emulator: Add option to control SELinux enforcement.
This change adds the following command line
options to the emulator:
-selinux disabled
-selinux permissive
This configures SELinux in either permissive or disabled modes.
"disabled" completely disables userspace support for SELinux. No
policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux
ever mounted.
"permissive" loads the SELinux policy, but puts SELinux into
permissive mode. SELinux policy violations are logged, but not rejected.
Change-Id: I97974deb5b39d5caab36032e8b282281c1e478ea
diff --git a/android/main.c b/android/main.c
index f980d27..332183a 100644
--- a/android/main.c
+++ b/android/main.c
@@ -913,6 +913,14 @@
args[n++] = opts->gps;
}
+ if (opts->selinux) {
+ if ((strcmp(opts->selinux, "permissive") != 0)
+ && (strcmp(opts->selinux, "disabled") != 0)) {
+ derror("-selinux must be \"disabled\" or \"permissive\"");
+ exit(1);
+ }
+ }
+
if (opts->memory) {
char* end;
long ramSize = strtol(opts->memory, &end, 0);
@@ -1044,6 +1052,10 @@
p = bufprint(p, end, " androidboot.bootchart=%s", opts->bootchart);
}
+ if (opts->selinux) {
+ p = bufprint(p, end, " androidboot.selinux=%s", opts->selinux);
+ }
+
if (p >= end) {
fprintf(stderr, "### ERROR: kernel parameters too long\n");
exit(1);