From 69181a6b724c5e2aae3d48297da821ad8a3528c4 Mon Sep 17 00:00:00 2001 From: LoveSy Date: Sat, 6 Jul 2024 22:39:31 +0800 Subject: [PATCH] Fix wrong sepolicy rule --- native/src/sepolicy/rules.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/native/src/sepolicy/rules.rs b/native/src/sepolicy/rules.rs index 9fe918dba..f34c315cb 100644 --- a/native/src/sepolicy/rules.rs +++ b/native/src/sepolicy/rules.rs @@ -52,7 +52,8 @@ impl SepolicyMagisk for sepolicy { set_log_level_state(LogLevel::Warn, false); rules! { use self; - allow(all, ["kernel"], ["security"], ["load_policy"]); + // Prevent anything to change sepolicy except ourselves + deny(all, ["kernel"], ["security"], ["load_policy"]); type_(proc, ["domain"]); typeattribute([proc], ["mlstrustedsubject", "netdomain", "appdomain"]); type_(file, ["file_type"]);