-
Notifications
You must be signed in to change notification settings - Fork 11.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why is ro.build.selinux set to 0 while still enforcing? #1477
Comments
I believe the proper value is |
Thanks for replying. On my non-rooted S8, the value is 1, which means that the system has been built with SELinux support.
I was expecting
Do you have any documentation on this? As I stated, my non-rooted phone has 1 for this flag, so it would be weird if Magisk hide changes this to 0. Do you think changing this behaviour would break some functionality? Maybe Magisk should store the original value during installation time? Or maybe Magisk just shouldn't change it? |
It seems Rootbeer is falsely detecting ro.build.selinux=0 as enforcing. Its SELinux check also fails on non-rooted devices, too. |
So doesn't it make more sense if Magisk Hide forces it to 1, as that is the most secure state and it would be in line with getenforce? |
Multiple sources state that the proprty
ro.build.selinux
is a "dangerous property" that can be used to detect rooted devices:On my test device (Nexus 6, Android 7.1.2, Magisk v19.1), this property is set to 0, although getenforce returns "Enforcing"
My take on this is that ro.build.selinux should always be 1 (and definitely with Magisk Hide enabled). My questions:
Any push in the right direction is appreciated :).
The text was updated successfully, but these errors were encountered: