Hello,
Does anyone know where in init.rc is the best place to setenforce to 1?
We want to set enforcement mode. Here is what we observed:
(1) If setenforce is not set in init.rc, when phone is up, enable
enforcement mode via SEManager->Enforcing Mode->SELinux Mode checked, then
reboot, the phone reboots successfully and eventually reaches idle screen. The
phone functions properly.
(2) If adding "setenforce 1" to the beginning section of init.rc (around
line #20 of init.rc), the phone will keep rebooting. Occasionally it reaches
the Welcome screen, but as soon as the Start button is pressed, it reboots.
I was told it was modem crash, but I'm unable to get more info because
on my phone the adb is not working. The phone is completely offline. I am
unable to get logcat, dmesg, kmsg, etc.
(3) If adding "setenforce 1" to the bottom of "on boot" section of init.rc,
the phone boots normally and it works as (1).
So my question is:
Where in init.rc (which section) is the best place to have "setenforce 1"
without compromising security and having a functioning phone?
I do not find the example from AOSP master branch's init.rc, so I am posting
the question here.
Thank you very much for the help!
Alice Chu
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
