Hi Stephen, Thanks for the reply. It was at the "early-init" section, but that did not work and no debugging info could be obtained. So for now it is settled at the beginning of the "on boot" section. Once the system is more stable, I will re-visit this.
Thank you very much! Alice ________________________________________ From: Stephen Smalley [[email protected]] Sent: Thursday, January 03, 2013 9:44 AM To: Alice Chu Cc: [email protected]; Sung-Whan Moon; [email protected]; [email protected]; William Roberts; Kalyan Desineni; Jinlin Xu Subject: Re: init.rc setenforce question On 01/03/2013 12:38 PM, Alice Chu wrote: > Hello, > > Does anyone know where in init.rc is the best place to setenforce to 1? > > We want to set enforcement mode. Here is what we observed: > (1) If setenforce is not set in init.rc, when phone is up, enable > enforcement mode via SEManager->Enforcing Mode->SELinux Mode checked, then > reboot, the phone reboots successfully and eventually reaches idle screen. > The phone functions properly. > > (2) If adding "setenforce 1" to the beginning section of init.rc (around > line #20 of init.rc), the phone will keep rebooting. Occasionally it reaches > the Welcome screen, but as soon as the Start button is pressed, it reboots. > I was told it was modem crash, but I'm unable to get more info > because on my phone the adb is not working. The phone is completely offline. > I am unable to get logcat, dmesg, kmsg, etc. > > (3) If adding "setenforce 1" to the bottom of "on boot" section of > init.rc, the phone boots normally and it works as (1). > > So my question is: > Where in init.rc (which section) is the best place to have "setenforce > 1" without compromising security and having a functioning phone? > > I do not find the example from AOSP master branch's init.rc, so I am posting > the question here. > > Thank you very much for the help! > Alice Chu Ideally you would do it from the early-init section, prior to starting any services. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
