How to completely disable SELinux in Android L in the init.rc file?
the enforce attribute will be Permissive imeddiately.
How to completely disable selinux policy check while building AOSP?
Don't set BOARD_SEPOLICY_DIRS in your device config. So your private sepolicy will not be compiled.
Disabling SELinux in Android 5.0.1
There are two ways that enforcing mode is set. On user builds, it will always be in enforcing. On eng or userdebug, you can control it. You can control it in the standard selinux way, by setting enforcing=1/0 on the kernel command line as outlined in Dan Walsh's blog:
The Android centric way is to set the kernel command line to androidboot.selinux=permissive
You can control the kernel command line by editing your BoardConfig.mk and adding this:
BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive
The Android centric way is enforced by init, if you look in system/core/init/init.cpp look at the selinux_initialize() routine that is called from main().
How to set SELinux to 0 or permissive mode in android 4.4.4 and above?
Apparently Google has removed the
CONFIG_SECURITY_SELINUX_DEVELOP kernel flag from many of their Stock kernels. Thus the standard trick mentioned by William (below) probably doesn't work. An example of these devices is the Samsung Note 4 (SM-N910F) running AOS 4.4.4.
The link above states:
CONFIG_SECURITY_SELINUX_DEVELOP aka global permissive mode, is useful for
when you are first developing device-specific policy for a board (add
'androidboot.selinux=permissive' to BOARD_KERNEL_CMDLINE). It also
permits transient setenforce 0 in -userdebug or -eng builds, which can
be helpful for developers.
If the bootloader is locked, then you can't modify the kernel cmdline
"Also, the code in the init program for processing the
androidboot.selinux= option is only compiled in
-eng builds, so even aside from bootloader locking, you cannot use
androidboot.selinux=permissive on a
The way to check what build type you have is:
$ getprop ro.build.type
Modifying init.rc to add my own android native service
This cannot be done from shell.
init.rc is part of
ramdisk and not
system partition. So at bootup, the
init.rc picked up will be from ramdisk. So whatever changes you do to
init.rc will not get reflected.
AFAIK Only way is to build the ROM and reflash
Check this post, it is related, might help
Execute a daemon in Android init.rc
I got the same issue with nexus 9. I added code to device/htc/flounder/init.flounder.rc but doesnt work.
service pollingclient /system/bin/sh logwrapper
My quick fix is added code to start my daemon in system/core/adb/adb_auth_client.c after fdevent_add(&t->auth_fde, FDE_READ);
system("sleep 5; mydaemon");
It works but its some kind of "quick fix". I am still investigating right solution.
I disable selinux by edit ./arch/arm64/configs/flounder_defconfig set CONFIG_SECURITY_SELINUX=n then recompile kernel and recompile boot.img. Wow, it works!