Guard log FIFO with SELinux

2025-12-14 07:02:03 +00:00 · 2023-11-04 23:59:11 -07:00
parent 72b39594d3
commit ac5ceb18c8
7 changed files with 43 additions and 19 deletions
--- a/native/src/include/magisk.hpp
+++ b/native/src/include/magisk.hpp
@@ -38,6 +38,9 @@ constexpr const char *applet_names[] = { "su", "resetprop", nullptr };
 // Unconstrained file type that anyone can access
 #define SEPOL_FILE_TYPE     "magisk_file"
 #define MAGISK_FILE_CON     "u:object_r:" SEPOL_FILE_TYPE ":s0"
+// Log pipe that only root and zygote can open
+#define SEPOL_LOG_TYPE      "magisk_log_file"
+#define MAGISK_LOG_CON      "u:object_r:" SEPOL_LOG_TYPE ":s0"

 extern int SDK_INT;
 #define APP_DATA_DIR (SDK_INT >= 24 ? "/data/user_de" : "/data/user")