From 5d07d0b964d9abb2e23bdddb4895d10536502f71 Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Mon, 25 Sep 2023 15:10:54 -0700 Subject: [PATCH] Do not support systems without SELinux --- native/src/base/include/selinux.hpp | 1 - native/src/base/selinux.cpp | 16 ---------------- native/src/core/daemon.cpp | 2 +- native/src/core/restorecon.cpp | 4 ---- native/src/core/su/su_daemon.cpp | 2 +- native/src/zygisk/main.cpp | 9 +-------- 6 files changed, 3 insertions(+), 31 deletions(-) diff --git a/native/src/base/include/selinux.hpp b/native/src/base/include/selinux.hpp index be3d628f6..3d783ea3d 100644 --- a/native/src/base/include/selinux.hpp +++ b/native/src/base/include/selinux.hpp @@ -34,7 +34,6 @@ extern int (*fsetfilecon)(int fd, const char *con); void getfilecon_at(int dirfd, const char *name, char **con); void setfilecon_at(int dirfd, const char *name, const char *con); -bool selinux_enabled(); void enable_selinux(); void restorecon(); void restore_tmpcon(); diff --git a/native/src/base/selinux.cpp b/native/src/base/selinux.cpp index dcf3cb033..53e3a4a01 100644 --- a/native/src/base/selinux.cpp +++ b/native/src/base/selinux.cpp @@ -102,23 +102,7 @@ void setfilecon_at(int dirfd, const char *name, const char *con) { lsetfilecon(path, con); } -#if MAGISK_DEBUG -static bool se_state = false; -bool selinux_enabled() { - return se_state; -} -#else -bool selinux_enabled() { - return true; -} -#endif - void enable_selinux() { -#if MAGISK_DEBUG - if (access(SELINUX_MNT, F_OK) != 0) - return; - se_state = true; -#endif setcon = __setcon; getfilecon = __getfilecon; lgetfilecon = __lgetfilecon; diff --git a/native/src/core/daemon.cpp b/native/src/core/daemon.cpp index 78731a20b..2323adba5 100644 --- a/native/src/core/daemon.cpp +++ b/native/src/core/daemon.cpp @@ -251,7 +251,7 @@ static void handle_request(pollfd *pfd) { } break; case MainRequest::ZYGISK: - if (!is_zygote && selinux_enabled()) { + if (!is_zygote) { // Invalid client context write_int(client, MainResponse::ACCESS_DENIED); goto done; diff --git a/native/src/core/restorecon.cpp b/native/src/core/restorecon.cpp index afc738948..3494cffa8 100644 --- a/native/src/core/restorecon.cpp +++ b/native/src/core/restorecon.cpp @@ -64,8 +64,6 @@ static void restore_syscon(int dirfd) { } void restorecon() { - if (!selinux_enabled()) - return; int fd = xopen(SELINUX_CONTEXT, O_WRONLY | O_CLOEXEC); if (write(fd, ADB_CON, sizeof(ADB_CON)) >= 0) lsetfilecon(SECURE_DIR, ADB_CON); @@ -76,8 +74,6 @@ void restorecon() { } void restore_tmpcon() { - if (!selinux_enabled()) - return; if (MAGISKTMP == "/sbin") setfilecon(MAGISKTMP.data(), ROOT_CON); else diff --git a/native/src/core/su/su_daemon.cpp b/native/src/core/su/su_daemon.cpp index 1ceb6b556..75fd1778d 100644 --- a/native/src/core/su/su_daemon.cpp +++ b/native/src/core/su/su_daemon.cpp @@ -458,7 +458,7 @@ void su_daemon_handler(int client, const sock_cred *cred) { sigset_t block_set; sigemptyset(&block_set); sigprocmask(SIG_SETMASK, &block_set, nullptr); - if (!ctx.req.context.empty() && selinux_enabled()) { + if (!ctx.req.context.empty()) { auto f = xopen_file("/proc/self/attr/exec", "we"); if (f) fprintf(f.get(), "%s", ctx.req.context.data()); } diff --git a/native/src/zygisk/main.cpp b/native/src/zygisk/main.cpp index 58200df3f..85b596723 100644 --- a/native/src/zygisk/main.cpp +++ b/native/src/zygisk/main.cpp @@ -19,14 +19,7 @@ int app_process_main(int argc, char *argv[]) { char buf[PATH_MAX]; bool zygote = false; - if (!selinux_enabled()) { - for (int i = 0; i < argc; ++i) { - if (argv[i] == "--zygote"sv) { - zygote = true; - break; - } - } - } else if (auto fp = open_file("/proc/self/attr/current", "r")) { + if (auto fp = open_file("/proc/self/attr/current", "r")) { fscanf(fp.get(), "%s", buf); zygote = (buf == "u:r:zygote:s0"sv); }