mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-12-24 20:47:38 +00:00
Update spolicy rules
This commit is contained in:
parent
8bd0c44e83
commit
6c5b261804
@ -30,6 +30,7 @@ void sepolicy::magisk_rules() {
|
||||
if (db->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) {
|
||||
allowxperm(SEPOL_PROC_DOMAIN, ALL, "blk_file", ALL);
|
||||
allowxperm(SEPOL_PROC_DOMAIN, ALL, "fifo_file", ALL);
|
||||
allowxperm(SEPOL_PROC_DOMAIN, ALL, "chr_file", ALL);
|
||||
}
|
||||
|
||||
// Create unconstrained file type
|
||||
@ -61,6 +62,7 @@ void sepolicy::magisk_rules() {
|
||||
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "read");
|
||||
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "write");
|
||||
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "ioctl");
|
||||
allowxperm(SEPOL_CLIENT_DOMAIN, type, "chr_file", "0x5404");
|
||||
}
|
||||
|
||||
// Allow these processes to access MagiskSU
|
||||
@ -174,13 +176,16 @@ void sepolicy::magisk_rules() {
|
||||
// For changing file context
|
||||
allow("rootfs", "tmpfs", "filesystem", "associate");
|
||||
|
||||
// Allow Zygisk to prctl PR_SET_MM
|
||||
allow("zygote", "zygote", "capability", "sys_resource");
|
||||
|
||||
// Allow hook
|
||||
// Zygisk rules
|
||||
allow("zygote", "zygote", "capability", "sys_resource"); // prctl PR_SET_MM
|
||||
allow("zygote", "zygote", "process", "execmem");
|
||||
allow("zygote", "fs_type", "filesystem", "unmount");
|
||||
allow("system_server", "system_server", "process", "execmem");
|
||||
|
||||
// Shut llkd up
|
||||
dontaudit("llkd", SEPOL_PROC_DOMAIN, "process", "ptrace");
|
||||
dontaudit("llkd", SEPOL_CLIENT_DOMAIN, "process", "ptrace");
|
||||
|
||||
// Allow update_engine/addon.d-v2 to run permissive on all ROMs
|
||||
permissive("update_engine");
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user