From 33c9f74508da15e21bbc1b2d0fae1713bc9907fb Mon Sep 17 00:00:00 2001
From: osm0sis <osm0sis@outlook.com>
Date: Thu, 4 Jul 2019 17:02:36 -0300
Subject: [PATCH] magiskpolicy: rules: fix rootfs operations with SAR Magisk -
 while many newer devices cannot allow / (system partition) to be mounted rw
 due to compressed fs (e.g. erofs) or logical partitions, it should remain
 possible to alter rootfs files/directories on those that previously allowed
 it

---
 native/jni/magiskpolicy/rules.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/native/jni/magiskpolicy/rules.cpp b/native/jni/magiskpolicy/rules.cpp
index e53867e68..e4cbf2ccd 100644
--- a/native/jni/magiskpolicy/rules.cpp
+++ b/native/jni/magiskpolicy/rules.cpp
@@ -51,6 +51,9 @@ void sepol_magisk_rules() {
 	// Let everyone access tmpfs files (for SAR sbin overlay)
 	sepol_allow(ALL, "tmpfs", "file", ALL);
 
+	// For normal rootfs file/directory operations when rw (for SAR / overlay)
+	sepol_allow("rootfs", "labeledfs", "filesystem", "associate");
+
 	// Let init transit to SEPOL_PROC_DOMAIN
 	sepol_allow("kernel", "kernel", "process", "setcurrent");
 	sepol_allow("kernel", SEPOL_PROC_DOMAIN, "process", "dyntransition");