Menu
I am trying to identify the configuration file where SELinux is set to Enforcing mode in Android Framework.
Please do not reply just saying
adb shell su 0 setenforce permissive
I need the system to boot in permissive mode or have SELinux completely disabled at boot time.
Thanks
215
Change the SELINUX value to SELINUX=disabled in the file /etc/selinux/config. Reboot the server. Reboot the server.
The main difference between "Permissive" mode and disabling SELinux is that you will not get AVC log messages anymore and that SELinux will not keep files label up-to-date so you will need to relabel your files before enabling it again.
Disabling SELinux is not a recommended course of action as it is not actually addressing security issues directly. Disabling SELinux is often done as an easy solution instead of correctly working with SELinux contexts.
There are two ways that enforcing mode is set. On user builds, it will always be in enforcing. On eng or userdebug, you can control it. You can control it in the standard selinux way, by setting enforcing=1/0 on the kernel command line as outlined in Dan Walsh's blog:
http://danwalsh.livejournal.com/10972.html
The Android centric way is to set the kernel command line to androidboot.selinux=permissive
You can control the kernel command line by editing your BoardConfig.mk and adding this:
BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive
The Android centric way is enforced by init, if you look in system/core/init/init.cpp look at the selinux_initialize() routine that is called from main().
143
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
