I'm Qualcomm platform developer;
How can we disable/remove SELinux feature from software image during compiling? In a word,I need remove the SELinux feature from android
BTW:
set setenforce 0 or set getenforce works well;
Asked
Active
Viewed 3,739 times
1
MiguelHincapieC
- 5,445
- 7
- 41
- 72
caopeng
- 914
- 13
- 23
-
`mv Android.mk Android.mk.bak `(external/libselinux/), than, **make -j16**; **unfortunately** an error occur **make: *** No rule to make target `NOTICE-HOST-STATIC_LIBRARIES-libselinux', needed by `out/host/linux-x86/bin/fastboot'. Stop** – caopeng Oct 30 '15 at 02:23
-
By remove, do you mean remove and enable it again after you compile your software, I hope? Something like this might work assuming you have root: ' su printf '\x00' | su -c dd of=/dev/kmem seek=$( printf '%d\n' '0x'`cat /proc/kallsyms | grep ".*\ selinux\_enforcing" | cut -f 1 -d " "` ) bs=1 count=1 conv=notrunc' or see this.. not sure what exactly you're trying to do. http://forum.xda-developers.com/showthread.php?t=2765353 – Chev_603 Oct 30 '15 at 02:27
-
@Chev_603 ,I mean remove the SELinux feature(remove); NOT enable it again. – caopeng Oct 30 '15 at 03:43
-
You can disable it in the kernel. It's just like any other linux kernel. See this thead too: https://stackoverflow.com/questions/30998343/how-to-set-selinux-to-0-or-permissive-mode-in-android-4-4-4-and-above – Chev_603 Oct 30 '15 at 03:46
-
And certaintly you can set it to permissive as an alternative. I mean, is that an option? – Chev_603 Oct 30 '15 at 03:50
1 Answers
3
Rebuild the kernel with CONFIG_SECURITY_SELINUX=n. This is found in the kernel defconfig for your platform.
For example, to completely disable SELinux in the hammerhead (Nexus 5) kernel, change arch/arm/configs/hammerhead_defconfig per above and rebuild the kernel. Include this new kernel in your boot image and the result will be a device without any SELinux support at all. getenforce will return Disabled.
Paul Ratazzi
- 6,289
- 3
- 38
- 50