On 01/03/2013 12:38 PM, Alice Chu wrote:
Hello,Does anyone know where in init.rc is the best place to setenforce to 1? We want to set enforcement mode. Here is what we observed: (1) If setenforce is not set in init.rc, when phone is up, enable enforcement mode via SEManager->Enforcing Mode->SELinux Mode checked, then reboot, the phone reboots successfully and eventually reaches idle screen. The phone functions properly. (2) If adding "setenforce 1" to the beginning section of init.rc (around line #20 of init.rc), the phone will keep rebooting. Occasionally it reaches the Welcome screen, but as soon as the Start button is pressed, it reboots. I was told it was modem crash, but I'm unable to get more info because on my phone the adb is not working. The phone is completely offline. I am unable to get logcat, dmesg, kmsg, etc. (3) If adding "setenforce 1" to the bottom of "on boot" section of init.rc, the phone boots normally and it works as (1). So my question is: Where in init.rc (which section) is the best place to have "setenforce 1" without compromising security and having a functioning phone? I do not find the example from AOSP master branch's init.rc, so I am posting the question here. Thank you very much for the help! Alice Chu
Ideally you would do it from the early-init section, prior to starting any services.
-- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
