From c51e44420ddb3025e5bb118f0c50ed159d2de685 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 23 May 2014 09:12:59 -0700
Subject: [PATCH] DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true

Force any experimental SELinux domains (ones tagged with
"permissive_or_unconfined") into unconfined. This flag is
intended to be flipped when we're preparing a release,
to eliminate inconsistencies between user and userdebug devices,
and to ensure that we're enforcing a minimal set of rules for all
SELinux domains.

Without this change, our user builds will behave differently than
userdebug builds, complicating testing.

Change-Id: Ia43d185638336e545a7556c3a0ddf0f34e053706
---
 Android.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Android.mk b/Android.mk
index 10b3ca3d9..5daeea904 100644
--- a/Android.mk
+++ b/Android.mk
@@ -11,7 +11,7 @@ include $(CLEAR_VARS)
 # is frozen, we should flip this to true. This forces any currently
 # permissive domains into unconfined+enforcing.
 #
-FORCE_PERMISSIVE_TO_UNCONFINED:=false
+FORCE_PERMISSIVE_TO_UNCONFINED:=true
 
 ifeq ($(TARGET_BUILD_VARIANT),user)
   # User builds are always forced unconfined+enforcing
-- 
GitLab