emulator: Add option to control SELinux enforcement. This change adds the following command line options to the emulator: -selinux disabled -selinux permissive This configures SELinux in either permissive or disabled modes. "disabled" completely disables userspace support for SELinux. No policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux ever mounted. "permissive" loads the SELinux policy, but puts SELinux into permissive mode. SELinux policy violations are logged, but not rejected. Change-Id: I97974deb5b39d5caab36032e8b282281c1e478ea

commit: 185231afe57ba2ed56bb7c77a39ce8bbd64d38d1 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Mon Oct 07 13:54:31 2013 -0700
committer: Nick Kralevich <nnk@google.com> Mon Oct 07 14:16:51 2013 -0700
tree: f7d0f5c08bfe640926d7a71ae68d1edaed0a6b02
parent: 4c8845bf44d4844a08e0a8806d56ea8cc74060fa [diff] [blame]
diff --git a/android/help.c b/android/help.c
index 0a9eed8..e5d3e49 100644
--- a/android/help.c
+++ b/android/help.c

@@ -1526,6 +1526,18 @@
 }
 
 static void
+help_selinux(stralloc_t* out)
+{
+    PRINTF(
+    "  Use -selinux to control the SELinux enforcement mode.\n"
+    "  By default, SELinux is in enforcing mode. Other modes available are:\n"
+    "     -selinux permissive   -> Load the SELinux policy, but do not enforce it.\n"
+    "                              Policy violations are logged, but not rejected.\n"
+    "     -selinux disabled     -> Disable kernel support for SELinux.\n"
+    );
+}
+
+static void
 help_force_32bit(stralloc_t* out)
 {
     PRINTF(
commit	185231afe57ba2ed56bb7c77a39ce8bbd64d38d1	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Mon Oct 07 13:54:31 2013 -0700
committer	Nick Kralevich <nnk@google.com>	Mon Oct 07 14:16:51 2013 -0700
tree	f7d0f5c08bfe640926d7a71ae68d1edaed0a6b02
parent	4c8845bf44d4844a08e0a8806d56ea8cc74060fa [diff] [blame]