From: Chih-Wei Huang <cwhuang@linux.org.tw>
Date: Thu, 25 Aug 2016 17:43:36 +0000 (+0800)
Subject: Enable SELinux permissive mode
X-Git-Tag: android-x86-7.1-r1~48
X-Git-Url: http://git.osdn.net/view?p=android-x86%2Fdevice-generic-common.git;a=commitdiff_plain;h=9c64ea75860c945f9432eac9e013f0c291d9d4f6

Enable SELinux permissive mode

SELinux can't be disabled in Android 7.0. Before we completely
define our sepolicy, we can only run the permissive mode.
---

diff --git a/BoardConfig.mk b/BoardConfig.mk
index 3af2dd3..84e83bf 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -77,7 +77,8 @@ TARGET_HARDWARE_3D := true
 BOARD_EGL_CFG ?= device/generic/common/gpu/egl_mesa.cfg
 endif
 
-BOARD_KERNEL_CMDLINE := root=/dev/ram0 androidboot.hardware=$(TARGET_PRODUCT)
+BOARD_KERNEL_CMDLINE := root=/dev/ram0 androidboot.hardware=$(TARGET_PRODUCT) androidboot.selinux=permissive
+TARGET_KERNEL_DIFFCONFIG := device/generic/common/selinux_diffconfig
 
 COMPATIBILITY_ENHANCEMENT_PACKAGE := true
 PRC_COMPATIBILITY_PACKAGE := true
diff --git a/selinux_diffconfig b/selinux_diffconfig
new file mode 100644
index 0000000..807ed71
--- /dev/null
+++ b/selinux_diffconfig
@@ -0,0 +1,7 @@
+CONFIG_SECURITY_PATH=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_DEFAULT_SECURITY_SELINUX=y
+# CONFIG_DEFAULT_SECURITY_DAC is not set
+CONFIG_DEFAULT_SECURITY="selinux"