From 2fb49ad7806bbe50ac60ea223cba93e6cb54a226 Mon Sep 17 00:00:00 2001 From: LoveSy Date: Sat, 19 Mar 2022 13:49:32 +0800 Subject: [PATCH] Don't always mock selinux enforce as "0" --- native/jni/init/selinux.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/native/jni/init/selinux.cpp b/native/jni/init/selinux.cpp index 12148a2c4..7fbc9fa90 100644 --- a/native/jni/init/selinux.cpp +++ b/native/jni/init/selinux.cpp @@ -70,7 +70,6 @@ void MagiskInit::hijack_sepolicy() { } else { // We block using the "enforce" node blocking_target = SELINUX_ENFORCE; - actual_content = "0"; } // Hijack the "load" and "enforce" node in selinuxfs to manipulate @@ -169,6 +168,10 @@ void MagiskInit::hijack_sepolicy() { xmount("selinuxfs", REAL_SELINUXFS, "selinuxfs", 0, nullptr); sepol->to_file(REAL_SELINUXFS "/load"); + if (strcmp(blocking_target, SELINUX_ENFORCE) == 0) { + actual_content = full_read(SELINUX_ENFORCE); + } + // Write to mock blocking target ONLY after sepolicy is loaded. We need to make sure // the actual init process is blocked until sepolicy is loaded, or else // restorecon will fail and re-exec won't change context, causing boot failure.