From 472255924a9c0358dfd8d38bf52d15da129dd174 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Sun, 5 Feb 2017 23:42:17 +0800
Subject: [PATCH] Auto switch to pseudo enforced if permissive

---
 jni/magiskhide/hide.c       |  2 ++
 jni/magiskhide/magiskhide.h |  9 ++++++---
 jni/magiskhide/util.c       | 34 +++++++++++++++++++++++++++++++++-
 3 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/jni/magiskhide/hide.c b/jni/magiskhide/hide.c
index eb2bc16e2..870807d3e 100644
--- a/jni/magiskhide/hide.c
+++ b/jni/magiskhide/hide.c
@@ -12,6 +12,8 @@ int hideMagisk() {
 		// Termination called
 		if(pid == -1) break;
 
+		manage_selinux();
+
 		snprintf(buffer, sizeof(buffer), "/proc/%d/ns/mnt", pid);
 		if((fd = open(buffer, O_RDONLY)) == -1) continue; // Maybe process died..
 		if(setns(fd, 0) == -1) {
diff --git a/jni/magiskhide/magiskhide.h b/jni/magiskhide/magiskhide.h
index 953b93b70..70814f6d0 100644
--- a/jni/magiskhide/magiskhide.h
+++ b/jni/magiskhide/magiskhide.h
@@ -18,9 +18,11 @@
 #include <sys/stat.h>
 #include <sys/resource.h>
 
-#define LOGFILE 	"/cache/magisk.log"
-#define HIDELIST 	"/magisk/.core/magiskhide/hidelist"
-#define DUMMYPATH	"/dev/magisk/dummy"
+#define LOGFILE 		"/cache/magisk.log"
+#define HIDELIST 		"/magisk/.core/magiskhide/hidelist"
+#define DUMMYPATH		"/dev/magisk/dummy"
+#define ENFORCE_FILE 	"/sys/fs/selinux/enforce"
+#define SEPOLICY_INJECT "/data/magisk/sepolicy-inject"
 
 // Main thread
 void monitor_proc();
@@ -38,6 +40,7 @@ char **file_to_str_arr(FILE *fp, int *size);
 void read_namespace(const int pid, char* target, const size_t size);
 void lazy_unmount(const char* mountpoint);
 void run_as_daemon();
+void manage_selinux();
 
 // Global variable sharing through process/threads
 extern FILE *logfile;
diff --git a/jni/magiskhide/util.c b/jni/magiskhide/util.c
index a251a9b4f..dda372041 100644
--- a/jni/magiskhide/util.c
+++ b/jni/magiskhide/util.c
@@ -56,4 +56,36 @@ void run_as_daemon() {
 		default:
 			exit(0); 
 	}
-}
\ No newline at end of file
+}
+
+void manage_selinux() {
+	char *argv[] = { SEPOLICY_INJECT, "--live", "permissive *", NULL };
+	char str[20];
+	int fd, ret;
+	fd = open(ENFORCE_FILE, O_RDONLY);
+	if (fd < 0)
+		return;
+	ret = read(fd, str, 20);
+	close(fd);
+	if (ret < 1)
+		return;
+	// Permissive
+	if (str[0] == '0') {
+		fprintf(logfile, "MagiskHide: Permissive detected, switching to pseudo enforced\n");
+		fd = open(ENFORCE_FILE, O_RDWR);
+		if (fd < 0)
+			return;
+		ret = write(fd, "1", 1);
+		close(fd);
+		if (ret < 1)
+			return;
+		switch(fork()) {
+			case -1:
+				return;
+			case 0:
+				execvp(argv[0], argv);
+			default:
+				return;
+		}
+	}
+}