From 97ddb596d32fda11dcdac22be4cfbdd2fc0a8ecb Mon Sep 17 00:00:00 2001
From: LoveSy <shana@zju.edu.cn>
Date: Tue, 2 Feb 2021 13:00:31 +0800
Subject: [PATCH] Detect permissive selinux (#45)

---
 core/src/main/cpp/main/src/config_manager.cpp | 24 ++++++++++++-------
 core/src/main/cpp/main/src/config_manager.h   | 15 +++++++++++-
 .../main/cpp/main/src/jni/config_manager.cpp  |  5 ++++
 .../lspd/hooker/XposedInstallerHooker.java    |  6 +++++
 .../lspd/nativebridge/ConfigManager.java      |  2 ++
 5 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/core/src/main/cpp/main/src/config_manager.cpp b/core/src/main/cpp/main/src/config_manager.cpp
index 1c4805ef..7a6d8b3b 100644
--- a/core/src/main/cpp/main/src/config_manager.cpp
+++ b/core/src/main/cpp/main/src/config_manager.cpp
@@ -128,12 +128,13 @@ namespace lspd {
             resources_hook_enabled_(path_exists(GetConfigPath("enable_resources"))),
             modules_list_(GetModuleList()),
             last_write_time_(GetLastWriteTime()),
-            variant_(GetVariant(GetMiscPath() / "variant")) {
-        // use_white_list snapshot
+            variant_(ReadInt(GetVariantPath())),
+            selinux_permissive_(ReadInt(GetSelinuxStatusPath()) != 1) {
         LOGI("base config path: %s", base_config_path_.c_str());
         LOGI("  using installer package name: %s", installer_pkg_name_.c_str());
         LOGI("  no module log: %s", BoolToString(no_module_log_enabled_));
         LOGI("  resources hook: %s", BoolToString(resources_hook_enabled_));
+        LOGI("  selinux permissive: %s", BoolToString(selinux_permissive_));
         LOGI("  module list: \n %s", ([this]() {
             std::ostringstream join;
             std::vector<std::string> module_list;
@@ -146,14 +147,17 @@ namespace lspd {
         })().c_str());
     }
 
-    int ConfigManager::GetVariant(const fs::path &dir) {
+    int ConfigManager::ReadInt(const fs::path &dir) {
+        if (!path_exists(dir)) {
+            return 0;
+        }
         std::ifstream ifs(dir);
         if (!ifs.good()) {
             return 0;
         }
-        int variant;
-        ifs >> variant;
-        return variant;
+        int result;
+        ifs >> result;
+        return result;
     }
 
     auto ConfigManager::GetModuleList() -> std::remove_const_t<decltype(modules_list_)> {
@@ -271,13 +275,15 @@ namespace lspd {
                 if (!path_exists<true>(log_path)) {
                     fs::create_directories(log_path);
                 }
-                recursive_permissions(conf_path, fs::perms::owner_all | fs::perms::group_all | fs::perms::set_gid);
-                recursive_permissions(log_path, fs::perms::owner_all | fs::perms::group_all | fs::perms::set_gid);
+                recursive_permissions(conf_path, fs::perms::owner_all | fs::perms::group_all |
+                                                 fs::perms::set_gid);
+                recursive_permissions(log_path, fs::perms::owner_all | fs::perms::group_all |
+                                                fs::perms::set_gid);
                 if (pkg_name == "android") uid = -1;
                 path_chown(conf_path, uid, 1000u, true);
                 path_chown(log_path, uid, 1000u, true);
                 if (current_user_ == 0) {
-                    auto variant = GetMiscPath() / "variant";
+                    auto variant = GetVariantPath();
                     fs::permissions(variant, fs::perms::owner_all | fs::perms::group_all);
                     path_chown(variant, uid, 1000u);
                 }
diff --git a/core/src/main/cpp/main/src/config_manager.h b/core/src/main/cpp/main/src/config_manager.h
index bfc0ab52..25d37ff6 100644
--- a/core/src/main/cpp/main/src/config_manager.h
+++ b/core/src/main/cpp/main/src/config_manager.h
@@ -77,6 +77,14 @@ namespace lspd {
             return base_config_path_ / "prefs" / pkg_name;
         }
 
+        inline static auto GetVariantPath() {
+            return misc_path_ / "variant";
+        }
+
+        inline static std::filesystem::path GetSelinuxStatusPath() {
+            return "/sys/fs/selinux/enforce";
+        }
+
         std::vector<std::string> GetAppModuleList(const std::string &pkg_name) const;
 
         bool NeedUpdateConfig() const {
@@ -91,6 +99,10 @@ namespace lspd {
             return pkg_name == installer_pkg_name_ || pkg_name == kPrimaryInstallerPkgName;
         }
 
+        bool IsPermissive() const {
+            return selinux_permissive_;
+        }
+
 
     private:
         inline static std::unordered_map<uid_t, std::unique_ptr<ConfigManager>> instances_{};
@@ -106,6 +118,7 @@ namespace lspd {
         const std::filesystem::path installer_pkg_name_;
         const bool no_module_log_enabled_ = false;
         const bool resources_hook_enabled_ = false;
+        const bool selinux_permissive_ = false;
 
         const std::unordered_map<std::string, std::pair<std::string, std::unordered_set<std::string>>> modules_list_;
 
@@ -131,7 +144,7 @@ namespace lspd {
 
         std::filesystem::path RetrieveBaseConfigPath() const;
 
-        static int GetVariant(const std::filesystem::path &dir);
+        static int ReadInt(const std::filesystem::path &dir);
     };
 
 } // namespace lspd
diff --git a/core/src/main/cpp/main/src/jni/config_manager.cpp b/core/src/main/cpp/main/src/jni/config_manager.cpp
index 7dc0eb8b..fef3684c 100644
--- a/core/src/main/cpp/main/src/jni/config_manager.cpp
+++ b/core/src/main/cpp/main/src/jni/config_manager.cpp
@@ -64,6 +64,10 @@ namespace lspd {
         return env->NewStringUTF(list.c_str());
     }
 
+    LSP_DEF_NATIVE_METHOD(jboolean, ConfigManager, isPermissive) {
+        return ConfigManager::GetInstance()->IsPermissive();
+    }
+
     static JNINativeMethod gMethods[] = {
             LSP_NATIVE_METHOD(ConfigManager, isResourcesHookEnabled, "()Z"),
             LSP_NATIVE_METHOD(ConfigManager, isNoModuleLogEnabled, "()Z"),
@@ -75,6 +79,7 @@ namespace lspd {
                               "(Ljava/lang/String;)Ljava/lang/String;"),
             LSP_NATIVE_METHOD(ConfigManager, getBaseConfigPath, "()Ljava/lang/String;"),
             LSP_NATIVE_METHOD(ConfigManager, getModulesList, "()Ljava/lang/String;"),
+            LSP_NATIVE_METHOD(ConfigManager, isPermissive, "()Z"),
     };
 
     void RegisterConfigManagerMethods(JNIEnv *env) {
diff --git a/core/src/main/java/io/github/lsposed/lspd/hooker/XposedInstallerHooker.java b/core/src/main/java/io/github/lsposed/lspd/hooker/XposedInstallerHooker.java
index d03f44b8..4ef852fe 100644
--- a/core/src/main/java/io/github/lsposed/lspd/hooker/XposedInstallerHooker.java
+++ b/core/src/main/java/io/github/lsposed/lspd/hooker/XposedInstallerHooker.java
@@ -68,6 +68,12 @@ public class XposedInstallerHooker {
                     return ConfigManager.getBaseConfigPath() + "/";
                 }
             });
+            XposedHelpers.findAndHookMethod(ConstantsClass, "isPermissive", new XC_MethodReplacement() {
+                @Override
+                protected Object replaceHookedMethod(MethodHookParam param) {
+                    return ConfigManager.isPermissive();
+                }
+            });
             Utils.logI("Hooked LSPosed Manager");
         } catch (Throwable t) {
             Utils.logW("Could not hook LSPosed Manager", t);
diff --git a/core/src/main/java/io/github/lsposed/lspd/nativebridge/ConfigManager.java b/core/src/main/java/io/github/lsposed/lspd/nativebridge/ConfigManager.java
index 3d2d405d..2d0dcfa3 100644
--- a/core/src/main/java/io/github/lsposed/lspd/nativebridge/ConfigManager.java
+++ b/core/src/main/java/io/github/lsposed/lspd/nativebridge/ConfigManager.java
@@ -21,4 +21,6 @@ public class ConfigManager {
     public static native String getDataPathPrefix();
 
     public static native String getModulesList();
+
+    public static native boolean isPermissive();
 }