Some examples of Linux malware such as the Skidmap malware will disable SELinux by running commands such as:
echo 0 > /selinux/enforce
setenforce 0
setenforce Permissive
Alternatively, they may edit /etc/sysconfig/selinux, setting SELINUX=enforcing, SELINUX=disabled, SELINUXTYPE=targeted, or similar settingst that effectively disable or render SELinux ineffective.
https://www.tecmint.com/disable-selinux-in-centos-rhel-fedora/