Android8.x/9.x/10.x user版本关闭selinux以及打开UART控制台输入和关闭内核日志输出功能

1、user版本关闭selinux
仅限于系统调试时使用，量产版本需要将其设置回去成ELINUX_ENFORCING模式。
1.1)背景

C:\Users\zhaojr>  adb root
C:\Users\zhaojr>  adb remount
C:\Users\zhaojr> adb shell
ac8257:/ # getenforce
getenforce
Enforcing

这个表明Selinux权限存在。
1.2) 开机抓取日志
抓一份开机串口log，检索SELinux

[ 7.085097] init: Loading SELinux policy
这句log是重点，从init可以判断这句代码是从system下面找到的。
1.3）关闭selinux

zhaojr@igentai:~/USER_MC2_20210202_AC8257/ac8257$ grep "Loading SELinux policy" ./system/core -nR
./system/core/init/selinux.cpp:373:    LOG(VERBOSE) << "Loading SELinux policy from monolithic file";
./system/core/init/selinux.cpp:390:    LOG(INFO) << "Loading SELinux policy";

zhaojr@igentai:~/USER_MC2_20210202_AC8257/ac8257$ vim ./system/core/init/selinux.cpp

所以按照以上逻辑修改如下：
system/core/init/Android.mk

diff --git a/system/core/init/Android.mk b/system/core/init/Android.mk
old mode 100644
new mode 100755
index c4a6a50..f493524
--- a/system/core/init/Android.mk
+++ b/system/core/init/Android.mk
@@ -15,6 +15,7 @@ else
 init_options += \
     -DALLOW_LOCAL_PROP_OVERRIDE=0 \
     -DALLOW_PERMISSIVE_SELINUX=0 \
+    -DSELINUX_ENFORCING_MODE=1 \
     -DREBOOT_BOOTLOADER_ON_PANIC=0 \
     -DWORLD_WRITABLE_KMSG=0 \
     -DDUMP_ON_UMOUNT_FAILURE=0
代码如下：
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
init_options += \
    -DALLOW_LOCAL_PROP_OVERRIDE=1 \
    -DALLOW_PERMISSIVE_SELINUX=1 \
    -DREBOOT_BOOTLOADER_ON_PANIC=1 \
    -DWORLD_WRITABLE_KMSG=1 \
    -DDUMP_ON_UMOUNT_FAILURE=1
else
init_options += \
    -DALLOW_LOCAL_PROP_OVERRIDE=0 \
    -DALLOW_PERMISSIVE_SELINUX=0 \
    -DSELINUX_ENFORCING_MODE=1 \   //假如这行，只有在user模式编译的时候才有效
    -DREBOOT_BOOTLOADER_ON_PANIC=0 \
    -DWORLD_WRITABLE_KMSG=0 \
    -DDUMP_ON_UMOUNT_FAILURE=0
endif

system/core/init/selinux.cpp

bool IsEnforcing() {
#if SELINUX_ENFORCING_MODE  //SELinux is only turned off when compiling in user mode
    return false;
#endif //
    if (ALLOW_PERMISSIVE_SELINUX) {
        return StatusFromCmdline() == SELINUX_ENFORCING;
    }
    return true;
}

1.4 最后进行验证

C:\Users\zhaojr>  adb root
C:\Users\zhaojr>  adb remount
C:\Users\zhaojr> adb shell
ac8257:/ # getenforce
getenforce
Permissive

2、user模式使能debug串口和控制台
2.1、修改内核命令行参数，串口使能，内核日志输出关闭
如下：
vendor/mediatek/proprietary/bootable/bootloader/lk/app/mt_boot/mt_boot.c

int boot_linux_fdt(void *kernel, unsigned *tags,
		   unsigned machtype,
		   void *ramdisk, unsigned ramdisk_sz)
{
	void *fdt = tags;
	int ret;
	int offset;
	char tmpbuf[TMPBUF_SIZE];
	dt_dram_info mem_reg_property[128];
	............................................
		if (!has_set_p2u) {
		switch (eBuildType) {
		case BUILD_TYPE_USER:
			if (((g_boot_mode == META_BOOT) && is_meta_log_disable &&
#ifdef LOG_STORE_SUPPORT
			    (is_meta_log_disable() == 0)) || g_boot_arg->log_dynamic_switch)
#else
		      (is_meta_log_disable() == 0)))
#endif
			{
#ifdef ATC_AOSP_ENHANCEMENT
				extern int in_fastavm_state(void);
				if (in_fastavm_state()) {
					cmdline_append("printk.disable_uart=1");
				} else {  //user模式下uart debug口uart debug口使能，内核日志关闭
					//cmdline_append("printk.disable_uart=0");
					//Turn off log information and print only error and warning letters
					cmdline_append("printk.disable_uart=0 loglevel=0 preset_lpj=52000");
				}
#else
				cmdline_append("printk.disable_uart=0");
#endif
			}
			else
				cmdline_append("printk.disable_uart=1");
			break;

		case BUILD_TYPE_USERDEBUG:
			if ((g_boot_mode == META_BOOT) && is_meta_log_disable &&
#ifdef LOG_STORE_SUPPORT
			    (is_meta_log_disable() == 1) && (g_boot_arg->log_dynamic_switch == 0))
#else
			    (is_meta_log_disable() == 1))
#endif
				cmdline_append("printk.disable_uart=1 slub_debug=O");
#ifdef LOG_STORE_SUPPORT
			else if (boot_ftrace && g_boot_arg->log_dynamic_switch == 0)
#else
			else if (boot_ftrace)
#endif
				cmdline_append("printk.disable_uart=1 slub_debug=-");
			else
			{
#ifdef ATC_AOSP_ENHANCEMENT
				extern int in_fastavm_state(void);
				if (in_fastavm_state()) {
					cmdline_append("printk.disable_uart=1");
				} else { //userdebug模式下uart debug口使能，内核日志关闭
				//	cmdline_append("printk.disable_uart=0");
				//Turn off log information and print only error and warning letters
				//cmdline_append("printk.disable_uart=1 loglevel=4 preset_lpj=52000");
				//cmdline_append("printk.disable_uart=1 quiet preset_lpj=52000");
				cmdline_append("printk.disable_uart=0 loglevel=0 preset_lpj=52000");
				}
#else
				cmdline_append("printk.disable_uart=0");
#endif
			}
			break;

		case BUILD_TYPE_ENG:
		..............................................

2.2 user模式下打开uart控制台输入
原理，在system/core/rootdir/init.rc中

service console /system/bin/sh
    class core
    console
    disabled
    root shell
    group shell log readproc
    seclabel u:r:shell:s0
    setenv HOSTNAME console

on property:ro.debuggable=1
    # Give writes to anyone for the trace folder on debug builds.
    # The folder is used to store method traces.
    chmod 0773 /data/misc/trace
    # Give reads to anyone for the window trace folder on debug builds.
    chmod 0775 /data/misc/wmtrace
    start console

说明当ro.debuggable=1才启动串口控制台，意思就是说在user模式编译时，ro.debuggable=0，所以控制台只有输出没有输入，根据这个原理，我们修改在user模式下将ro.debuggable=0修改成ro.debuggable=1即可，如下：
build/make/core/main.mk

ifeq (true,$(strip $(enable_target_debugging)))
  # Target is more debuggable and adbd is on by default
  ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
  # Enable Dalvik lock contention logging.
  ADDITIONAL_BUILD_PROPERTIES += dalvik.vm.lockprof.threshold=500
  # Include the debugging/testing OTA keys in this build.
  INCLUDE_TEST_OTA_KEYS := true
else # !enable_target_debugging
  # Target is less debuggable and adbd is off by default
  # ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=0
  ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
endif # !enable_target_debugging