From b1d81645b3289cf88872e2121f53c89b8eeb161e Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 8 Nov 2013 15:44:30 -0800
Subject: [PATCH] Make kernel / init enforcing

Start running in enforcing mode for kernel / init.
This should be mostly a no-op, as the kernel / init
is in the unconfined domain.

Change-Id: I8273d936c9a4eecb50b78ae93490a4dd52f59eb6
---
 init.te   | 1 -
 kernel.te | 1 -
 2 files changed, 2 deletions(-)

diff --git a/init.te b/init.te
index 9be5955dd..6f2f47fab 100644
--- a/init.te
+++ b/init.te
@@ -1,6 +1,5 @@
 # init switches to init domain (via init.rc).
 type init, domain;
-permissive init;
 # init is unconfined.
 unconfined_domain(init)
 tmpfs_domain(init)
diff --git a/kernel.te b/kernel.te
index e313587b8..d1c1b7f82 100644
--- a/kernel.te
+++ b/kernel.te
@@ -1,6 +1,5 @@
 # Life begins with the kernel.
 type kernel, domain;
-permissive kernel;
 # The kernel is unconfined.
 unconfined_domain(kernel)
 relabelto_domain(kernel)
-- 
GitLab