Merge changes from topic "bootconfig-selinux-property" am: c19a7dd30e am: aff8b2da5c

Original change: https://android-review.googlesource.com/c/platform/system/core/+/1624584 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I31f9d3b889abdf1f09df3efd520c0061abacde39
2021-03-11 16:37:47 +00:00 · 2021-03-11 16:37:47 +00:00 · 3104a550af
commit 3104a550af
parent 696017ac7c aff8b2da5c
1 changed files with 10 additions and 2 deletions
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@ -92,7 +92,7 @@ namespace {

 enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING };

-EnforcingStatus StatusFromCmdline() {
+EnforcingStatus StatusFromProperty() {
    EnforcingStatus status = SELINUX_ENFORCING;

    ImportKernelCmdline([&](const std::string& key, const std::string& value) {
@ -101,12 +101,20 @@ EnforcingStatus StatusFromCmdline() {
        }
    });

+    if (status == SELINUX_ENFORCING) {
+        ImportBootconfig([&](const std::string& key, const std::string& value) {
+            if (key == "androidboot.selinux" && value == "permissive") {
+                status = SELINUX_PERMISSIVE;
+            }
+        });
+    }
+
    return status;
 }

 bool IsEnforcing() {
    if (ALLOW_PERMISSIVE_SELINUX) {
-        return StatusFromCmdline() == SELINUX_ENFORCING;
+        return StatusFromProperty() == SELINUX_ENFORCING;
    }
    return true;
 }