Support SELinux disabled on debug builds

native/jni/base/include/selinux.hpp

@@ -36,6 +36,7 @@ extern int (*fsetfilecon)(int fd, const char *con);
 void getfilecon_at(int dirfd, const char *name, char **con);
 void setfilecon_at(int dirfd, const char *name, const char *con);
 
+bool selinux_enabled();
 void enable_selinux();
 void restorecon();
 void restore_tmpcon();

native/jni/base/selinux.cpp

@@ -4,6 +4,7 @@
 
 #include <base.hpp>
 #include <selinux.hpp>
+#include <flags.h>
 
 using namespace std;
 
@@ -101,7 +102,23 @@ void setfilecon_at(int dirfd, const char *name, const char *con) {
     lsetfilecon(path, con);
 }
 
+#if MAGISK_DEBUG
+static bool se_state = false;
+bool selinux_enabled() {
+    return se_state;
+}
+#else
+bool selinux_enabled() {
+    return true;
+}
+#endif
+
 void enable_selinux() {
+#if MAGISK_DEBUG
+    if (access(SELINUX_MNT, F_OK) != 0)
+        return;
+    se_state = true;
+#endif
     setcon = __setcon;
     getfilecon = __getfilecon;
     lgetfilecon = __lgetfilecon;

native/jni/core/daemon.cpp

@@ -257,7 +257,7 @@ static void handle_request(pollfd *pfd) {
         }
         break;
     case MainRequest::ZYGISK:
-        if (!is_zygote) {
+        if (!is_zygote && selinux_enabled()) {
             // Invalid client context
             write_int(client, MainResponse::ACCESS_DENIED);
             goto done;

native/jni/core/restorecon.cpp

@@ -66,6 +66,8 @@ static void restore_magiskcon(int dirfd) {
 }
 
 void restorecon() {
+    if (!selinux_enabled())
+        return;
     int fd = xopen(SELINUX_CONTEXT, O_WRONLY | O_CLOEXEC);
     if (write(fd, ADB_CON, sizeof(ADB_CON)) >= 0)
         lsetfilecon(SECURE_DIR, ADB_CON);
@@ -76,6 +78,8 @@ void restorecon() {
 }
 
 void restore_tmpcon() {
+    if (!selinux_enabled())
+        return;
     if (MAGISKTMP == "/sbin")
         setfilecon(MAGISKTMP.data(), ROOT_CON);
     else

native/jni/zygisk/main.cpp

@@ -6,6 +6,7 @@
 #include <base.hpp>
 #include <socket.hpp>
 #include <daemon.hpp>
+#include <selinux.hpp>
 
 #include "zygisk.hpp"
 
@@ -17,7 +18,14 @@ int app_process_main(int argc, char *argv[]) {
     char buf[PATH_MAX];
 
     bool zygote = false;
-    if (auto fp = open_file("/proc/self/attr/current", "r")) {
+    if (!selinux_enabled()) {
+        for (int i = 0; i < argc; ++i) {
+            if (argv[i] == "--zygote"sv) {
+                zygote = true;
+                break;
+            }
+        }
+    } else if (auto fp = open_file("/proc/self/attr/current", "r")) {
         fscanf(fp.get(), "%s", buf);
         zygote = (buf == "u:r:zygote:s0"sv);
     }

scripts/avd_magisk.sh

@@ -69,12 +69,14 @@ if [ -d /dev/avd-magisk ]; then
 fi
 
 # SELinux stuffs
-if [ -f /vendor/etc/selinux/precompiled_sepolicy ]; then
-  ./magiskpolicy --load /vendor/etc/selinux/precompiled_sepolicy --live --magisk 2>&1
-elif [ -f /sepolicy ]; then
-  ./magiskpolicy --load /sepolicy --live --magisk 2>&1
-else
-  ./magiskpolicy --live --magisk 2>&1
+if [ -d /sys/fs/selinux ]; then
+  if [ -f /vendor/etc/selinux/precompiled_sepolicy ]; then
+    ./magiskpolicy --load /vendor/etc/selinux/precompiled_sepolicy --live --magisk 2>&1
+  elif [ -f /sepolicy ]; then
+    ./magiskpolicy --load /sepolicy --live --magisk 2>&1
+  else
+    ./magiskpolicy --live --magisk 2>&1
+  fi
 fi
 
 MAGISKTMP=/sbin