Selinux
SELinux is an optional feature of the Linux kernel that provides support to enforce access control security policies to enforce MAC. It is based on the LSM framework.
Working with SELinux on Android – LineageOS
Android 关闭selinux
MT6835 Android系统默认是开启selinux的,由于selinux限制比较多,所以需要关闭selinux
MT6835 关闭SeLinux方法
软件代码直接关闭
target/system/core/init/selinux.cpp
将
bool IsEnforcing() {if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromProperty() == SELINUX_ENFORCING;}return true;
}修改为
bool IsEnforcing() {/*if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromProperty() == SELINUX_ENFORCING;}*/return false;
}mssi/system/core/init/selinux.cpp
将
bool IsEnforcing() {if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromProperty() == SELINUX_ENFORCING;}return true;
}修改为
bool IsEnforcing() {/*if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromProperty() == SELINUX_ENFORCING;}*/return false;
}内核配置启动参数
修改BOARD_KERNEL_CMDLINE增加androidboot.selinux = permissive
查看
./target/build/make/core/board_config.mk
_board_strip_readonly_list += BOARD_KERNEL_CMDLINE
INTERNAL_KERNEL_CMDLINE:= $(BOARD_KERNEL_CMDLINE)
发现BOARD_KERNEL_CMDLINE最终赋值给到INTERNAL_KERNEL_CMDLINE
所以我们只需要修改INTERNAL_KERNEL_CMDLINE接口
修改方法
./target/build/make/core/config.mk
将
ifneq ($(BOARD_SUPER_PARTITION_METADATA_DEVICE),super)
INTERNAL_KERNEL_CMDLINE += androidboot.super_partition=$(BOARD_SUPER_PARTITION_METADATA_DEVICE)
endif修改为
ifneq ($(BOARD_SUPER_PARTITION_METADATA_DEVICE),super)
INTERNAL_KERNEL_CMDLINE += androidboot.super_partition=$(BOARD_SUPER_PARTITION_METADATA_DEVICE)
endif
INTERNAL_KERNEL_CMDLINE += androidboot.selinux = permissive./mssi/build/make/core/config.mk
将
# The metadata device must be supplied to init via the kernel command-line.
INTERNAL_KERNEL_CMDLINE += androidboot.super_partition=$(BOARD_SUPER_PARTITION_METADATA_DEVICE)修改为
# The metadata device must be supplied to init via the kernel command-line.
INTERNAL_KERNEL_CMDLINE += androidboot.selinux = permissive
INTERNAL_KERNEL_CMDLINE += androidboot.super_partition=$(BOARD_SUPER_PARTITION_METADATA_DEVICE)
