Closed josephcsible closed 7 years ago
You can set your device back to all enforced by
/data/magisk/selinux-inject --live "enforce *"
I am forced not to add an option in the app, details can be found in my release post
Could a setting be added for this but just not exposed in Magisk Manager (say creating the file /magisk/.core/magiskhide/nofakepermissive via shell)? Would you accept a PR that does that?
Just FYI @topjohnwu : the command should be: /data/magisk/sepolicy-inject --live "enforce *"
Not quite sure why but even with magisk hide enabled (reenable after boot) I get CTS profile mismatch. Will try with complete enforced environment.
IIRC, the reason to not add this option to the app was because Google would ban it from the Play Store if you did. Since they have now banned it from the Play Store anyway, can this option be reconsidered?
Now that Magisk Hide re-enables SELinux with a permissive policy when you disable it, it's a lot harder to put it back the way it was. A fair number of apps currently disable SELinux, do their thing, then re-enable it. These apps will now leave SELinux effectively disabled indefinitely on any system with Magisk Hide enabled. I don't see an obvious way to fix this, so I think as a workaround, there should be either a setting for Magisk Hide to disable this bit of functionality, or a button in Magisk that removes the permissive policy that it adds.