Do not support systems without SELinux

This commit is contained in:
topjohnwu 2023-09-25 15:10:54 -07:00
parent ec115cd7e3
commit 5d07d0b964
6 changed files with 3 additions and 31 deletions

View File

@ -34,7 +34,6 @@ extern int (*fsetfilecon)(int fd, const char *con);
void getfilecon_at(int dirfd, const char *name, char **con); void getfilecon_at(int dirfd, const char *name, char **con);
void setfilecon_at(int dirfd, const char *name, const char *con); void setfilecon_at(int dirfd, const char *name, const char *con);
bool selinux_enabled();
void enable_selinux(); void enable_selinux();
void restorecon(); void restorecon();
void restore_tmpcon(); void restore_tmpcon();

View File

@ -102,23 +102,7 @@ void setfilecon_at(int dirfd, const char *name, const char *con) {
lsetfilecon(path, con); lsetfilecon(path, con);
} }
#if MAGISK_DEBUG
static bool se_state = false;
bool selinux_enabled() {
return se_state;
}
#else
bool selinux_enabled() {
return true;
}
#endif
void enable_selinux() { void enable_selinux() {
#if MAGISK_DEBUG
if (access(SELINUX_MNT, F_OK) != 0)
return;
se_state = true;
#endif
setcon = __setcon; setcon = __setcon;
getfilecon = __getfilecon; getfilecon = __getfilecon;
lgetfilecon = __lgetfilecon; lgetfilecon = __lgetfilecon;

View File

@ -251,7 +251,7 @@ static void handle_request(pollfd *pfd) {
} }
break; break;
case MainRequest::ZYGISK: case MainRequest::ZYGISK:
if (!is_zygote && selinux_enabled()) { if (!is_zygote) {
// Invalid client context // Invalid client context
write_int(client, MainResponse::ACCESS_DENIED); write_int(client, MainResponse::ACCESS_DENIED);
goto done; goto done;

View File

@ -64,8 +64,6 @@ static void restore_syscon(int dirfd) {
} }
void restorecon() { void restorecon() {
if (!selinux_enabled())
return;
int fd = xopen(SELINUX_CONTEXT, O_WRONLY | O_CLOEXEC); int fd = xopen(SELINUX_CONTEXT, O_WRONLY | O_CLOEXEC);
if (write(fd, ADB_CON, sizeof(ADB_CON)) >= 0) if (write(fd, ADB_CON, sizeof(ADB_CON)) >= 0)
lsetfilecon(SECURE_DIR, ADB_CON); lsetfilecon(SECURE_DIR, ADB_CON);
@ -76,8 +74,6 @@ void restorecon() {
} }
void restore_tmpcon() { void restore_tmpcon() {
if (!selinux_enabled())
return;
if (MAGISKTMP == "/sbin") if (MAGISKTMP == "/sbin")
setfilecon(MAGISKTMP.data(), ROOT_CON); setfilecon(MAGISKTMP.data(), ROOT_CON);
else else

View File

@ -458,7 +458,7 @@ void su_daemon_handler(int client, const sock_cred *cred) {
sigset_t block_set; sigset_t block_set;
sigemptyset(&block_set); sigemptyset(&block_set);
sigprocmask(SIG_SETMASK, &block_set, nullptr); sigprocmask(SIG_SETMASK, &block_set, nullptr);
if (!ctx.req.context.empty() && selinux_enabled()) { if (!ctx.req.context.empty()) {
auto f = xopen_file("/proc/self/attr/exec", "we"); auto f = xopen_file("/proc/self/attr/exec", "we");
if (f) fprintf(f.get(), "%s", ctx.req.context.data()); if (f) fprintf(f.get(), "%s", ctx.req.context.data());
} }

View File

@ -19,14 +19,7 @@ int app_process_main(int argc, char *argv[]) {
char buf[PATH_MAX]; char buf[PATH_MAX];
bool zygote = false; bool zygote = false;
if (!selinux_enabled()) { if (auto fp = open_file("/proc/self/attr/current", "r")) {
for (int i = 0; i < argc; ++i) {
if (argv[i] == "--zygote"sv) {
zygote = true;
break;
}
}
} else if (auto fp = open_file("/proc/self/attr/current", "r")) {
fscanf(fp.get(), "%s", buf); fscanf(fp.get(), "%s", buf);
zygote = (buf == "u:r:zygote:s0"sv); zygote = (buf == "u:r:zygote:s0"sv);
} }