1、Running mode
adb shell setenforce 1 // Enforing
adb shell setenforce 0 // Permissive
2、Build mode:
Ref file : system\core\init\Android.mk 增加定义
LOCAL_CFLAGS += -DALLOW_DISABLE_SELINUX=1
Ref file : system\core\init\init.c
static bool selinux_is_enforcing(void)
{
#ifdef ALLOW_DISABLE_SELINUX
return false; // add for project.
char tmp[PROP_VALUE_MAX];
{
#ifdef ALLOW_DISABLE_SELINUX
return false; // add for project.
char tmp[PROP_VALUE_MAX];
if (property_get("ro.boot.selinux", tmp) == 0) {
/* Property is not set. Assume enforcing */
ERROR("Property is not set. Assume enforcing\n"); // adb shell dmesg show this line. why?
return true;
}
/* Property is not set. Assume enforcing */
ERROR("Property is not set. Assume enforcing\n"); // adb shell dmesg show this line. why?
return true;
}
if (strcmp(tmp, "permissive") == 0) {
/* SELinux is in the kernel, but we've been told to go into permissive mode */
ERROR("we've been told to go into permissive mode\n");
return false;
}
/* SELinux is in the kernel, but we've been told to go into permissive mode */
ERROR("we've been told to go into permissive mode\n");
return false;
}
if (strcmp(tmp, "enforcing") != 0) {
ERROR("SELinux: Unknown value of ro.boot.selinux. Got: \"%s\". Assuming enforcing.\n", tmp);
}
ERROR("SELinux: Unknown value of ro.boot.selinux. Got: \"%s\". Assuming enforcing.\n", tmp);
}
#endif
return true;
}
return true;
}
3. adb shell getenforce
result : permissive