API tools faq
paste
Advertisement
zombah

alcatel ot5065d kernel security diff

zombah
Jun 1st, 2016
94
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.66 KB | None | 0 0
raw download clone embed print report
  1. diff --git a/security/selinux/Makefile b/security/selinux/Makefile
  2. index ad5cd76..8fcafb6 100644
  3. --- a/security/selinux/Makefile
  4. +++ b/security/selinux/Makefile
  5. @@ -15,6 +15,13 @@ selinux-$(CONFIG_NETLABEL) += netlabel.o
  6.  
  7.  ccflags-y := -Isecurity/selinux -Isecurity/selinux/include
  8.  
  9. +#add begin by stephen.wu for debug support
  10. +ifeq ($(TCT_DEBUG_SUPPORT), true)
  11. +KBUILD_CFLAGS += -DJRD_USER2ROOT
  12. +$(warning "selinux kernel debug")
  13. +endif
  14. +#add end by stephen.wu
  15. +
  16.  $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
  17.  
  18.  quiet_cmd_flask = GEN     $(obj)/flask.h $(obj)/av_permissions.h
  19. diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
  20. index 25eba69..a7d8f91 100644
  21. --- a/security/selinux/hooks.c
  22. +++ b/security/selinux/hooks.c
  23. @@ -103,10 +103,12 @@ extern struct security_operations *security_ops;
  24.  
  25.  /* SECMARK reference count */
  26.  static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
  27. -
  28. +//modify begin by stephen.wu for recovery permissive mode
  29.  #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
  30. -int selinux_enforcing;
  31. -
  32. +int selinux_enforcing = 0;
  33. +#else
  34. +int selinux_enforcing = 1;
  35. +#endif
  36.  static int __init enforcing_setup(char *str)
  37.  {
  38.     unsigned long enforcing;
  39. @@ -115,8 +117,8 @@ static int __init enforcing_setup(char *str)
  40.     return 1;
  41.  }
  42.  __setup("enforcing=", enforcing_setup);
  43. -#endif
  44. -
  45. +//#endif
  46. +//modify end by stephen.wu
  47.  #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
  48.  int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
  49.  
  50. diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
  51. index 28a08a8..cf01cd4 100644
  52. --- a/security/selinux/include/avc.h
  53. +++ b/security/selinux/include/avc.h
  54. @@ -19,11 +19,13 @@
  55.  #include "av_permissions.h"
  56.  #include "security.h"
  57.  
  58. -#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
  59. +//modify begin by stephen.wu for recovery permissive mode
  60. +//#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
  61.  extern int selinux_enforcing;
  62. -#else
  63. -#define selinux_enforcing 1
  64. -#endif
  65. +//#else
  66. +//#define selinux_enforcing 1
  67. +//#endif
  68. +//modify end by stephen.wu
  69.  
  70.  /*
  71.   * An entry in the AVC.
  72. diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
  73. index ff42773..44cbc1d 100644
  74. --- a/security/selinux/selinuxfs.c
  75. +++ b/security/selinux/selinuxfs.c
  76. @@ -168,9 +168,11 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
  77.         goto out;
  78.  
  79.     if (new_value != selinux_enforcing) {
  80. +#ifndef JRD_USER2ROOT
  81.         length = task_has_security(current, SECURITY__SETENFORCE);
  82.         if (length)
  83.             goto out;
  84. +#endif
  85.         audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
  86.             "enforcing=%d old_enforcing=%d auid=%u ses=%u",
  87.             new_value, selinux_enforcing,
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!