diff --git a/kernel/allowlist.c b/kernel/allowlist.c
index ac7f5f0d..bd9f73cc 100644
--- a/kernel/allowlist.c
+++ b/kernel/allowlist.c
@@ -44,9 +44,10 @@ bool persistent_allow_list(void);
 struct file *permissive_filp_open(const char * path, int flags, umode_t mode) {
   struct file* fp;
   // fixme: u:r:kernel:s0 don't have permission to write /data/adb...
-  setenforce(false);
+  bool enforcing = getenforce();
+  if (enforcing) setenforce(false);
   fp = filp_open(path, flags, mode);
-  setenforce(true);
+  if (enforcing) setenforce(true);
   return fp;
 }
 
diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c
index fc020d84..d992b1f2 100644
--- a/kernel/selinux/selinux.c
+++ b/kernel/selinux/selinux.c
@@ -89,4 +89,12 @@ void setenforce(bool enforce) {
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 	selinux_state.enforcing = enforce;
 #endif
+}
+
+bool getenforce() {
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+	return selinux_state.enforcing;
+#else
+    return false;
+#endif
 }
\ No newline at end of file
diff --git a/kernel/selinux/selinux.h b/kernel/selinux/selinux.h
index c7027dab..42e4fd63 100644
--- a/kernel/selinux/selinux.h
+++ b/kernel/selinux/selinux.h
@@ -5,4 +5,6 @@ void setup_selinux();
 
 void setenforce(bool);
 
+bool getenforce();
+
 #endif
\ No newline at end of file