persistent booleans after reboot

#12 Declined
  1. Haiqing Jiang

Current SE Boolean is not persistent after reboot which means the booleans will be reverted back to the default value after reboot. I implement the persist_sebool feature to support the persistent sebooleans. After reboot, the value of booleans will be as the same as the ones before reboot. The implementation distributes to two parts. First part is the booleans.c in which I write boolean value to user space (not only /sys/fs/selinux/booleans). Second part is in system/core. I implement a new tool which write the userspace value back to the sebooleans (in /sys/fs/selinux/booleans) when the phone is booting. The tool is set as a service in class main inside init.rc.

Comments (4)

  1. William Roberts

    I commented before how a shell script would be MUCH simpler... I did below as reloadbools. Ping me and Ill send you the file.


    BOOLDIR=/data/security/bools echo "BOOLDIR: $BOOLDIR" bools=$(ls $BOOLDIR) echo "BOOLS: $bools" for b in $bools; do val=$(cat $BOOLDIR/$b) if [ -z "$val" ]; then echo "Null Boolean: $b" exit 1 fi echo "VAL: $val" setsebool $b $val if [ $? -ne 0 ]; then echo "Error setting bool: $?" exit 1 fi done;

  2. seandroid repo owner

    By making it a separate service, the booleans won't be restored until at some random point during startup. Better to directly integrate into policy loading logic in libselinux/src/android.c so that they are set immediately from policy load onward.

  3. Haiqing Jiang author

    I agree with integrating to policy loading logic. With service, anyway it cannot be guaranteed to be loaded at the same time as sepolicy loading time.