From 8d68ebb0741c708b62a824482bf52a49f501fe70 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Mon, 29 Apr 2019 21:25:57 -0400
Subject: [PATCH] Revert ioctl rules

---
 native/jni/magiskpolicy/rules.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/native/jni/magiskpolicy/rules.cpp b/native/jni/magiskpolicy/rules.cpp
index 929c44b6d..4c747ef7c 100644
--- a/native/jni/magiskpolicy/rules.cpp
+++ b/native/jni/magiskpolicy/rules.cpp
@@ -15,6 +15,18 @@ static void allowSuClient(const char *target) {
 	// Allow binder service
 	sepol_allow(target, SEPOL_PROC_DOMAIN, "binder", "call");
 	sepol_allow(target, SEPOL_PROC_DOMAIN, "binder", "transfer");
+
+	// Allow termios ioctl
+	sepol_allow(target, "devpts", "chr_file", "ioctl");
+	sepol_allow(target, "untrusted_app_devpts", "chr_file", "ioctl");
+	sepol_allow(target, "untrusted_app_25_devpts", "chr_file", "ioctl");
+	sepol_allow(target, "untrusted_app_all_devpts", "chr_file", "ioctl");
+	if (policydb->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) {
+		sepol_allowxperm(target, "devpts", "chr_file", "0x5400-0x54FF");
+		sepol_allowxperm(target, "untrusted_app_devpts", "chr_file", "0x5400-0x54FF");
+		sepol_allowxperm(target, "untrusted_app_25_devpts", "chr_file", "0x5400-0x54FF");
+		sepol_allowxperm(target, "untrusted_app_all_devpts", "chr_file", "0x5400-0x54FF");
+	}
 }
 
 void sepol_magisk_rules() {