diff --git a/edxp-common/src/main/java/com/elderdrivers/riru/edxp/proxy/NormalProxy.java b/edxp-common/src/main/java/com/elderdrivers/riru/edxp/proxy/NormalProxy.java index f8510561..54b0d052 100644 --- a/edxp-common/src/main/java/com/elderdrivers/riru/edxp/proxy/NormalProxy.java +++ b/edxp-common/src/main/java/com/elderdrivers/riru/edxp/proxy/NormalProxy.java @@ -3,6 +3,8 @@ package com.elderdrivers.riru.edxp.proxy; import com.elderdrivers.riru.edxp.config.ConfigManager; import com.elderdrivers.riru.edxp.deopt.PrebuiltMethodsDeopter; +import de.robv.android.xposed.SELinuxHelper; + import static com.elderdrivers.riru.edxp.util.FileUtils.getDataPathPrefix; public class NormalProxy extends BaseProxy { @@ -18,6 +20,7 @@ public class NormalProxy extends BaseProxy { String appDataDir) { // mainly for secondary zygote mRouter.onForkStart(); + SELinuxHelper.initOnce(); mRouter.initResourcesHook(); // call this to ensure the flag is set to false ASAP mRouter.prepare(false); @@ -36,6 +39,7 @@ public class NormalProxy extends BaseProxy { public void forkSystemServerPre(int uid, int gid, int[] gids, int debugFlags, int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) { mRouter.onForkStart(); + SELinuxHelper.initOnce(); mRouter.initResourcesHook(); // set startsSystemServer flag used when loadModules mRouter.prepare(true); diff --git a/xposed-bridge/src/main/java/de/robv/android/xposed/SELinuxHelper.java b/xposed-bridge/src/main/java/de/robv/android/xposed/SELinuxHelper.java index 4be8b5f1..0d23657f 100644 --- a/xposed-bridge/src/main/java/de/robv/android/xposed/SELinuxHelper.java +++ b/xposed-bridge/src/main/java/de/robv/android/xposed/SELinuxHelper.java @@ -1,6 +1,11 @@ package de.robv.android.xposed; import android.os.SELinux; +import android.util.Log; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; import de.robv.android.xposed.services.BaseService; import de.robv.android.xposed.services.BinderService; @@ -28,7 +33,36 @@ public final class SELinuxHelper { * @return A boolean indicating whether SELinux is enforcing. */ public static boolean isSELinuxEnforced() { - return sIsSELinuxEnabled && SELinux.isSELinuxEnforced(); + if (!sIsSELinuxEnabled) { + return false; + } + boolean result = false; + final File SELINUX_STATUS_FILE = new File("/sys/fs/selinux/enforce"); + if (SELINUX_STATUS_FILE.exists()) { + try { + FileInputStream fis = new FileInputStream(SELINUX_STATUS_FILE); + int status = fis.read(); + switch (status) { + case 49: + result = true; + break; + case 48: + result = false; + break; + default: + XposedBridge.log("Unexpected byte " + status + " in /sys/fs/selinux/enforce"); + } + fis.close(); + } catch (IOException e) { + if (e.getMessage().contains("Permission denied")) { + result = true; + } else { + XposedBridge.log("Failed to read SELinux status: " + e.getMessage()); + result = false; + } + } + } + return result; } /** @@ -56,14 +90,15 @@ public final class SELinuxHelper { // ---------------------------------------------------------------------------- + // TODO: SELinux status private static boolean sIsSELinuxEnabled = false; private static BaseService sServiceAppDataFile = new DirectAccessService(); // ed: initialized directly - /*package*/ static void initOnce() { + /*package*/ public static void initOnce() { // ed: we assume all selinux policies have been added lively using magiskpolicy -// try { -// sIsSELinuxEnabled = SELinux.isSELinuxEnabled(); -// } catch (NoClassDefFoundError ignored) {} + try { + sIsSELinuxEnabled = SELinux.isSELinuxEnabled(); + } catch (NoClassDefFoundError ignored) {} } /*package*/ static void initForProcess(String packageName) {