Android Customizing SePolicy: Difference between revisions

From Variscite Wiki
No edit summary
No edit summary
Line 1: Line 1:
<!-- Set release according to "release" parameter in URL and use RELEASE_P9.0.0_1.0.0_GA_DART-MX8M-MINI as default
--> {{#vardefine:RELEASE_PARAM|{{#urlget:release}}}} <!--
--> {{#lst:Android_Platform_Customization|{{#var:RELEASE_PARAM|RELEASE_P9.0.0_1.0.0_GA_DART-MX8M-MINI}}}} <!--
=Overview=
=Overview=
Selinux is the Security Enhanced Linux concept to enhance the Android Security and have the controlled access to the files.<br>
Selinux is the Security Enhanced Linux concept to enhance the Android Security and have the controlled access to the files.<br>
Line 21: Line 25:
==Setting the permission in Boot image==
==Setting the permission in Boot image==
===Edit U-Boot command line arguments===
===Edit U-Boot command line arguments===
https://github.com/varigit/uboot-imx/blob/imx_v2017.03_4.9.11_1.0.0_ga_var01/include/configs/mx6var_som_android.h#L42
https://github.com/varigit/uboot-imx/blob/{{#var:U-BOOT_BRANCH}}/{{#var:U-BOOT_ANDROID_CONFIG_FILE}}
Change following macro <br>
Change following macro <br>


  #define CONFIG_EXTRA_ENV_SETTINGS \
  #define CONFIG_EXTRA_ENV_SETTINGS \
BOOT_ENV_SETTINGS \
HW_ENV_SETTINGS \
VIDEO_ENV_SETTINGS \
"splashpos=m,m\0" \
"fdt_high=0xffffffff\0" \
"initrd_high=0xffffffff\0" \
  "bootargs=" \
  "bootargs=" \
"console=ttymxc0,115200 " \
.......
"init=/init " \
        ....\0"  
"vmalloc=128M " \
And append "androidboot.selinux=permissive\0" to the kernel
"androidboot.console=ttymxc0 " \
"consoleblank=0 " \
"cma=448M " \
"firmware_class.path=/system/etc/firmware\0"
To


  #define CONFIG_EXTRA_ENV_SETTINGS \
  #define CONFIG_EXTRA_ENV_SETTINGS \
BOOT_ENV_SETTINGS \
HW_ENV_SETTINGS \
VIDEO_ENV_SETTINGS \
"splashpos=m,m\0" \
"fdt_high=0xffffffff\0" \
"initrd_high=0xffffffff\0" \
  "bootargs=" \
  "bootargs=" \
"console=ttymxc0,115200 " \
.......
"init=/init " \
        androidboot.selinux=permissive\0"
"vmalloc=128M " \
"androidboot.console=ttymxc0 " \
"consoleblank=0 " \
"cma=448M " \
"firmware_class.path=/system/etc/firmware androidboot.selinux=permissive\0"


===Compile U-Boot===
===Compile U-Boot===
Compile the new U-Boot following {{Varlink|Android Customizing U-Boot|{{#var:RELEASE_LINK}}|Customizing U-Boot}}
Compile the new U-Boot  


===Update U-Boot===
===Update U-Boot===
Flash the binaries following {{Varlink|Android Flash Burning|{{#var:RELEASE_LINK}}|Burning Android binaries to flash/eMMC via SD card}}
Flash the binaries following {{Varlink|Android_Recovery_SD_card|{{#var:RELEASE_LINK}}|Android Recovery SD card}} and replacing your binaries in /opt/images/Android/


The updated U-Boot should have the SeLinux in permissive mode.
The updated U-Boot should have the SeLinux in permissive mode.

Revision as of 03:59, 3 January 2020