How to enable SELinux mode in OpenHarmony? RK3566 Hongmeng development board demonstration

Industio_触觉智能

How to enable SELinux mode in OpenHarmony? RK3566 Hongmeng development board demonstration [Copy link]

This article introduces how to enable/disable SELinux permissions in the open source Hongmeng OpenHarmony system. The tactile intelligent Purple Pi OH Hongmeng development board is demonstrated. It is equipped with Rockchip RK3566 chip, Raspberry Pi-like design, recommended by the Laval official community, and has been adapted to the new OpenHarmony5.0 Release system!

SELinux permission status

SELinux has three states: Enforcing, Permissive and Disabled.

Enforcing: Enforcing mode, behaviors that violate SELinux rules will be blocked and recorded in the log.

Permissive: Permissive mode. Violations of SELinux rules are only recorded in the log, usually for debugging.

Disabled: Disable SELinux permission status.

The command to view SELinux permissions is as follows:

C:\Users\industio>hdc shell //Check SELinux permission status# getenforce //In this state, SELinux permission is enabled Enforcing

Temporarily modify SElinux permissions

The command to temporarily disable SELinux permissions is as follows:

//Temporarily disable SElinux permissions # setenforce 0 # getenforce Permissive

Note: This will temporarily disable SELinux permissions, but this method will become invalid after the system is restarted. The following shows how to permanently modify SELinux permissions.

Permanently enable or disable SELinux permissions

Method 1

The path of the SELinux config configuration file in the OpenHarmony system

system/etc/selinux/config, as shown below:

Drag the file to the local computer through the hdc command. The command is as follows:

C:\Users\industio>hdc shell mount -o remount,rw / C:\Users\industio>hdc file recv system/etc/selinux/config "local path"

After modifying the SELinux permission status in the config file locally, push the file back to the system

C:\Users\industio>hdc file send "local path" system/etc/selinux/ FileTransfer finish, Size:624 File count = 1, time:30ms rate:20.80KB/s

Note: In this way, SELinux permissions will be permanently modified. After reboot, SELinux permissions will not change the permission status due to reboot, but re-burning the firmware will still fail this method.

Method 2

Modify the SELinux permission path in the SDK:

/base/security/selinux_adapter/selinux.gni, as shown in the following figure:

The command is as follows:

declare_args() { //Change permissions as needed. Currently, it is enabled. To disable, change true to false. selinux_enforce = true }

After modification, save and exit, and recompile the entire SDK.