_UEVENTS=0 Loading
init/init.cpp +11 −29 Original line number Original line Diff line number Diff line Loading @@ -860,7 +860,7 @@ static void selinux_init_all_handles(void) sehandle_prop = selinux_android_prop_context_handle(); sehandle_prop = selinux_android_prop_context_handle(); } } enum selinux_enforcing_status { SELINUX_DISABLED, SELINUX_PERMISSIVE, SELINUX_ENFORCING }; enum selinux_enforcing_status { SELINUX_PERMISSIVE, SELINUX_ENFORCING }; static selinux_enforcing_status selinux_status_from_cmdline() { static selinux_enforcing_status selinux_status_from_cmdline() { selinux_enforcing_status status = SELINUX_ENFORCING; selinux_enforcing_status status = SELINUX_ENFORCING; Loading @@ -870,9 +870,7 @@ static selinux_enforcing_status selinux_status_from_cmdline() { if (value == nullptr) { return; } if (value == nullptr) { return; } *value++ = '\0'; *value++ = '\0'; if (strcmp(name, "androidboot.selinux") == 0) { if (strcmp(name, "androidboot.selinux") == 0) { if (strcmp(value, "disabled") == 0) { if (strcmp(value, "permissive") == 0) { status = SELINUX_DISABLED; } else if (strcmp(value, "permissive") == 0) { status = SELINUX_PERMISSIVE; status = SELINUX_PERMISSIVE; } } } } Loading @@ -882,24 +880,9 @@ static selinux_enforcing_status selinux_status_from_cmdline() { return status; return status; } } static bool selinux_is_disabled(void) { if (ALLOW_DISABLE_SELINUX) { if (access("/sys/fs/selinux", F_OK) != 0) { // SELinux is not compiled into the kernel, or has been disabled // via the kernel command line "selinux=0". return true; } return selinux_status_from_cmdline() == SELINUX_DISABLED; } return false; } static bool selinux_is_enforcing(void) static bool selinux_is_enforcing(void) { { if (ALLOW_DISABLE_SELINUX) { if (ALLOW_PERMISSIVE_SELINUX) { return selinux_status_from_cmdline() == SELINUX_ENFORCING; return selinux_status_from_cmdline() == SELINUX_ENFORCING; } } return true; return true; Loading @@ -907,10 +890,6 @@ static bool selinux_is_enforcing(void) int selinux_reload_policy(void) int selinux_reload_policy(void) { { if (selinux_is_disabled()) { return -1; } INFO("SELinux: Attempting to reload policy files\n"); INFO("SELinux: Attempting to reload policy files\n"); if (selinux_android_reload_policy() == -1) { if (selinux_android_reload_policy() == -1) { Loading Loading @@ -947,10 +926,6 @@ static void selinux_initialize(bool in_kernel_domain) { cb.func_audit = audit_callback; cb.func_audit = audit_callback; selinux_set_callback(SELINUX_CB_AUDIT, cb); selinux_set_callback(SELINUX_CB_AUDIT, cb); if (selinux_is_disabled()) { return; } if (in_kernel_domain) { if (in_kernel_domain) { INFO("Loading SELinux policy...\n"); INFO("Loading SELinux policy...\n"); if (selinux_android_load_policy() < 0) { if (selinux_android_load_policy() < 0) { Loading @@ -958,8 +933,15 @@ static void selinux_initialize(bool in_kernel_domain) { security_failure(); security_failure(); } } bool kernel_enforcing = (security_getenforce() == 1); bool is_enforcing = selinux_is_enforcing(); bool is_enforcing = selinux_is_enforcing(); security_setenforce(is_enforcing); if (kernel_enforcing != is_enforcing) { if (security_setenforce(is_enforcing)) { ERROR("security_setenforce(%s) failed: %s\n", is_enforcing ? "true" : "false", strerror(errno)); security_failure(); } } if (write_file("/sys/fs/selinux/checkreqprot", "0") == -1) { if (write_file("/sys/fs/selinux/checkreqprot", "0") == -1) { security_failure(); security_failure(); Loading
