am 1a1abe51: am f67e0ef3: Merge "Revisit kernel setenforce"

* commit '1a1abe51': Revisit kernel setenforce

am 1a1abe51: am f67e0ef3: Merge "Revisit kernel setenforce"
* commit '1a1abe51': Revisit kernel setenforce
24f18d69 · Nick Kralevich · Android Git Automerger · d0313c12 · 1a1abe51 · 24f18d69
Commit 24f18d69 authored 10 years ago by Nick Kralevich Committed by Android Git Automerger 10 years ago
--- a/domain.te
+++ b/domain.te
@@ -169,7 +169,8 @@ neverallow { domain -init } kernel:security load_policy;
 # init starts in kernel domain and switches to init domain via setcon in
 # the init.rc, so the setenforce occurs while still in kernel. After
 # switching domains, there is never any need to setenforce again by init.
-neverallow { domain -kernel } kernel:security { setenforce setcheckreqprot };
+neverallow domain kernel:security setenforce;
+neverallow { domain -kernel } kernel:security setcheckreqprot;

 # No booleans in AOSP policy, so no need to ever set them.
 neverallow domain kernel:security setbool;

--- a/kernel.te
+++ b/kernel.te
@@ -11,7 +11,9 @@ allow kernel unlabeled:filesystem mount;
 allow kernel fs_type:filesystem *;

 # Initial setenforce by init prior to switching to init domain.
-allow kernel self:security setenforce;
+# We use dontaudit instead of allow to prevent a kernel spawned userspace
+# process from turning off SELinux once enabled.
+dontaudit kernel self:security setenforce;

 # Set checkreqprot by init.rc prior to switching to init domain.
 allow kernel self:security setcheckreqprot;