I need to stop SE Linux from enforcing, from the earliest possible time in the Android boot sequence.
I had read that a kernel parameter of "selinux=0" would stop this. It doesn't:
smarc_mx8mq:/ # cat /proc/cmdline
selinux=0 console=ttymxc2,115200 earlycon=imxuart,0x30880000,115200 init=/init video=HDMI-A-1:1080x1920-32@60 androidboot.console=ttymxc0 androidboot.hardware=freescale androidboot.fbTileSupport=enable cma=1280M androidboot.primary_display=imx-drm firmware_class.path=/vendor/firmware transparent_hugepage=never loop.max_part=7 buildvariant=eng ...
smarc_mx8mq:/ # getenforce
Enforcing
What can I do to absolutely stop SE Linux from enforcing from the start of the boot sequence? (I can have root shell access and I can change the kernel config or any other part of the AOSP build.)
What can I do to absolutely stop SE Linux from enforcing from the start of the boot sequence? (I can have root shell access and I can change the kernel config or any other part of the AOSP build.)
I turn off selinux in BoardConfig.mk by setting:
BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive
Then after building and target flashingcat /proc/cmdline shows androidboot.selinux=permissive:
hikey960:/ # cat /proc/cmdline
androidboot.hardware=hikey960 firmware_class.path=/vendor/firmware loglevel=15 efi=noruntime
overlay_mgr.overlay_dt_entry=hardware_cfg_enable_android_fstab androidboot.selinux=permissive