enable SELinux for hikey
2 types remaining avc denials are mentioned here:
1. init domain on android0 file
https://android-review.googlesource.com/#/c/239530/
2. sys_module denial on netd domain
https://android-review.googlesource.com/#/c/239514/
Change-Id: I2623742ea10261908b1ab3ed7f999c5b8a8a6fb7
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
diff --git a/BoardConfig.mk b/BoardConfig.mk
index 3ddabef..c63226a 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -30,7 +30,7 @@
BOARD_HOSTAPD_DRIVER := NL80211
CONFIG_DRIVER_NL80211 := y
-BOARD_KERNEL_CMDLINE := console=ttyFIQ0 androidboot.console=ttyFIQ0 androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime androidboot.selinux=permissive
+BOARD_KERNEL_CMDLINE := console=ttyFIQ0 androidboot.console=ttyFIQ0 androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime
TARGET_NO_BOOTLOADER := true
TARGET_NO_KERNEL := false
diff --git a/bootloader/EFI/BOOT/grub.cfg b/bootloader/EFI/BOOT/grub.cfg
index 093f1be..95c7dcc 100644
--- a/bootloader/EFI/BOOT/grub.cfg
+++ b/bootloader/EFI/BOOT/grub.cfg
@@ -3,35 +3,35 @@
menuentry 'AOSP' {
search.fs_label boot root
set root=($root)
- linux /Image console=ttyFIQ0 androidboot.console=ttyFIQ0 androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime androidboot.selinux=permissive
+ linux /Image console=ttyFIQ0 androidboot.console=ttyFIQ0 androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime
initrd /ramdisk.img
devicetree /hi6220-hikey.dtb
}
menuentry 'AOSP-DEBUG' {
search.fs_label boot root
set root=($root)
- linux /Image earlycon=pl011,0xf7113000 no_console_suspend=1 console=ttyFIQ0 androidboot.console=ttyFIQ0 sysrq_always_enabled androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime androidboot.selinux=permissive
+ linux /Image earlycon=pl011,0xf7113000 no_console_suspend=1 console=ttyFIQ0 androidboot.console=ttyFIQ0 sysrq_always_enabled androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime
initrd /ramdisk.img
devicetree /hi6220-hikey.dtb
}
menuentry 'AOSP-CONSOLE' {
search.fs_label boot root
set root=($root)
- linux /Image console=ttyAMA3,115200 androidboot.console=ttyAMA3 fiq_debugger.disable=Y androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime androidboot.selinux=permissive
+ linux /Image console=ttyAMA3,115200 androidboot.console=ttyAMA3 fiq_debugger.disable=Y androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime
initrd /ramdisk.img
devicetree /hi6220-hikey.dtb
}
menuentry 'AOSP@720P' {
search.fs_label boot root
set root=($root)
- linux /Image console=ttyFIQ0 androidboot.console=ttyFIQ0 androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime video=HDMI-A-1:1280x720@60 androidboot.selinux=permissive
+ linux /Image console=ttyFIQ0 androidboot.console=ttyFIQ0 androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime video=HDMI-A-1:1280x720@60
initrd /ramdisk.img
devicetree /hi6220-hikey.dtb
}
menuentry 'AOSP@SVGA' {
search.fs_label boot root
set root=($root)
- linux /Image console=ttyFIQ0 androidboot.console=ttyFIQ0 androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime video=HDMI-A-1:800x600@60 androidboot.selinux=permissive
+ linux /Image console=ttyFIQ0 androidboot.console=ttyFIQ0 androidboot.hardware=hikey firmware_class.path=/system/etc/firmware efi=noruntime video=HDMI-A-1:800x600@60
initrd /ramdisk.img
devicetree /hi6220-hikey.dtb
}