On 06/19/2016 07:16 PM, Taeho Kgil wrote: > Hi SELinux community, > > I'm relatively new to this mailing list and not sure if this is the > appropriate place to raise this question. > > I am trying to see if we can selectively assign policies to permissive > and enforcement. Is this a possible capability available today?
Yes, SELinux permissive domains allow you to do this. On Linux distributions, you can configure specific domains to be permissive via the semanage permissive command, see: https://selinuxproject.org/page/PermissiveDomainRecipe On Android, you can achieve the same effect by adding a permissive declaration for the domain to the corresponding .te file under external/sepolicy (or system/sepolicy in master) or your device/<vendor>/<product>/sepolicy directory, and then rebuilding your image. Of course, for your final production image, there must not be any permissive domains, or it will fail the CTS. _______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
