pa-fazil
/
android_system_core
mirror of https://github.com/fazilsheik96/android_system_core.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow selinux to be set by bootconfig 

The androidboot.selinux property is loaded in a special way, because it
happens in the "selinux_setup" stage, and not the true second stage.
Allow it to be passed through bootconfig instead of only via the kernel
cmdline.

Bug: 173815685
Test: launch_cvd -extra_kernel_cmdline androidboot.selinux=permissive
Test: launch_cvd -guest_enforce_security=false [bootconfig method]
[..]
init: Permissive SELinux boot, forcing sys.init.perf_lsm_hooks to 1.
[..]
Change-Id: I92003c7a2dac5d6e7d0e0f4ee2757f86cc0087c7
This commit is contained in:
Alistair Delva 2021-03-09 11:04:23 -08:00
parent 3bb240bd4c
commit 63594a4dbc
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
init/selinux.cpp
View File

@ -92,7 +92,7 @@ namespace {
enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING }; enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING };
EnforcingStatus StatusFromCmdline() { EnforcingStatus StatusFromProperty() {
EnforcingStatus status = SELINUX_ENFORCING; EnforcingStatus status = SELINUX_ENFORCING;
ImportKernelCmdline([&](const std::string& key, const std::string& value) { ImportKernelCmdline([&](const std::string& key, const std::string& value) {
@ -101,12 +101,20 @@ EnforcingStatus StatusFromCmdline() {
} }
}); });
if (status == SELINUX_ENFORCING) {
ImportBootconfig([&](const std::string& key, const std::string& value) {
if (key == "androidboot.selinux" && value == "permissive") {
status = SELINUX_PERMISSIVE;
}
});
}
return status; return status;
} }
bool IsEnforcing() { bool IsEnforcing() {
if (ALLOW_PERMISSIVE_SELINUX) { if (ALLOW_PERMISSIVE_SELINUX) {
return StatusFromCmdline() == SELINUX_ENFORCING; return StatusFromProperty() == SELINUX_ENFORCING;
} }
return true; return true;
} }