From 3f016f785f22e8e1cb5d308b3c752aab67a6de09 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Wed, 29 Mar 2017 02:23:10 +0800
Subject: [PATCH] Handle selinux for Samsung in binary

---
 jni/magiskhide/magiskhide.h         |  1 +
 jni/magiskhide/util.c               | 34 +++++++++++++++++++----------
 zip_static/common/magiskhide/enable |  7 ------
 3 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/jni/magiskhide/magiskhide.h b/jni/magiskhide/magiskhide.h
index af3773f5c..3ea477eea 100644
--- a/jni/magiskhide/magiskhide.h
+++ b/jni/magiskhide/magiskhide.h
@@ -22,6 +22,7 @@
 #define HIDELIST 		"/magisk/.core/magiskhide/hidelist"
 #define DUMMYPATH		"/dev/magisk/dummy"
 #define ENFORCE_FILE 	"/sys/fs/selinux/enforce"
+#define POLICY_FILE 	"/sys/fs/selinux/policy"
 #define SEPOLICY_INJECT "/data/magisk/magiskpolicy"
 
 // Main thread
diff --git a/jni/magiskhide/util.c b/jni/magiskhide/util.c
index dda372041..bbd88f7fc 100644
--- a/jni/magiskhide/util.c
+++ b/jni/magiskhide/util.c
@@ -60,25 +60,37 @@ void run_as_daemon() {
 
 void manage_selinux() {
 	char *argv[] = { SEPOLICY_INJECT, "--live", "permissive *", NULL };
-	char str[20];
+	char val[1];
 	int fd, ret;
-	fd = open(ENFORCE_FILE, O_RDONLY);
+	fd = open(ENFORCE_FILE, O_RDWR);
 	if (fd < 0)
 		return;
-	ret = read(fd, str, 20);
-	close(fd);
-	if (ret < 1)
+	if (read(fd, val, 1) < 1)
 		return;
+	lseek(fd, 0, SEEK_SET);
 	// Permissive
-	if (str[0] == '0') {
-		fprintf(logfile, "MagiskHide: Permissive detected, switching to pseudo enforced\n");
-		fd = open(ENFORCE_FILE, O_RDWR);
-		if (fd < 0)
+	if (val[0] == '0') {
+
+		fprintf(logfile, "MagiskHide: Permissive detected\n");
+
+		if (write(fd, "1", 1) < 1)
 			return;
-		ret = write(fd, "1", 1);
+		lseek(fd, 0, SEEK_SET);
+
+		if (read(fd, val, 1) < 1)
+			return;
+		lseek(fd, 0, SEEK_SET);
 		close(fd);
-		if (ret < 1)
+
+		if (val[0] == '0') {
+			fprintf(logfile, "MagiskHide: Unable to set to enforce, hide the state\n");
+			chmod(ENFORCE_FILE, 0640);
+			chmod(POLICY_FILE, 0440);
 			return;
+		}
+
+		fprintf(logfile, "MagiskHide: Calling magiskpolicy for pseudo enforce mode\n");
+
 		switch(fork()) {
 			case -1:
 				return;
diff --git a/zip_static/common/magiskhide/enable b/zip_static/common/magiskhide/enable
index 436e6c531..51937480e 100644
--- a/zip_static/common/magiskhide/enable
+++ b/zip_static/common/magiskhide/enable
@@ -27,10 +27,6 @@ if [ ! -d /sbin_orig ]; then
   mount -o bind /dev/sbin_bind /sbin
 fi
 
-# Sammy device like these permissions
-chmod 640 /sys/fs/selinux/enforce
-chmod 440 /sys/fs/selinux/policy
-
 log_print "Removing dangerous read-only system props"
 
 VERIFYBOOT=`getprop ro.boot.verifiedbootstate`
@@ -40,7 +36,6 @@ DEBUGGABLE=`getprop ro.debuggable`
 SECURE=`getprop ro.secure`
 BUILDTYPE=`getprop ro.build.type`
 BUILDTAGS=`getprop ro.build.tags`
-BUILDSELINUX=`getprop ro.build.selinux`
 
 [ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \
 log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
@@ -56,8 +51,6 @@ log_print "`$BINPATH/resetprop -v -n ro.secure 1`"
 log_print "`$BINPATH/resetprop -v -n ro.build.type user`"
 [ ! -z "$BUILDTAGS" -a "$BUILDTAGS" != "release-keys" ] && \
 log_print "`$BINPATH/resetprop -v -n ro.build.tags release-keys`"
-[ ! -z "$BUILDSELINUX" -a "$BUILDSELINUX" != "1" ] && \
-log_print "`$BINPATH/resetprop -v -n ro.build.selinux 1`"
 
 touch $MODDIR/hidelist
 chmod -R 755 $MODDIR