[android]MT6835 Android 關閉selinux方法

Selinux

? ? ? ?SELinux is an optional feature of the Linux kernel that provides support to enforce access control security policies to enforce MAC. It is based on the LSM framework.

Working with SELinux on Android – LineageOS

Android 關閉selinux

? ? ? MT6835 Android系統默認是開啟selinux的，由于selinux限制比較多，所以需要關閉selinux

MT6835 關閉SeLinux方法

軟件代碼直接關閉

target/system/core/init/selinux.cpp

將

bool IsEnforcing() {if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromProperty() == SELINUX_ENFORCING;}return true;
}

修改為

bool IsEnforcing() {/*if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromProperty() == SELINUX_ENFORCING;}*/return false;
}

?mssi/system/core/init/selinux.cpp

將

bool IsEnforcing() {if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromProperty() == SELINUX_ENFORCING;}return true;
}

修改為

bool IsEnforcing() {/*if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromProperty() == SELINUX_ENFORCING;}*/return false;
}

內核配置啟動參數

修改BOARD_KERNEL_CMDLINE增加androidboot.selinux = permissive

查看

./target/build/make/core/board_config.mk

_board_strip_readonly_list += BOARD_KERNEL_CMDLINE
INTERNAL_KERNEL_CMDLINE:= $(BOARD_KERNEL_CMDLINE)

發現BOARD_KERNEL_CMDLINE最終賦值給到INTERNAL_KERNEL_CMDLINE

所以我們只需要修改INTERNAL_KERNEL_CMDLINE接口

修改方法

./target/build/make/core/config.mk

將


ifneq ($(BOARD_SUPER_PARTITION_METADATA_DEVICE),super)
INTERNAL_KERNEL_CMDLINE += androidboot.super_partition=$(BOARD_SUPER_PARTITION_METADATA_DEVICE)
endif

修改為


ifneq ($(BOARD_SUPER_PARTITION_METADATA_DEVICE),super)
INTERNAL_KERNEL_CMDLINE += androidboot.super_partition=$(BOARD_SUPER_PARTITION_METADATA_DEVICE)
endif
INTERNAL_KERNEL_CMDLINE += androidboot.selinux = permissive

./mssi/build/make/core/config.mk

將


# The metadata device must be supplied to init via the kernel command-line.
INTERNAL_KERNEL_CMDLINE += androidboot.super_partition=$(BOARD_SUPER_PARTITION_METADATA_DEVICE)

修改為


# The metadata device must be supplied to init via the kernel command-line.
INTERNAL_KERNEL_CMDLINE += androidboot.selinux = permissive
INTERNAL_KERNEL_CMDLINE += androidboot.super_partition=$(BOARD_SUPER_PARTITION_METADATA_DEVICE)

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/pingmian/79103.shtml
繁體地址，請注明出處：http://hk.pswp.cn/pingmian/79103.shtml
英文地址，請注明出處：http://en.pswp.cn/pingmian/79103.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！