Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- diff --git a/security/selinux/Makefile b/security/selinux/Makefile
- index ad5cd76..8fcafb6 100644
- --- a/security/selinux/Makefile
- +++ b/security/selinux/Makefile
- @@ -15,6 +15,13 @@ selinux-$(CONFIG_NETLABEL) += netlabel.o
- ccflags-y := -Isecurity/selinux -Isecurity/selinux/include
- +#add begin by stephen.wu for debug support
- +ifeq ($(TCT_DEBUG_SUPPORT), true)
- +KBUILD_CFLAGS += -DJRD_USER2ROOT
- +$(warning "selinux kernel debug")
- +endif
- +#add end by stephen.wu
- +
- $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
- quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h
- diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
- index 25eba69..a7d8f91 100644
- --- a/security/selinux/hooks.c
- +++ b/security/selinux/hooks.c
- @@ -103,10 +103,12 @@ extern struct security_operations *security_ops;
- /* SECMARK reference count */
- static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
- -
- +//modify begin by stephen.wu for recovery permissive mode
- #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
- -int selinux_enforcing;
- -
- +int selinux_enforcing = 0;
- +#else
- +int selinux_enforcing = 1;
- +#endif
- static int __init enforcing_setup(char *str)
- {
- unsigned long enforcing;
- @@ -115,8 +117,8 @@ static int __init enforcing_setup(char *str)
- return 1;
- }
- __setup("enforcing=", enforcing_setup);
- -#endif
- -
- +//#endif
- +//modify end by stephen.wu
- #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
- int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
- diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
- index 28a08a8..cf01cd4 100644
- --- a/security/selinux/include/avc.h
- +++ b/security/selinux/include/avc.h
- @@ -19,11 +19,13 @@
- #include "av_permissions.h"
- #include "security.h"
- -#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
- +//modify begin by stephen.wu for recovery permissive mode
- +//#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
- extern int selinux_enforcing;
- -#else
- -#define selinux_enforcing 1
- -#endif
- +//#else
- +//#define selinux_enforcing 1
- +//#endif
- +//modify end by stephen.wu
- /*
- * An entry in the AVC.
- diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
- index ff42773..44cbc1d 100644
- --- a/security/selinux/selinuxfs.c
- +++ b/security/selinux/selinuxfs.c
- @@ -168,9 +168,11 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
- goto out;
- if (new_value != selinux_enforcing) {
- +#ifndef JRD_USER2ROOT
- length = task_has_security(current, SECURITY__SETENFORCE);
- if (length)
- goto out;
- +#endif
- audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
- "enforcing=%d old_enforcing=%d auid=%u ses=%u",
- new_value, selinux_enforcing,
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement