How to completely disable SELinux in Android L in the init.rc file?
Solution 1
After
setenforce 0
the enforce attribute will be Permissive imeddiately.
Solution 2
Instead of putting in init.rc you can make it permissive by adding some parameters to kernel command line (BOARD_KERNEL_CMDLINE)
Ex: Add enforcing=0 androidboot.selinux=permissive
in device/<manufacturer>/<target>/BoardConfig.mk
Solution 3
Well I guess you could create a new domain policy for your "my_daemon". For example, you can create mydomain.te file at device/manufacturer/device-name/sepolicy/ of your AOSP, with the following contents,
# mydomain policy here
type mydomain, domain;
permissive mydomain;
type mydomain_exec, exec_type, file_type;
init_daemon_domain(mydomain)
Now Add the following line to device/manufacturer/device-name/sepolicy/file_contexts:
/system/bin/my_daemon u:object_r:mydomain_exec:s0
Here is your init.rc file:
service my_daemon /system/bin/my_daemon
class core
So the good thing here is that only mydomain will be permissive and rest of the system will be enforcing, thus you can have your daemon running without any problems and still maintaining the system security.
![Redson](https://i.stack.imgur.com/hCVT2.jpg?s=256&g=1)
Comments
-
Redson almost 4 years
I want to disable SELinux at boot time for Android L or 5. The reason is because my daemon is not begin executed on boot when it should due to SELinux problems. I have the following in my init.rc file:
su 0 setenforce 0 service my_daemon /system/bin/my_daemon class main # Also tried: class core (but it didn't make a difference) user root group root
However, on boot, I use adb shell to check if SELinux is disabled (using
getenforce
) and it returnsEnforcing
. I want SELinux to be completely disabled on boot. If not completely disabled then at leastPermissive
.Any suggestions?