This article was reproduced from: http://blog.csdn.net/lei1217/article/details/48377109
[Description]
Linux SELinux is divided into enforce and Permissive two modes, how to set and confirm the current SELinux mode?
[Keyword]
Android, SELinux, enforce, Permissive
[Solution]
After the Android KK 4.4 version, Google has a formal and limited enable selinux, to enhance the security protection of Android.
In the Eng version, you can use the Setenforce command to set up:
ADB shell Setenforce 0//Set into permissive mode
ADB shell Setenforce 1//Set into enforce mode
In the Eng/user version, you can use the Getenforce command to query, such as:
[email protected]_phone_720pv2:/# Getenforce
Getenforce
Enforcing
If you want to set the mode on boot, you can use the following method:
KK Version: Update mediatek/custom/{platform}/lk/rules_platform.mk
L Version: Update bootable/bootloader/lk/platform/mt6xxx/rules.mk
# Choose one of following value, 1:DISABLED/2: permissive/3: Enforcing
Selinux_status: = 3
Can directly adjust the value of this selinux_status is 2, is not directly set to 1:disabled, which will cause the generated file can not be correctly labeled, resulting in the re-set to enforcing, unpredictable situation occurs. Note that in the L version, Google requires mandatory enforcing mode, the previous settings are only for Userdebug, eng version is valid, if the user version is valid, need to modify system/core/init/android.mk new
Ifeq ($ (Strip $ (target_build_variant)), user)
Local_cflags + =-dallow_disable_selinux=1
endif
It is important to note that Google requires mandatory selinux enforcing Mode, and if you turn it off, you will not be able to pass Google CTS.
[Related FAQs]
[FAQ11486] How do I set the SELinux policy rules? What to do with "avc:denied" in kernel Log http://blog.csdn.net/lei1217/article/details/48377555
[FAQ11485] Permissions (Permission denied) question how to confirm that the SELinux constraint is causing the http://blog.csdn.net/lei1217/article/details/48377575
[FAQ11483] How to quickly debug the SELinux Policy issue http://blog.csdn.net/lei1217/article/details/48377131 copyright notice: This article is the original blog article, Not reproduced without the permission of the blogger.
How to set the Confirm SELinux mode "Go"