From 2aa727e3f01f814384bd4a49281c7c39cf562ff6 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 14 Jul 2014 09:15:08 -0700
Subject: [PATCH] DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true

Force any experimental SELinux domains (ones tagged with
"permissive_or_unconfined") into unconfined. This flag is
intended to be flipped when we're preparing a release,
to eliminate inconsistencies between user and userdebug devices,
and to ensure that we're enforcing a minimal set of rules for all
SELinux domains.

Without this change, our user builds will behave differently than
userdebug builds, complicating testing.

Change-Id: I52fd5fbe30a7f52f1143f176915ce55fb6a33f87
---
 Android.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Android.mk b/Android.mk
index 1163477a7..62538e731 100644
--- a/Android.mk
+++ b/Android.mk
@@ -11,7 +11,7 @@ include $(CLEAR_VARS)
 # is frozen, we should flip this to true. This forces any currently
 # permissive domains into unconfined+enforcing.
 #
-FORCE_PERMISSIVE_TO_UNCONFINED:=false
+FORCE_PERMISSIVE_TO_UNCONFINED:=true
 
 ifeq ($(TARGET_BUILD_VARIANT),user)
   # User builds are always forced unconfined+enforcing
-- 
GitLab