selinux: skip spoofing if !normal boot

Signed-off-by: Juhyung Park <[email protected]> Change-Id: I64d23d5eb64214591769d1c146d9eacb85ae5f75 (cherry picked from commit 92c7b70f409ea03635259dfdc9ba641d11f0d937) Signed-off-by: TogoFire <[email protected]>
dev-sm8350 · Jan 31, 2025 · 4ebe26c · 4ebe26c
1 parent 2a340a8
commit 4ebe26c
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
@@ -31,6 +31,8 @@
 #include <linux/kobject.h>
 #include <linux/ctype.h>
 
+#include <linux/oem/boot_mode.h>
+
 /* selinuxfs pseudo filesystem for exporting the security policy API.
    Based on the proc code and the fs/nfsd/nfsctl.c code. */
 
@@ -196,6 +198,12 @@ static struct file_operations sel_enforce_ops;
 static ssize_t sel_read_enforce_spoof(struct file *filp, char __user *buf,
 				size_t count, loff_t *ppos)
 {
+	if (get_boot_mode() != MSM_BOOT_MODE_NORMAL) {
+		// Disable spoof
+		sel_enforce_ops.read = sel_read_enforce;
+		sel_enforce_ops.write = sel_write_enforce;
+		return sel_read_enforce(filp, buf, count, ppos);
+	}
 	return simple_read_from_buffer(buf, count, ppos, "1", 1);
 }
 
@@ -207,6 +215,13 @@ static ssize_t sel_write_enforce_spoof(struct file *file, const char __user *buf
 	ssize_t length;
 	int new_value;
 
+	if (get_boot_mode() != MSM_BOOT_MODE_NORMAL) {
+		// Disable spoof
+		sel_enforce_ops.read = sel_read_enforce;
+		sel_enforce_ops.write = sel_write_enforce;
+		return sel_write_enforce(file, buf, count, ppos);
+	}
+
 	if (count >= PAGE_SIZE)
 		return -ENOMEM;