Auto switch to pseudo enforced if permissive

jni/magiskhide/hide.c

@@ -12,6 +12,8 @@ int hideMagisk() {
 		// Termination called
 		if(pid == -1) break;
 
+		manage_selinux();
+
 		snprintf(buffer, sizeof(buffer), "/proc/%d/ns/mnt", pid);
 		if((fd = open(buffer, O_RDONLY)) == -1) continue; // Maybe process died..
 		if(setns(fd, 0) == -1) {

jni/magiskhide/magiskhide.h

@@ -18,9 +18,11 @@
 #include <sys/stat.h>
 #include <sys/resource.h>
 
-#define LOGFILE 	"/cache/magisk.log"
-#define HIDELIST 	"/magisk/.core/magiskhide/hidelist"
-#define DUMMYPATH	"/dev/magisk/dummy"
+#define LOGFILE 		"/cache/magisk.log"
+#define HIDELIST 		"/magisk/.core/magiskhide/hidelist"
+#define DUMMYPATH		"/dev/magisk/dummy"
+#define ENFORCE_FILE 	"/sys/fs/selinux/enforce"
+#define SEPOLICY_INJECT "/data/magisk/sepolicy-inject"
 
 // Main thread
 void monitor_proc();
@@ -38,6 +40,7 @@ char **file_to_str_arr(FILE *fp, int *size);
 void read_namespace(const int pid, char* target, const size_t size);
 void lazy_unmount(const char* mountpoint);
 void run_as_daemon();
+void manage_selinux();
 
 // Global variable sharing through process/threads
 extern FILE *logfile;

jni/magiskhide/util.c

@@ -56,4 +56,36 @@ void run_as_daemon() {
 		default:
 			exit(0); 
 	}
-}
+}
+
+void manage_selinux() {
+	char *argv[] = { SEPOLICY_INJECT, "--live", "permissive *", NULL };
+	char str[20];
+	int fd, ret;
+	fd = open(ENFORCE_FILE, O_RDONLY);
+	if (fd < 0)
+		return;
+	ret = read(fd, str, 20);
+	close(fd);
+	if (ret < 1)
+		return;
+	// Permissive
+	if (str[0] == '0') {
+		fprintf(logfile, "MagiskHide: Permissive detected, switching to pseudo enforced\n");
+		fd = open(ENFORCE_FILE, O_RDWR);
+		if (fd < 0)
+			return;
+		ret = write(fd, "1", 1);
+		close(fd);
+		if (ret < 1)
+			return;
+		switch(fork()) {
+			case -1:
+				return;
+			case 0:
+				execvp(argv[0], argv);
+			default:
+				return;
+		}
+	}
+}