From b4099fc5f98c17504424ad4abfa8698fc9b663c2 Mon Sep 17 00:00:00 2001
From: canyie <a1364259@163.com>
Date: Wed, 6 Apr 2022 17:37:04 +0800
Subject: [PATCH] Support sepolicy.unlocked

Fix topjohnwu#4914
---
 native/jni/init/init.hpp    | 2 +-
 native/jni/init/rootdir.cpp | 9 ++++++---
 native/jni/init/selinux.cpp | 8 ++++----
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/native/jni/init/init.hpp b/native/jni/init/init.hpp
index f87cdaa29..dcb1dae3a 100644
--- a/native/jni/init/init.hpp
+++ b/native/jni/init/init.hpp
@@ -65,7 +65,7 @@ protected:
     bool avd_hack = false;
 #endif
 
-    void patch_sepolicy(const char *file);
+    void patch_sepolicy(const char *in, const char *out);
     bool hijack_sepolicy();
     void setup_tmp(const char *path);
     void patch_rw_root();
diff --git a/native/jni/init/rootdir.cpp b/native/jni/init/rootdir.cpp
index e592b61d2..e55e6437c 100644
--- a/native/jni/init/rootdir.cpp
+++ b/native/jni/init/rootdir.cpp
@@ -242,8 +242,11 @@ void SARBase::patch_ro_root() {
     // Extract magisk
     extract_files(false);
 
-    if ((access(SPLIT_PLAT_CIL, F_OK) != 0 && access("/sepolicy", F_OK) == 0) || !hijack_sepolicy()) {
-        patch_sepolicy(ROOTOVL "/sepolicy");
+    // Oculus Go will use a special sepolicy if unlocked
+    if (access("/sepolicy.unlocked", F_OK) == 0) {
+        patch_sepolicy("/sepolicy.unlocked", ROOTOVL "/sepolicy.unlocked");
+    } else if ((access(SPLIT_PLAT_CIL, F_OK) != 0 && access("/sepolicy", F_OK) == 0) || !hijack_sepolicy()) {
+        patch_sepolicy("/sepolicy", ROOTOVL "/sepolicy");
     }
 
     // Mount rootdir
@@ -297,7 +300,7 @@ void MagiskInit::patch_rw_root() {
     extract_files(true);
 
     if ((!treble && access("/sepolicy", F_OK) == 0) || !hijack_sepolicy()) {
-        patch_sepolicy("/sepolicy");
+        patch_sepolicy("/sepolicy", "/sepolicy");
     }
 
     chdir("/");
diff --git a/native/jni/init/selinux.cpp b/native/jni/init/selinux.cpp
index e5261c844..4bce35b42 100644
--- a/native/jni/init/selinux.cpp
+++ b/native/jni/init/selinux.cpp
@@ -8,9 +8,9 @@
 
 using namespace std;
 
-void MagiskInit::patch_sepolicy(const char *file) {
+void MagiskInit::patch_sepolicy(const char *in, const char *out) {
     LOGD("Patching monolithic policy\n");
-    auto sepol = unique_ptr<sepolicy>(sepolicy::from_file("/sepolicy"));
+    auto sepol = unique_ptr<sepolicy>(sepolicy::from_file(in));
 
     sepol->magisk_rules();
 
@@ -27,8 +27,8 @@ void MagiskInit::patch_sepolicy(const char *file) {
         }
     }
 
-    LOGD("Dumping sepolicy to: [%s]\n", file);
-    sepol->to_file(file);
+    LOGD("Dumping sepolicy to: [%s]\n", out);
+    sepol->to_file(out);
 
     // Remove OnePlus stupid debug sepolicy and use our own
     if (access("/sepolicy_debug", F_OK) == 0) {