init: don't skip starting a service with no domain if permissive

[Adrian DC] Preserve the log while permissive Change-Id: I3f2887930e15d09014c2594141ba4acbbc8d6d9d
2016-08-30 08:04:38 -04:00 · 2016-08-30 08:04:38 -04:00 · 3fb9072f4d
commit 3fb9072f4d
parent 1ba23d4875
1 changed files with 10 additions and 7 deletions
--- a/init/service.cpp
+++ b/init/service.cpp
@ -99,13 +99,16 @@ static Result<std::string> ComputeContextFromExecutable(const std::string& servi
        free(new_con);
    }
    if (rc == 0 && computed_context == mycon.get()) {
-        return Error() << "File " << service_path << "(labeled \"" << filecon.get()
-                       << "\") has incorrect label or no domain transition from " << mycon.get()
-                       << " to another SELinux domain defined. Have you configured your "
-                          "service correctly? https://source.android.com/security/selinux/"
-                          "device-policy#label_new_services_and_address_denials. Note: this "
-                          "error shows up even in permissive mode in order to make auditing "
-                          "denials possible.";
+        std::string error = StringPrintf(
+                "File %s (labeled \"%s\") has incorrect label or no domain transition from %s to "
+                "another SELinux domain defined. Have you configured your "
+                "service correctly? https://source.android.com/security/selinux/"
+                "device-policy#label_new_services_and_address_denials",
+                service_path.c_str(), filecon.get(), mycon.get());
+        if (security_getenforce() != 0) {
+            return Error() << error;
+        }
+        LOG(ERROR) << error;
    }
    if (rc < 0) {
        return Error() << "Could not get process context";