Auto switch to pseudo enforced if permissive

This commit is contained in:
topjohnwu 2017-02-05 23:42:17 +08:00
parent 6d3ac2aa55
commit 472255924a
3 changed files with 41 additions and 4 deletions

View File

@ -12,6 +12,8 @@ int hideMagisk() {
// Termination called
if(pid == -1) break;
manage_selinux();
snprintf(buffer, sizeof(buffer), "/proc/%d/ns/mnt", pid);
if((fd = open(buffer, O_RDONLY)) == -1) continue; // Maybe process died..
if(setns(fd, 0) == -1) {

View File

@ -18,9 +18,11 @@
#include <sys/stat.h>
#include <sys/resource.h>
#define LOGFILE "/cache/magisk.log"
#define HIDELIST "/magisk/.core/magiskhide/hidelist"
#define DUMMYPATH "/dev/magisk/dummy"
#define LOGFILE "/cache/magisk.log"
#define HIDELIST "/magisk/.core/magiskhide/hidelist"
#define DUMMYPATH "/dev/magisk/dummy"
#define ENFORCE_FILE "/sys/fs/selinux/enforce"
#define SEPOLICY_INJECT "/data/magisk/sepolicy-inject"
// Main thread
void monitor_proc();
@ -38,6 +40,7 @@ char **file_to_str_arr(FILE *fp, int *size);
void read_namespace(const int pid, char* target, const size_t size);
void lazy_unmount(const char* mountpoint);
void run_as_daemon();
void manage_selinux();
// Global variable sharing through process/threads
extern FILE *logfile;

View File

@ -56,4 +56,36 @@ void run_as_daemon() {
default:
exit(0);
}
}
}
void manage_selinux() {
char *argv[] = { SEPOLICY_INJECT, "--live", "permissive *", NULL };
char str[20];
int fd, ret;
fd = open(ENFORCE_FILE, O_RDONLY);
if (fd < 0)
return;
ret = read(fd, str, 20);
close(fd);
if (ret < 1)
return;
// Permissive
if (str[0] == '0') {
fprintf(logfile, "MagiskHide: Permissive detected, switching to pseudo enforced\n");
fd = open(ENFORCE_FILE, O_RDWR);
if (fd < 0)
return;
ret = write(fd, "1", 1);
close(fd);
if (ret < 1)
return;
switch(fork()) {
case -1:
return;
case 0:
execvp(argv[0], argv);
default:
return;
}
}
}