TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-03-11 19:50:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support system-as-root devices with monolithic sepolicy

Browse Source
This commit is contained in:
topjohnwu 2019-03-18 04:54:15 -04:00
parent 957feca626
commit 945f88105f
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
native/jni/core/init.cpp
View File

@ -354,6 +354,10 @@ void MagiskInit::early_mount() {
if (is_lnk("/system_root/init")) if (is_lnk("/system_root/init"))
load_sepol = true; load_sepol = true;
// System-as-root with monolithic sepolicy
if (access("/system_root/sepolicy", F_OK) == 0)
cp_afc("/system_root/sepolicy", "/sepolicy");
// Copy if these partitions are symlinks // Copy if these partitions are symlinks
link_root("/vendor"); link_root("/vendor");
link_root("/product"); link_root("/product");
@ -380,6 +384,9 @@ void MagiskInit::setup_rootfs() {
excl_list = nullptr; excl_list = nullptr;
} }
// Override /sepolicy if exist
rename("/magisk_sepolicy", "/sepolicy");
if (patch_init) { if (patch_init) {
constexpr char SYSTEM_INIT[] = "/system/bin/init"; constexpr char SYSTEM_INIT[] = "/system/bin/init";
// If init is symlink, copy it to rootfs so we can patch // If init is symlink, copy it to rootfs so we can patch
@ -452,7 +459,7 @@ bool MagiskInit::patch_sepolicy() {
sepol_magisk_rules(); sepol_magisk_rules();
sepol_allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL); sepol_allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL);
dump_policydb("/sepolicy"); dump_policydb("/magisk_sepolicy");
// Load policy to kernel so we can label rootfs // Load policy to kernel so we can label rootfs
if (load_sepol) if (load_sepol)
@ -461,7 +468,7 @@ bool MagiskInit::patch_sepolicy() {
// Remove OnePlus stupid debug sepolicy and use our own // Remove OnePlus stupid debug sepolicy and use our own
if (access("/sepolicy_debug", F_OK) == 0) { if (access("/sepolicy_debug", F_OK) == 0) {
unlink("/sepolicy_debug"); unlink("/sepolicy_debug");
link("/sepolicy", "/sepolicy_debug"); link("/magisk_sepolicy", "/sepolicy_debug");
} }
// Enable selinux functions // Enable selinux functions