android:在AndroidO下将selinux设置为permissive

ps:运行时的操作就是命令行下的，最简单，重启失效

$getenforce

$setenforce 0

 

 

'修改测略'：

            log:01-01 00:00:20.828  3665  3665 W sh      : type=1400 audit(0.0:12): avc: denied { write } for name="core_pattern" dev="proc" ino=11742 scontext=u:r:brlinkd:s0 tcontext=u:object_r:usermodehelper:s0 tclass=file permissive=0
            分析: scontext=u:r:brlinkd
                  tcontext=u:object_r:usermodehelper
                  tclass=file
                  avc:denied{write}
            解析:在brlinkd.te里面写
            allow brlinkd usermodehelper:file write;

            src:
                    device/xxfslxx/xxvinsonxx/sepolicy
                    system/sepolicy
            define:
                    system/sepolicy/*/global_macros

 

'关闭selinux策略'：

            在system/core/init/init.rc里面

                static selinux_enforcing_status selinux_status_from_cmdline() {
                    selinux_enforcing_status status = SELINUX_ENFORCING;
    
                    import_kernel_cmdline(false, [&](const std::string& key, const std::string& value, bool in_qemu) {
                        if (key == "androidboot.selinux" && value == "permissive") {
                            status = SELINUX_PERMISSIVE;
                        }   
                    });
    
                    return status;
                }   
            如上判断kernel_cmdline里面是否有androidboot.seliux;enforcing为打开,permissive为关上。
    
            所以在Boardconfig.mk里面对BOARD_KERNEL_CMDLINE进行添加androidboot.selinux=permissive即可关闭selinux