kernel: don't apply rules for permissive/disabled selinux

kernel/selinux/rules.c

@@ -1,4 +1,5 @@
 #include "sepolicy.h"
+#include "selinux.h"
 
 #define KERNEL_SU_DOMAIN "su"
 #define ALL NULL
@@ -8,6 +9,11 @@ void apply_kernelsu_rules() {
     struct selinux_policy *policy;
     struct policydb *db;
 
+    if (!getenforce()) {
+        pr_info("SELinux permissive or disabled, don't apply rules.")
+        return;
+    }
+
     rcu_read_lock();
     policy = rcu_dereference(selinux_state.policy);
     db = &policy->policydb;

kernel/selinux/selinux.c

@@ -71,6 +71,12 @@ void setenforce(bool enforce) {
 }
 
 bool getenforce() {
+#ifdef CONFIG_SECURITY_SELINUX_DISABLE
+    if (selinux_state.disabled) {
+        return false;
+    }
+#endif
+
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 	return selinux_state.enforcing;
 #else