Gitiles
Code Review Sign In
review.blissroms.org / platform_system_core_old / e730971f70eb869c94b895baccf7a4a7a52b3fb0^! / .
commite730971f70eb869c94b895baccf7a4a7a52b3fb0[log] [tgz]
authorNick Kralevich <nnk@google.com>Wed Mar 11 17:44:13 2015 -0700
committerNick Kralevich <nnk@google.com>Wed Mar 11 17:48:45 2015 -0700
tree6bcf247b6d8c1e0acd142234318baff7394bff22
parent2c9eeb73811e06163860e99df53032de458e9dcf [diff]
builtins: remove setenforce command

Adding "setenforce 0" to init.rc isn't a supported way to turn off
SELinux, and doesn't work with AOSP SELinux policy. Remove the code
from init.

Change-Id: If8c8149560789c9a7ba518a0a100e6033bb68898

diff --git a/init/builtins.cpp b/init/builtins.cpp
index 1ae6bf6..86c9c2e 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp

@@ -571,15 +571,6 @@
     return 0;
 }
 
-int do_setenforce(int nargs, char **args) {
-    if (is_selinux_enabled() <= 0)
-        return 0;
-    if (security_setenforce(atoi(args[1])) < 0) {
-        return -errno;
-    }
-    return 0;
-}
-
 int do_setkey(int nargs, char **args)
 {
     struct kbentry kbe;

diff --git a/init/init_parser.cpp b/init/init_parser.cpp
index 7672804..5cd46fa 100644
--- a/init/init_parser.cpp
+++ b/init/init_parser.cpp

@@ -186,7 +186,6 @@
         if (!strcmp(s, "eclabel")) return K_seclabel;
         if (!strcmp(s, "ervice")) return K_service;
         if (!strcmp(s, "etcon")) return K_setcon;
-        if (!strcmp(s, "etenforce")) return K_setenforce;
         if (!strcmp(s, "etenv")) return K_setenv;
         if (!strcmp(s, "etkey")) return K_setkey;
         if (!strcmp(s, "etprop")) return K_setprop;

diff --git a/init/keywords.h b/init/keywords.h
index 60931f1..b203d2d 100644
--- a/init/keywords.h
+++ b/init/keywords.h

@@ -23,7 +23,6 @@
 int do_rm(int nargs, char **args);
 int do_rmdir(int nargs, char **args);
 int do_setcon(int nargs, char **args);
-int do_setenforce(int nargs, char **args);
 int do_setkey(int nargs, char **args);
 int do_setprop(int nargs, char **args);
 int do_setrlimit(int nargs, char **args);
@@ -84,7 +83,6 @@
     KEYWORD(seclabel,    OPTION,  0, 0)
     KEYWORD(service,     SECTION, 0, 0)
     KEYWORD(setcon,      COMMAND, 1, do_setcon)
-    KEYWORD(setenforce,  COMMAND, 1, do_setenforce)
     KEYWORD(setenv,      OPTION,  2, 0)
     KEYWORD(setkey,      COMMAND, 0, do_setkey)
     KEYWORD(setprop,     COMMAND, 2, do_setprop)

diff --git a/init/readme.txt b/init/readme.txt
index 8161858..3af7924 100644
--- a/init/readme.txt
+++ b/init/readme.txt

@@ -228,10 +228,6 @@
    This is typically only used from early-init to set the init context
    before any other process is started.
 
-setenforce 0|1
-   Set the SELinux system-wide enforcing status.
-   0 is permissive (i.e. log but do not deny), 1 is enforcing.
-
 setkey
    TBD