Must be missing some denials perhaps early in init? That is my only guess. On Thu, Jan 3, 2013 at 9:38 AM, Alice Chu <[email protected]> wrote: > Hello, > > Does anyone know where in init.rc is the best place to setenforce to 1? > > We want to set enforcement mode. Here is what we observed: > (1) If setenforce is not set in init.rc, when phone is up, enable > enforcement mode via SEManager->Enforcing Mode->SELinux Mode checked, then > reboot, the phone reboots successfully and eventually reaches idle screen. > The phone functions properly. > > (2) If adding "setenforce 1" to the beginning section of init.rc (around > line #20 of init.rc), the phone will keep rebooting. Occasionally it reaches > the Welcome screen, but as soon as the Start button is pressed, it reboots. > I was told it was modem crash, but I'm unable to get more info > because on my phone the adb is not working. The phone is completely offline. > I am unable to get logcat, dmesg, kmsg, etc. > > (3) If adding "setenforce 1" to the bottom of "on boot" section of > init.rc, the phone boots normally and it works as (1). > > So my question is: > Where in init.rc (which section) is the best place to have "setenforce 1" > without compromising security and having a functioning phone? > > I do not find the example from AOSP master branch's init.rc, so I am posting > the question here. > > Thank you very much for the help! > Alice Chu > > -- > This message was distributed to subscribers of the seandroid-list mailing > list. > If you no longer wish to subscribe, send mail to [email protected] with > the words "unsubscribe seandroid-list" without quotes as the message.
-- Respectfully, William C Roberts -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
