From 8ee9984e4e0a0ce1917d4b131205c79a15f85876 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Mon, 27 Nov 2017 18:32:44 +0800
Subject: [PATCH] Add rules for magiskinit daemon

---
 rules.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/rules.c b/rules.c
index 3773d2a3c..8683e6904 100644
--- a/rules.c
+++ b/rules.c
@@ -163,11 +163,12 @@ void sepol_min_rules() {
 	sepol_attradd("su", "mlstrustedsubject");
 	sepol_attradd("su_device", "mlstrustedobject");
 
-	// Let pre-init do stuffs
-	sepol_allow("kernel", "kernel", "security", "load_policy");
-	sepol_allow("kernel", "kernel", "capability", "dac_override");
+	// Let magiskinit daemon monitor and transit to su
 	sepol_allow("kernel", "device", "dir", ALL);
 	sepol_allow("kernel", "device", "file", ALL);
+	sepol_allow("kernel", "su", "unix_stream_socket", "connectto");
+	sepol_allow("kernel", "kernel", "process", "setcurrent");
+	sepol_allow("kernel", "su", "process", "dyntransition");
 
 	// Let init run stuffs in su context
 	sepol_allow("kernel", "su", "fd", "use");