TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2024-11-27 20:15:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't always mock selinux enforce as "0"

Browse Source
This commit is contained in:
LoveSy 2022-03-19 13:49:32 +08:00 committed by John Wu
parent 92f0e53fee
commit 2fb49ad780
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
native/jni/init/selinux.cpp
View File

@ -70,7 +70,6 @@ void MagiskInit::hijack_sepolicy() {
} else {
// We block using the "enforce" node
blocking_target = SELINUX_ENFORCE;
actual_content = "0";
}
// Hijack the "load" and "enforce" node in selinuxfs to manipulate
@ -169,6 +168,10 @@ void MagiskInit::hijack_sepolicy() {
xmount("selinuxfs", REAL_SELINUXFS, "selinuxfs", 0, nullptr);
sepol->to_file(REAL_SELINUXFS "/load");
if (strcmp(blocking_target, SELINUX_ENFORCE) == 0) {
actual_content = full_read(SELINUX_ENFORCE);
}
// Write to mock blocking target ONLY after sepolicy is loaded. We need to make sure
// the actual init process is blocked until sepolicy is loaded, or else
// restorecon will fail and re-exec won't change context, causing boot failure.