Thanks for pointing out. The kernel command line way works. Andy
On Sat, Jun 21, 2014 at 12:03 AM, Stephen Smalley <[email protected]> wrote: > On 06/19/2014 02:37 AM, Andy Song wrote: > > Hi Dear Linux, > > > > I want to make my userdebug (KitKat) build have SELinux in permissive > > mode and I found in selinux_initialize() it checks property > > ro.boot.selinux to determine. I think it's a good idea for me just > > manipulate this property in my own device makefile so that it doesn't > > affect or depend on other staff. So I went off adding > > ro.boot.selinux=permissive if it's userdebug > > to ADDITIONAL_DEFAULT_PROPERTIES. > > > > But it doesn't work. I found that in > > system/core/init/init.c, property_load_boot_defaults() is called > > after selinux_initialize(). I guess that's why in selinux_initialize() > > it always says property not set although I can see ro.boot.selinux > > already in /default.prop. > > > > Can we fix this by simply call property_load_boot_defaults() > > before selinux_initialize()? > > I'm now trying this, will report back if it works. > > Add "androidboot.selinux=permissive" to BOARD_KERNEL_CMDLINE in your > BoardConfig.mk, and init will set ro.boot.selinux before > selinux_initialize() is reached. For some devices (e.g. manta), you > have to set the cmdline string in the kernel config instead. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
