TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-04-26 07:30:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Allow all domains to access tmpfs files"

Browse Source 
This reverts commit da43ac89a07c7b13b4cf4ae1539c95363ecd1f9f.
This commit is contained in:
5ec1cff 2024-12-01 16:39:44 +08:00 committed by John Wu
parent 704541aef2
commit b6511a510d
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
native/src/sepolicy/rules.rs
View File

@ -101,8 +101,9 @@ impl SepolicyMagisk for sepolicy {
"system_app", "priv_app", "untrusted_app", "untrusted_app_all"], "system_app", "priv_app", "untrusted_app", "untrusted_app_all"],
[proc], ["unix_stream_socket"], ["connectto", "getopt"]); [proc], ["unix_stream_socket"], ["connectto", "getopt"]);
// For tmpfs overlay on 2SI. We allow all domains to access tmpfs files. // Let selected domains access tmpfs files
allow(["domain"], ["tmpfs"], ["file"], all); // For tmpfs overlay on 2SI, Zygisk on lower Android versions and AVD scripts
allow(["init", "zygote", "shell"], ["tmpfs"], ["file"], all);
// Allow magiskinit daemon to handle mock selinuxfs // Allow magiskinit daemon to handle mock selinuxfs
allow(["kernel"], ["tmpfs"], ["fifo_file"], ["write"]); allow(["kernel"], ["tmpfs"], ["fifo_file"], ["write"]);