不是针对消费电子,像工控特殊行业应用,有时需要将android的selinux强行打开。
方法如下:
1、system\core\init\Android.mk
--- a/system/core/init/Android.mk
+++ b/system/core/init/Android.mk
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
init_options += \
-DALLOW_LOCAL_PROP_OVERRIDE=1 \
-DALLOW_PERMISSIVE_SELINUX=1 \
-DREBOOT_BOOTLOADER_ON_PANIC=1 \
-DWORLD_WRITABLE_KMSG=1 \
-DDUMP_ON_UMOUNT_FAILURE=1
else
init_options += \
-DALLOW_LOCAL_PROP_OVERRIDE=0 \
--- -DALLOW_PERMISSIVE_SELINUX=0 \
+++ -DALLOW_PERMISSIVE_SELINUX=1 \ //添加这行,去掉上面一行
-DREBOOT_BOOTLOADER_ON_PANIC=0 \
-DWORLD_WRITABLE_KMSG=0 \
-DDUMP_ON_UMOUNT_FAILURE=0
endif
2、system\core\init\selinux.cpp
EnforcingStatus StatusFromCmdline() {
--- //EnforcingStatus status = SELINUX_ENFORCING;
+++ EnforcingStatus status = SELINUX_PERMISSIVE;
import_kernel_cmdline(false,
[&](const std::string& key, const std::string& value, bool in_qemu) {
if (key == "androidboot.selinux" && value == "permissive") {
status = SELINUX_PERMISSIVE;
}
});
//status = SELINUX_PERMISSIVE; //可以打开直接设置
return status;
}
3、具体的实现代码如下:
system\core\init\selinux.cpp
enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING };
EnforcingStatus StatusFromCmdline() {
//EnforcingStatus status = SELINUX_ENFORCING;
EnforcingStatus status = SELINUX_PERMISSIVE;
import_kernel_cmdline(false,
[&](const std::string& key, const std::string& value, bool in_qemu) {
if (key == "androidboot.selinux" && value == "permissive") {
status = SELINUX_PERMISSIVE;
}
});
status = SELINUX_PERMISSIVE;
return status;
}
bool IsEnforcing() {
if (ALLOW_PERMISSIVE_SELINUX) { //ALLOW_PERMISSIVE_SELINUX=1,进入 SELINUX_PERMISSIVE!=SELINUX_ENFORCING,返回false
return StatusFromCmdline() == SELINUX_ENFORCING;
}
return true;
}