1、user版本关闭selinux
仅限于系统调试时使用，量产版本需要将其设置回去成ELINUX_ENFORCING模式。
1.1)背景

C:\Users\zhaojr>  adb root
C:\Users\zhaojr>  adb remount
C:\Users\zhaojr> adb shell
ac8257:/ # getenforce
getenforce
Enforcing

这个表明Selinux权限存在。
1.2) 开机抓取日志
抓一份开机串口log，检索SELinux

[ 7.085097] init: Loading SELinux policy
这句log是重点，从init可以判断这句代码是从system下面找到的。
1.3）关闭selinux

zhaojr@igentai:~/USER_MC2_20210202_AC8257/ac8257$ grep "Loading SELinux policy" ./system/core -nR
./system/core/init/selinux.cpp:373:    LOG(VERBOSE) << "Loading SELinux policy from monolithic file";
./system/core/init/selinux.cpp:390:    LOG(INFO) << "Loading SELinux policy";

zhaojr@igentai:~/USER_MC2_20210202_AC8257/ac8257$ vim ./system/core/init/selinux.cpp

所以按照以上逻辑修改如下：
system/core/init/Android.mk

diff --git a/system/core/init/Android.mk b/system/core/init/Android.mk
old mode 100644
new mode 100755
index c4a6a50..f493524
--- a/system/core/init/Android.mk
+++ b/system/core/init/Android.mk
@@ -15,6 +15,7 @@ elseinit_options += \-DALLOW_LOCAL_PROP_OVERRIDE=0 \-DALLOW_PERMISSIVE_SELINUX=0 \
+    -DSELINUX_ENFORCING_MODE=1 \-DREBOOT_BOOTLOADER_ON_PANIC=0 \-DWORLD_WRITABLE_KMSG=0 \-DDUMP_ON_UMOUNT_FAILURE=0
代码如下：
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
init_options += \-DALLOW_LOCAL_PROP_OVERRIDE=1 \-DALLOW_PERMISSIVE_SELINUX=1 \-DREBOOT_BOOTLOADER_ON_PANIC=1 \-DWORLD_WRITABLE_KMSG=1 \-DDUMP_ON_UMOUNT_FAILURE=1
else
init_options += \-DALLOW_LOCAL_PROP_OVERRIDE=0 \-DALLOW_PERMISSIVE_SELINUX=0 \-DSELINUX_ENFORCING_MODE=1 \   //假如这行，只有在user模式编译的时候才有效-DREBOOT_BOOTLOADER_ON_PANIC=0 \-DWORLD_WRITABLE_KMSG=0 \-DDUMP_ON_UMOUNT_FAILURE=0
endif

system/core/init/selinux.cpp

bool IsEnforcing() {
#if SELINUX_ENFORCING_MODE  //SELinux is only turned off when compiling in user modereturn false;
#endif //if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromCmdline() == SELINUX_ENFORCING;}return true;
}

1.4 最后进行验证

C:\Users\zhaojr>  adb root
C:\Users\zhaojr>  adb remount
C:\Users\zhaojr> adb shell
ac8257:/ # getenforce
getenforce
Permissive

2、user模式使能debug串口和控制台
2.1、修改内核命令行参数，串口使能，内核日志输出关闭
如下：
vendor/mediatek/proprietary/bootable/bootloader/lk/app/mt_boot/mt_boot.c

int boot_linux_fdt(void *kernel, unsigned *tags,unsigned machtype,void *ramdisk, unsigned ramdisk_sz)
{void *fdt = tags;int ret;int offset;char tmpbuf[TMPBUF_SIZE];dt_dram_info mem_reg_property[128];............................................if (!has_set_p2u) {switch (eBuildType) {case BUILD_TYPE_USER:if (((g_boot_mode == META_BOOT) && is_meta_log_disable &&
#ifdef LOG_STORE_SUPPORT(is_meta_log_disable() == 0)) || g_boot_arg->log_dynamic_switch)
#else(is_meta_log_disable() == 0)))
#endif{
#ifdef ATC_AOSP_ENHANCEMENTextern int in_fastavm_state(void);if (in_fastavm_state()) {cmdline_append("printk.disable_uart=1");} else {  //user模式下uart debug口uart debug口使能，内核日志关闭//cmdline_append("printk.disable_uart=0");//Turn off log information and print only error and warning letterscmdline_append("printk.disable_uart=0 loglevel=0 preset_lpj=52000");}
#elsecmdline_append("printk.disable_uart=0");
#endif}elsecmdline_append("printk.disable_uart=1");break;case BUILD_TYPE_USERDEBUG:if ((g_boot_mode == META_BOOT) && is_meta_log_disable &&
#ifdef LOG_STORE_SUPPORT(is_meta_log_disable() == 1) && (g_boot_arg->log_dynamic_switch == 0))
#else(is_meta_log_disable() == 1))
#endifcmdline_append("printk.disable_uart=1 slub_debug=O");
#ifdef LOG_STORE_SUPPORTelse if (boot_ftrace && g_boot_arg->log_dynamic_switch == 0)
#elseelse if (boot_ftrace)
#endifcmdline_append("printk.disable_uart=1 slub_debug=-");else{
#ifdef ATC_AOSP_ENHANCEMENTextern int in_fastavm_state(void);if (in_fastavm_state()) {cmdline_append("printk.disable_uart=1");} else { //userdebug模式下uart debug口使能，内核日志关闭//	cmdline_append("printk.disable_uart=0");//Turn off log information and print only error and warning letters//cmdline_append("printk.disable_uart=1 loglevel=4 preset_lpj=52000");//cmdline_append("printk.disable_uart=1 quiet preset_lpj=52000");cmdline_append("printk.disable_uart=0 loglevel=0 preset_lpj=52000");}
#elsecmdline_append("printk.disable_uart=0");
#endif}break;case BUILD_TYPE_ENG:..............................................

2.2 user模式下打开uart控制台输入
原理，在system/core/rootdir/init.rc中

service console /system/bin/shclass coreconsoledisabledroot shellgroup shell log readprocseclabel u:r:shell:s0setenv HOSTNAME consoleon property:ro.debuggable=1# Give writes to anyone for the trace folder on debug builds.# The folder is used to store method traces.chmod 0773 /data/misc/trace# Give reads to anyone for the window trace folder on debug builds.chmod 0775 /data/misc/wmtracestart console

说明当ro.debuggable=1才启动串口控制台，意思就是说在user模式编译时，ro.debuggable=0，所以控制台只有输出没有输入，根据这个原理，我们修改在user模式下将ro.debuggable=0修改成ro.debuggable=1即可，如下：
build/make/core/main.mk

ifeq (true,$(strip $(enable_target_debugging)))# Target is more debuggable and adbd is on by defaultADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1# Enable Dalvik lock contention logging.ADDITIONAL_BUILD_PROPERTIES += dalvik.vm.lockprof.threshold=500# Include the debugging/testing OTA keys in this build.INCLUDE_TEST_OTA_KEYS := true
else # !enable_target_debugging# Target is less debuggable and adbd is off by default# ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=0ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
endif # !enable_target_debugging