android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: don't setenforce if kernel is already permissive

Browse Source
This commit is contained in:
weishu
2022-12-12 22:18:59 +07:00
parent a30507dfcc
commit 280660125f
3 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kernel/allowlist.c
View File

@@ -44,9 +44,10 @@ bool persistent_allow_list(void);
struct file *permissive_filp_open(const char * path, int flags, umode_t mode) { struct file *permissive_filp_open(const char * path, int flags, umode_t mode) {
struct file* fp; struct file* fp;
// fixme: u:r:kernel:s0 don't have permission to write /data/adb... // fixme: u:r:kernel:s0 don't have permission to write /data/adb...
setenforce(false); bool enforcing = getenforce();
if (enforcing) setenforce(false);
fp = filp_open(path, flags, mode); fp = filp_open(path, flags, mode);
setenforce(true); if (enforcing) setenforce(true);
return fp; return fp;
} }

8
kernel/selinux/selinux.c
View File

@@ -90,3 +90,11 @@ void setenforce(bool enforce) {
selinux_state.enforcing = enforce; selinux_state.enforcing = enforce;
#endif #endif
} }
bool getenforce() {
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
return selinux_state.enforcing;
#else
return false;
#endif
}

2
kernel/selinux/selinux.h
View File

@@ -5,4 +5,6 @@ void setup_selinux();
void setenforce(bool); void setenforce(bool);
bool getenforce();
#endif #endif