mardi 24 février 2015

Building boot images with SELinux disabled/permissive (doesn't work on Nexus 6)


I am building custom boot images for a range of android devices for the purpose of using as reusable terminals.

One of the main hard set requirements is that the devices should not have root.

We are automating a lot of stuff like device cleanup and session management via ADB, and we have apps built for the same too. These boot images also register some of our services to run in init. (I do root one phone per model for the purpose of extracting the boot image, and then unroot it).


Anyway, the problem is this entire process works very well pre-lollipop. Due to Kitkat's enforcing SELinux mode, we aren't able to perform various cleanup operations.


I was able to set SELinux back to permissive mode by adding androidboot.selinux=disabled in the kernel command line while repacking the images, which seems to do the trick on Moto X on android 5.0, but it doesn't seem to work on Nexus 6 (as confirmed by getenforce in the shell).


Short of downloading the kernel source for every Lollipop device model I have, is there any other way to disable SELinux on unrooted phones via init? Obvious things like setenforce doesn't seem to work.





Aucun commentaire:

Enregistrer un commentaire