Allows the zygote to still spawn apps in the zygote's context when no match is found in seapp_contexts. In enforcing mode, apps that are not matched will not be spawned. A "No match" message will (still) be printed to logcat. Change-Id: Ibe362cc8e168be7acae5162c9ff6a310233fcbe6 --- src/android.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/android.c b/src/android.c index 7974391..b013110 100644 --- a/src/android.c +++ b/src/android.c @@ -525,7 +525,8 @@ int selinux_android_setcontext(uid_t uid, selinux_log(SELINUX_ERROR, "%s: No match for app with uid %d, seinfo %s, name %s\n", __FUNCTION__, uid, seinfo, pkgname); - rc = -1; + + rc = (security_getenforce() == 0) ? 0 : -1; goto out; } -- 1.7.0.4 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
