Allow kernel domain, not init domain, to set SELinux enforcing mode. (fea6e66f) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit fea6e66f authored 11 years ago by Stephen Smalley

Allow kernel domain, not init domain, to set SELinux enforcing mode.

As per the discussion in:
https://android-review.googlesource.com/#/c/71184/



init sets the enforcing mode in its code prior to switching to
the init domain via a setcon command in the init.rc file.  Hence,
the setenforce permission is checked while still running in the
kernel domain.  Further, as init has no reason to ever set the
enforcing mode again, we do not need to allow setenforce to the
init domain and this prevents reverting to permissive
mode via an errant write by init later.  We could technically
dontaudit the kernel setenforce access instead since the first
call to setenforce happens while still permissive (and thus we
never need to allow it in policy) but we allow it to more accurately
represent what is possible.

Change-Id: I70b5e6d8c99e0566145b9c8df863cc8a34019284
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

parent 9e8b8d9f

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 15 additions and 3 deletions

Please register or to comment