mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-12-24 20:17:40 +00:00
Update spolicy rules
This commit is contained in:
parent
8bd0c44e83
commit
6c5b261804
@ -30,6 +30,7 @@ void sepolicy::magisk_rules() {
|
|||||||
if (db->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) {
|
if (db->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) {
|
||||||
allowxperm(SEPOL_PROC_DOMAIN, ALL, "blk_file", ALL);
|
allowxperm(SEPOL_PROC_DOMAIN, ALL, "blk_file", ALL);
|
||||||
allowxperm(SEPOL_PROC_DOMAIN, ALL, "fifo_file", ALL);
|
allowxperm(SEPOL_PROC_DOMAIN, ALL, "fifo_file", ALL);
|
||||||
|
allowxperm(SEPOL_PROC_DOMAIN, ALL, "chr_file", ALL);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create unconstrained file type
|
// Create unconstrained file type
|
||||||
@ -61,6 +62,7 @@ void sepolicy::magisk_rules() {
|
|||||||
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "read");
|
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "read");
|
||||||
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "write");
|
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "write");
|
||||||
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "ioctl");
|
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "ioctl");
|
||||||
|
allowxperm(SEPOL_CLIENT_DOMAIN, type, "chr_file", "0x5404");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Allow these processes to access MagiskSU
|
// Allow these processes to access MagiskSU
|
||||||
@ -174,13 +176,16 @@ void sepolicy::magisk_rules() {
|
|||||||
// For changing file context
|
// For changing file context
|
||||||
allow("rootfs", "tmpfs", "filesystem", "associate");
|
allow("rootfs", "tmpfs", "filesystem", "associate");
|
||||||
|
|
||||||
// Allow Zygisk to prctl PR_SET_MM
|
// Zygisk rules
|
||||||
allow("zygote", "zygote", "capability", "sys_resource");
|
allow("zygote", "zygote", "capability", "sys_resource"); // prctl PR_SET_MM
|
||||||
|
|
||||||
// Allow hook
|
|
||||||
allow("zygote", "zygote", "process", "execmem");
|
allow("zygote", "zygote", "process", "execmem");
|
||||||
|
allow("zygote", "fs_type", "filesystem", "unmount");
|
||||||
allow("system_server", "system_server", "process", "execmem");
|
allow("system_server", "system_server", "process", "execmem");
|
||||||
|
|
||||||
|
// Shut llkd up
|
||||||
|
dontaudit("llkd", SEPOL_PROC_DOMAIN, "process", "ptrace");
|
||||||
|
dontaudit("llkd", SEPOL_CLIENT_DOMAIN, "process", "ptrace");
|
||||||
|
|
||||||
// Allow update_engine/addon.d-v2 to run permissive on all ROMs
|
// Allow update_engine/addon.d-v2 to run permissive on all ROMs
|
||||||
permissive("update_engine");
|
permissive("update_engine");
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user