From 69daf3c3cdea8d1e2d24461f09d8d568fa9d7526 Mon Sep 17 00:00:00 2001
From: Nex <nex@nex.sx>
Date: Thu, 3 Feb 2022 11:34:02 +0100
Subject: [PATCH] Added module checking SELinux enforcement status

---
 mvt/android/modules/adb/__init__.py       |  8 +++--
 mvt/android/modules/adb/selinux_status.py | 40 +++++++++++++++++++++++
 2 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 mvt/android/modules/adb/selinux_status.py

diff --git a/mvt/android/modules/adb/__init__.py b/mvt/android/modules/adb/__init__.py
index e35b5e1..ab36c5d 100644
--- a/mvt/android/modules/adb/__init__.py
+++ b/mvt/android/modules/adb/__init__.py
@@ -17,11 +17,13 @@ from .logcat import Logcat
 from .packages import Packages
 from .processes import Processes
 from .root_binaries import RootBinaries
+from .selinux_status import SELinuxStatus
 from .settings import Settings
 from .sms import SMS
 from .whatsapp import Whatsapp
 
 ADB_MODULES = [ChromeHistory, SMS, Whatsapp, Processes, Getprop, Settings,
-               DumpsysBatteryHistory, DumpsysBatteryDaily, DumpsysReceivers,
-               DumpsysActivities, DumpsysAccessibility, DumpsysDBInfo,
-               DumpsysFull, Packages, RootBinaries, Logcat, Files]
+               SELinuxStatus, DumpsysBatteryHistory, DumpsysBatteryDaily,
+               DumpsysReceivers, DumpsysActivities, DumpsysAccessibility,
+               DumpsysDBInfo, DumpsysFull, Packages, Logcat, RootBinaries,
+               Files]
diff --git a/mvt/android/modules/adb/selinux_status.py b/mvt/android/modules/adb/selinux_status.py
new file mode 100644
index 0000000..d670925
--- /dev/null
+++ b/mvt/android/modules/adb/selinux_status.py
@@ -0,0 +1,40 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2022 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import logging
+import os
+
+import pkg_resources
+
+from .base import AndroidExtraction
+
+log = logging.getLogger(__name__)
+
+
+class SELinuxStatus(AndroidExtraction):
+    """This module checks if SELinux is being enforced."""
+
+    slug = "selinux_status"
+
+    def __init__(self, file_path=None, base_folder=None, output_folder=None,
+                 serial=None, fast_mode=False, log=None, results=[]):
+        super().__init__(file_path=file_path, base_folder=base_folder,
+                         output_folder=output_folder, fast_mode=fast_mode,
+                         log=log, results=results)
+
+        self.results = {} if not results else results
+
+    def run(self):
+        self._adb_connect()
+        output = self._adb_command("getenforce")
+        self._adb_disconnect()
+
+        status = output.lower().strip()
+        self.results["status"] = status
+
+        if status == "enforcing":
+            self.log.info("SELinux is being regularly enforced")
+        else:
+            self.log.warning("SELinux status is \"%s\"!", status)