Something went wrong on our end
-
Nick Kralevich authoredIt's a CTS requirement that all SELinux domains be in enforcing mode. Add the same assertion to the build system when targeting user builds. In particular, this avoids a situation where device integrity checking is enabled on user builds, but permissive denials are being generated, causing the device to unexpectedly reboot into safe mode. A developer wanting to put an SELinux domain into permissive mode for userdebug/eng purposes can write the following in their policy: userdebug_or_eng(` permissive foo; ') Bug: 26902605 Bug: 27313768 Change-Id: Ic0971d9e96a28f2a98f9d56a547661d24fb81a21Nick Kralevich authoredIt's a CTS requirement that all SELinux domains be in enforcing mode. Add the same assertion to the build system when targeting user builds. In particular, this avoids a situation where device integrity checking is enabled on user builds, but permissive denials are being generated, causing the device to unexpectedly reboot into safe mode. A developer wanting to put an SELinux domain into permissive mode for userdebug/eng purposes can write the following in their policy: userdebug_or_eng(` permissive foo; ') Bug: 26902605 Bug: 27313768 Change-Id: Ic0971d9e96a28f2a98f9d56a547661d24fb81a21