diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2012-11-14 12:59:41 -0500 |
|---|---|---|
| committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-07-18 20:38:39 +0100 |
| commit | f97984a242911f927e32b7404f0effe4e08c4f7a (patch) | |
| tree | c9fe96e2ee5de15d3315a0cfa345c6aaca95ffb5 | |
| parent | 7cee87317b2265e9785a4842b2fdd735ce9be8b6 (diff) | |
| download | system_core-f97984a242911f927e32b7404f0effe4e08c4f7a.zip system_core-f97984a242911f927e32b7404f0effe4e08c4f7a.tar.gz system_core-f97984a242911f927e32b7404f0effe4e08c4f7a.tar.bz2 | |
Allow system UID to setenforce and set booleans for SELinux.
Allow system UID to setenforce and set booleans for SELinux.
Boolean ownerships must also be reset upon policy reload as
the boolean files in selinuxfs are regenerated to match the new policy.
| -rw-r--r-- | rootdir/init.rc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index 1fab7b7..8a072d5 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -25,6 +25,14 @@ on early-init # Create mountpoint so Dalvik can mark as slave in zygotes. mount tmpfs tmpfs /storage mode=0050,uid=0,gid=1028 + # Allow system UID to setenforce and set booleans. + chown system system /selinux/enforce + chown system system /sys/fs/selinux/enforce + chown -R system system /selinux/booleans + chown -R system system /sys/fs/selinux/booleans + chown system system /selinux/commit_pending_bools + chown system system /sys/fs/selinux/commit_pending_bools + on init sysclktz 0 @@ -432,6 +440,8 @@ service ueventd /sbin/ueventd on property:selinux.reload_policy=1 restart ueventd restart installd + chown -R system system /selinux/booleans + chown -R system system /sys/fs/selinux/booleans service console /system/bin/sh class core |