Only allow disabling SELinux on userdebug / eng builds
Only parse and honor the kernel command line on userdebug
or eng builds. On user builds, assume that selinux is always enabled
and enforcing.
Change-Id: I71c66e4365bdf2f226800634126a38b716d96599
diff --git a/init/Android.mk b/init/Android.mk
index 15a23be..489dc93 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -25,7 +25,7 @@
endif
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
-LOCAL_CFLAGS += -DALLOW_LOCAL_PROP_OVERRIDE=1
+LOCAL_CFLAGS += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_DISABLE_SELINUX=1
endif
# Enable ueventd logging
diff --git a/init/init.c b/init/init.c
index 7ba25dc..c79929b 100644
--- a/init/init.c
+++ b/init/init.c
@@ -868,6 +868,7 @@
static bool selinux_is_disabled(void)
{
+#ifdef ALLOW_DISABLE_SELINUX
char tmp[PROP_VALUE_MAX];
if (access("/sys/fs/selinux", F_OK) != 0) {
@@ -881,12 +882,14 @@
/* SELinux is compiled into the kernel, but we've been told to disable it. */
return true;
}
+#endif
return false;
}
static bool selinux_is_enforcing(void)
{
+#ifdef ALLOW_DISABLE_SELINUX
char tmp[PROP_VALUE_MAX];
if (property_get("ro.boot.selinux", tmp) == 0) {
@@ -903,6 +906,7 @@
ERROR("SELinux: Unknown value of ro.boot.selinux. Got: \"%s\". Assuming enforcing.\n", tmp);
}
+#endif
return true;
}
