On May 23, 2016 11:58, "Edward Paul Ratazzi" <[email protected]> wrote: > > It's a userdebug build, William. > Haha you said enabling and looked at what you were doing I thought you were trying to get a build from enforcing into permissive mode.
> Prompted by Stephen's question about the kernel config options, I did a little digging into the android-x86 source and found out that there are no SELINUX options included in the default config file for the 4.0.9 kernel used in thier 5.1.1 build (see https://sourceforge.net/p/android-x86/kernel/ci/kernel-4.0/tree/arch/x86/configs/android-x86_defconfig). Sure enough, the resulting .config file has nothing about SELinux (see attached). It looks as though their newest 4.4.8 kernel, for the marshmallow build, includes SELINUX options (see https://sourceforge.net/p/android-x86/kernel/ci/kernel-4.4/tree/arch/x86/configs/android-x86_defconfig ). > > I'm guessing this means that the only path to getting SELinux into an enabled state in 5.1.1 VM is to rebuild the kernel with a configuration that includes the SELINUX options, correct? Even though I am seeing the file infrastructure (sepolicy, etc.), am I correct in believing the the built kernel, as it currently stands, does not include the required functionality to act on the kernel command line parameters I passed to it? Correct the selinux lsm and default security are not set. So you'll need to build the kernel. > > Thanks again, > Paul > > ________________________________________ > From: Stephen Smalley <[email protected]> > Sent: Monday, May 23, 2016 1:23:09 PM > To: Edward Paul Ratazzi; [email protected] > Subject: Re: Enabling SELinux when Disabled > > On 05/23/2016 12:50 PM, Edward Paul Ratazzi wrote: > > I am using an Android 5.1.1 x86 VM in VirtualBox which was built with > > SELinux in disabled mode (per getenforce). The SELinux infrastructure > > files such as sepolicy, seapp_contexts, etc. are present in the image. I > > would like to know if there is a way to enable SELinux on this this VM > > without rebuilding it (I already know how to do that). > > > > > > I have tried passing enforcing=0 and androidboot.selinux=permissive on > > the kernel command line (by way of grub.cfg) and verified by way of > > dmesg inside the VM that these parameters are reaching the VM during > > boot. Unfortunately, this has had no effect on the state of SELinux in > > the VM. > > > > > > Is what I'm trying to do possible, and if so, what may I be missing? > > Kernel config, particularly the SELINUX options? > >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
