Selinux permissive impact on security

My aosp source code is by default selinux is enforcing mode.

For creation of new services I am planing to change selinux mode to permissive .

May I know, I we keep selinux is permissive mode any impact on security.

Thanks in advance.

Obviously security will be reduced if you disable security features. I don’t understand why you would even need to ask the question.

You can set selinux to permissive during feature development with the intention to enable it again as you work out the issues that required you to set it permissive. However I would caution you to keep working on selinux throughout the process so that you don’t spend too much time developing something that ultimately cannot work within aosp’s sepolicy.

So in general, I would say that setting selinux permissive is for the “proof of concept” stage.

To paraphrase doitritght:

Note: The audit2allow tool can be useful to generate your rules.