About Closing SELinux
YeJZ opened this issue · 3 comments
Hi, here is my reprodued exploit on Pixel 6:
I noticed that we need to manually execute setenforce 0 after using magisk to escalate to ROOT.
But in mymod.c, I see that the KO file already has the code to set SELINUX to Permissive mode.
Why do we need to manually set setenforce to 0 when selinux is already set to permissive in the KO file?
Because you are in a permissive domain.
Permissive domain means permissive mode only when you are in that domain. The kernel module put vendor_modprobe onto a permissive domain.
You need setenforce 0
if you want all domains on the system to be permissive. But I don' think you need that because u:r:magisk:s0
is also a permissive domain. When you run su
command, all operations is executed on the permissive domain.
OK.I see a lot of chcon conmand in the script named Start-Root,so it is the reason that u:r:magisk:S0 is a permissive domain, Right? And we can execute chcon command only if we are already in a permissive domain, that's why we need to set vendor_modprobe onto permissive domain first.
OK.I see a lot of chcon conmand in the script named Start-Root,so it is the reason that u:r:magisk:S0 is a permissive domain, Right?
Yes.
And we can execute chcon command only if we are already in a permissive domain, that's why we need to set vendor_modprobe onto permissive domain first.
Yes.