From d4fe8632ecc038196afc42ed8d0cae28189248d8 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Tue, 31 May 2022 22:24:13 -0700
Subject: [PATCH] Support SELinux disabled on debug builds

---
 native/jni/base/include/selinux.hpp |  1 +
 native/jni/base/selinux.cpp         | 17 +++++++++++++++++
 native/jni/core/daemon.cpp          |  2 +-
 native/jni/core/restorecon.cpp      |  4 ++++
 native/jni/zygisk/main.cpp          | 10 +++++++++-
 scripts/avd_magisk.sh               | 14 ++++++++------
 6 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/native/jni/base/include/selinux.hpp b/native/jni/base/include/selinux.hpp
index 01fff1d6c..ea4cf0f40 100644
--- a/native/jni/base/include/selinux.hpp
+++ b/native/jni/base/include/selinux.hpp
@@ -36,6 +36,7 @@ extern int (*fsetfilecon)(int fd, const char *con);
 void getfilecon_at(int dirfd, const char *name, char **con);
 void setfilecon_at(int dirfd, const char *name, const char *con);
 
+bool selinux_enabled();
 void enable_selinux();
 void restorecon();
 void restore_tmpcon();
diff --git a/native/jni/base/selinux.cpp b/native/jni/base/selinux.cpp
index b42a6686a..dcf3cb033 100644
--- a/native/jni/base/selinux.cpp
+++ b/native/jni/base/selinux.cpp
@@ -4,6 +4,7 @@
 
 #include <base.hpp>
 #include <selinux.hpp>
+#include <flags.h>
 
 using namespace std;
 
@@ -101,7 +102,23 @@ void setfilecon_at(int dirfd, const char *name, const char *con) {
     lsetfilecon(path, con);
 }
 
+#if MAGISK_DEBUG
+static bool se_state = false;
+bool selinux_enabled() {
+    return se_state;
+}
+#else
+bool selinux_enabled() {
+    return true;
+}
+#endif
+
 void enable_selinux() {
+#if MAGISK_DEBUG
+    if (access(SELINUX_MNT, F_OK) != 0)
+        return;
+    se_state = true;
+#endif
     setcon = __setcon;
     getfilecon = __getfilecon;
     lgetfilecon = __lgetfilecon;
diff --git a/native/jni/core/daemon.cpp b/native/jni/core/daemon.cpp
index 070b44e40..1348baced 100644
--- a/native/jni/core/daemon.cpp
+++ b/native/jni/core/daemon.cpp
@@ -257,7 +257,7 @@ static void handle_request(pollfd *pfd) {
         }
         break;
     case MainRequest::ZYGISK:
-        if (!is_zygote) {
+        if (!is_zygote && selinux_enabled()) {
             // Invalid client context
             write_int(client, MainResponse::ACCESS_DENIED);
             goto done;
diff --git a/native/jni/core/restorecon.cpp b/native/jni/core/restorecon.cpp
index a6495d32c..72dd90c79 100644
--- a/native/jni/core/restorecon.cpp
+++ b/native/jni/core/restorecon.cpp
@@ -66,6 +66,8 @@ static void restore_magiskcon(int dirfd) {
 }
 
 void restorecon() {
+    if (!selinux_enabled())
+        return;
     int fd = xopen(SELINUX_CONTEXT, O_WRONLY | O_CLOEXEC);
     if (write(fd, ADB_CON, sizeof(ADB_CON)) >= 0)
         lsetfilecon(SECURE_DIR, ADB_CON);
@@ -76,6 +78,8 @@ void restorecon() {
 }
 
 void restore_tmpcon() {
+    if (!selinux_enabled())
+        return;
     if (MAGISKTMP == "/sbin")
         setfilecon(MAGISKTMP.data(), ROOT_CON);
     else
diff --git a/native/jni/zygisk/main.cpp b/native/jni/zygisk/main.cpp
index 6a846d9bb..b14d506d9 100644
--- a/native/jni/zygisk/main.cpp
+++ b/native/jni/zygisk/main.cpp
@@ -6,6 +6,7 @@
 #include <base.hpp>
 #include <socket.hpp>
 #include <daemon.hpp>
+#include <selinux.hpp>
 
 #include "zygisk.hpp"
 
@@ -17,7 +18,14 @@ int app_process_main(int argc, char *argv[]) {
     char buf[PATH_MAX];
 
     bool zygote = false;
-    if (auto fp = open_file("/proc/self/attr/current", "r")) {
+    if (!selinux_enabled()) {
+        for (int i = 0; i < argc; ++i) {
+            if (argv[i] == "--zygote"sv) {
+                zygote = true;
+                break;
+            }
+        }
+    } else if (auto fp = open_file("/proc/self/attr/current", "r")) {
         fscanf(fp.get(), "%s", buf);
         zygote = (buf == "u:r:zygote:s0"sv);
     }
diff --git a/scripts/avd_magisk.sh b/scripts/avd_magisk.sh
index 454b9dae7..5445e0135 100755
--- a/scripts/avd_magisk.sh
+++ b/scripts/avd_magisk.sh
@@ -69,12 +69,14 @@ if [ -d /dev/avd-magisk ]; then
 fi
 
 # SELinux stuffs
-if [ -f /vendor/etc/selinux/precompiled_sepolicy ]; then
-  ./magiskpolicy --load /vendor/etc/selinux/precompiled_sepolicy --live --magisk 2>&1
-elif [ -f /sepolicy ]; then
-  ./magiskpolicy --load /sepolicy --live --magisk 2>&1
-else
-  ./magiskpolicy --live --magisk 2>&1
+if [ -d /sys/fs/selinux ]; then
+  if [ -f /vendor/etc/selinux/precompiled_sepolicy ]; then
+    ./magiskpolicy --load /vendor/etc/selinux/precompiled_sepolicy --live --magisk 2>&1
+  elif [ -f /sepolicy ]; then
+    ./magiskpolicy --load /sepolicy --live --magisk 2>&1
+  else
+    ./magiskpolicy --live --magisk 2>&1
+  fi
 fi
 
 MAGISKTMP=/sbin