修改文件:
vivian@vivian-OptiPlex-9020:~/workspace/keeper2/code/system/core$ git status .
Not currently on any branch.
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git checkout -- <file>..." to discard changes in working directory)
modified: init/selinux.cpp
modified: init/service.cpp
修改内容:
selinux.cpp
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 0ba5c4a..748c15b 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -76,7 +76,7 @@ selabel_handle* sehandle = nullptr;
enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING };
EnforcingStatus StatusFromCmdline() {
- EnforcingStatus status = SELINUX_ENFORCING;
+ EnforcingStatus status = SELINUX_PERMISSIVE;
import_kernel_cmdline(false,
[&](const std::string& key, const std::string& value, bool in_qemu) {
Service.cpp
diff --git a/init/service.cpp b/init/service.cpp
index 37d3a88..dee6cc7 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -90,11 +90,13 @@ static Result<std::string> ComputeContextFromExecutable(const std::string& servi
free(new_con);
}
if (rc == 0 && computed_context == mycon.get()) {
- return Error() << "File " << service_path << "(labeled \"" << filecon.get()
+ std::ostringstream file_label_err;
+ file_label_err << "File " << service_path << "(labeled \"" << filecon.get()
<< "\") has incorrect label or no domain transition from " << mycon.get()
<< " to another SELinux domain defined. Have you configured your "
"service correctly? https://source.android.com/security/selinux/"
"device-policy#label_new_services_and_address_denials";
+ //return Error() << file_label_err.str();
}
if (rc < 0) {
return Error() << "Could not get process context";
网友评论