kernel: don't apply rules for permissive/disabled selinux

2022-12-23 08:59:57 +07:00
parent fa59434753
commit 87d1158313
2 changed files with 12 additions and 0 deletions
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -1,4 +1,5 @@
 #include "sepolicy.h"
+#include "selinux.h"

 #define KERNEL_SU_DOMAIN "su"
 #define ALL NULL
@@ -8,6 +9,11 @@ void apply_kernelsu_rules() {
    struct selinux_policy *policy;
    struct policydb *db;

+    if (!getenforce()) {
+        pr_info("SELinux permissive or disabled, don't apply rules.")
+        return;
+    }
+
    rcu_read_lock();
    policy = rcu_dereference(selinux_state.policy);
    db = &policy->policydb;