Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f3c85b24 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

Only allow disabling SELinux on userdebug / eng builds 

Only parse and honor the kernel command line on userdebug
or eng builds. On user builds, assume that selinux is always enabled
and enforcing.

Change-Id: I71c66e4365bdf2f226800634126a38b716d96599
parent 676f7d50

init/Android.mk

+1 −1
Original line number Diff line number Diff line
@@ -25,7 +25,7 @@ LOCAL_CFLAGS += -DBOOTCHART=1 
endif



ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))

LOCAL_CFLAGS += -DALLOW_LOCAL_PROP_OVERRIDE=1

LOCAL_CFLAGS += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_DISABLE_SELINUX=1

endif



# Enable ueventd logging

init/init.c

+4 −0
Original line number Diff line number Diff line
@@ -868,6 +868,7 @@ void selinux_init_all_handles(void) 


static bool selinux_is_disabled(void)

{

#ifdef ALLOW_DISABLE_SELINUX

    char tmp[PROP_VALUE_MAX];



    if (access("/sys/fs/selinux", F_OK) != 0) {
@@ -881,12 +882,14 @@ static bool selinux_is_disabled(void) 
        /* SELinux is compiled into the kernel, but we've been told to disable it. */

        return true;

    }

#endif



    return false;

}



static bool selinux_is_enforcing(void)

{

#ifdef ALLOW_DISABLE_SELINUX

    char tmp[PROP_VALUE_MAX];



    if (property_get("ro.boot.selinux", tmp) == 0) {
@@ -903,6 +906,7 @@ static bool selinux_is_enforcing(void) 
        ERROR("SELinux: Unknown value of ro.boot.selinux. Got: \"%s\". Assuming enforcing.\n", tmp);

    }



#endif

    return true;

}