一、方法一:临时修改
使用命令setenforce 0
缺点:重启失效,而且是命令。输入命令肯定是开机完成,所以开机阶段的selinux问题无法去掉
二、方法二:永久修改selinux.cpp
修改system/core/init/selinux.cpp
diff --git a/init/selinux.cpp b/init/selinux.cpp
index ce8348e..03e2516 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -104,10 +104,7 @@ EnforcingStatus StatusFromCmdline() {
}
bool IsEnforcing() {
- if (ALLOW_PERMISSIVE_SELINUX) {
- return StatusFromCmdline() == SELINUX_ENFORCING;
- }
- return true;
+ return 0;
}
这里写成return false也可以
优点:还是会报avc denied错误,但是操作会成功。相当于警告不报错
三、方法三:永久修改lk
其实从上面看到StatusFromCmdline()看到其实selinux权限是否开启是通过cmdline传过来的
vendor/mediatek/prorietary/bootable/bootloader/lk/platform/mtxxx/rules.mk :9
# choose one of following value -> 2: permissive /3: enforcing=
SELINUX_STATUS := 3
==>
SELINUX_STATUS := 2
优点:还是会报avc denied错误,但是操作会成功。相当于警告不报错
四、方法四:修改Boardconfig.mk的cmdline
BoardConfig.mk文件里BOARD_KERNEL_CMDLINE末尾加上 androidboot.selinux=permissive编译boot.img即可
diff --git a/base/device/BoardConfig.mk b/base/device/BoardConfig.mk
index 80375ba..97b358d 100644
--- a/base/device/BoardConfig.mk
+++ b/base/device/BoardConfig.mk
@@ -178,7 +178,7 @@ endif
TARGET_USES_ION := true
TARGET_USES_NEW_ION_API :=true
-BOARD_KERNEL_CMDLINE:= console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xa90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 androidboot.usbcontroller=a600000.dwc3 swiotlb=2048 loop.max_part=7 cgroup.memory=nokmem,nosocket reboot=panic_warm
+BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xa90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 androidboot.usbcontroller=a600000.dwc3 swiotlb=2048 loop.max_part=7 cgroup.memory=nokmem,nosocket reboot=panic_warm androidboot.selinux=permissive