TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-01-12 11:03:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update rules

Browse Source
This commit is contained in:
topjohnwu 2018-05-13 14:30:19 +08:00
parent c694776162
commit c69dc0f036
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
rules.c
View File

@ -16,6 +16,17 @@ void allowSuClient(char *target) {
sepol_allow(target, SEPOL_FILE_DOMAIN, "sock_file", "write"); sepol_allow(target, SEPOL_FILE_DOMAIN, "sock_file", "write");
sepol_allow(target, SEPOL_FILE_DOMAIN, "file", ALL); sepol_allow(target, SEPOL_FILE_DOMAIN, "file", ALL);
sepol_allow(target, SEPOL_FILE_DOMAIN, "dir", ALL); sepol_allow(target, SEPOL_FILE_DOMAIN, "dir", ALL);
// Fix several terminal apps running root shell
if (policydb->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) {
sepol_allowxperm(target, "devpts", "chr_file", "0x5400-0x54FF");
if (sepol_exists("untrusted_app_devpts"))
sepol_allowxperm(target, "untrusted_app_devpts", "chr_file", "0x5400-0x54FF");
if (sepol_exists("untrusted_app_25_devpts"))
sepol_allowxperm(target, "untrusted_app_25_devpts", "chr_file", "0x5400-0x54FF");
if (sepol_exists("untrusted_app_all_devpts"))
sepol_allowxperm(target, "untrusted_app_all_devpts", "chr_file", "0x5400-0x54FF");
}
} }
void suRights() { void suRights() {
@ -110,10 +121,10 @@ void sepol_magisk_rules() {
// Allow these client to access su // Allow these client to access su
allowSuClient("init"); allowSuClient("init");
allowSuClient("shell"); allowSuClient("shell");
allowSuClient("untrusted_app");
allowSuClient("system_app"); allowSuClient("system_app");
allowSuClient("platform_app");
allowSuClient("priv_app"); allowSuClient("priv_app");
allowSuClient("platform_app");
allowSuClient("untrusted_app");
allowSuClient("untrusted_app_25"); allowSuClient("untrusted_app_25");
allowSuClient("untrusted_app_27"); allowSuClient("untrusted_app_27");
@ -146,13 +157,4 @@ void sepol_magisk_rules() {
// Xposed // Xposed
sepol_allow("untrusted_app", "untrusted_app", "capability", "setgid"); sepol_allow("untrusted_app", "untrusted_app", "capability", "setgid");
sepol_allow("system_server", "dex2oat_exec", "file", ALL); sepol_allow("system_server", "dex2oat_exec", "file", ALL);
// xperms
if (policydb->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) {
sepol_allowxperm("domain", "devpts", "chr_file", "0x5400-0x54FF");
if (sepol_exists("untrusted_app_25_devpts"))
sepol_allowxperm("domain", "untrusted_app_25_devpts", "chr_file", "0x5400-0x54FF");
if (sepol_exists("untrusted_app_devpts"))
sepol_allowxperm("domain", "untrusted_app_devpts", "chr_file", "0x5400-0x54FF");
}
} }