ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "Only allow disabling SELinux on userdebug / eng builds"

Browse source
This commit is contained in:
Nick Kralevich 2014-06-03 16:17:52 +00:00 committed by Gerrit Code Review
commit 82015d4f12
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
init/Android.mk
View file

@ -25,7 +25,7 @@ LOCAL_CFLAGS += -DBOOTCHART=1
endif endif
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
LOCAL_CFLAGS += -DALLOW_LOCAL_PROP_OVERRIDE=1 LOCAL_CFLAGS += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_DISABLE_SELINUX=1
endif endif
# Enable ueventd logging # Enable ueventd logging

4
init/init.c
View file

@ -868,6 +868,7 @@ void selinux_init_all_handles(void)
static bool selinux_is_disabled(void) static bool selinux_is_disabled(void)
{ {
#ifdef ALLOW_DISABLE_SELINUX
char tmp[PROP_VALUE_MAX]; char tmp[PROP_VALUE_MAX];
if (access("/sys/fs/selinux", F_OK) != 0) { if (access("/sys/fs/selinux", F_OK) != 0) {
@ -881,12 +882,14 @@ static bool selinux_is_disabled(void)
/* SELinux is compiled into the kernel, but we've been told to disable it. */ /* SELinux is compiled into the kernel, but we've been told to disable it. */
return true; return true;
} }
#endif
return false; return false;
} }
static bool selinux_is_enforcing(void) static bool selinux_is_enforcing(void)
{ {
#ifdef ALLOW_DISABLE_SELINUX
char tmp[PROP_VALUE_MAX]; char tmp[PROP_VALUE_MAX];
if (property_get("ro.boot.selinux", tmp) == 0) { if (property_get("ro.boot.selinux", tmp) == 0) {
@ -903,6 +906,7 @@ static bool selinux_is_enforcing(void)
ERROR("SELinux: Unknown value of ro.boot.selinux. Got: \"%s\". Assuming enforcing.\n", tmp); ERROR("SELinux: Unknown value of ro.boot.selinux. Got: \"%s\". Assuming enforcing.\n", tmp);
} }
#endif
return true; return true;
} }