Move MagiskInit::patch_sepolicy to rust

2025-02-21 11:18:30 +00:00 · 2025-02-01 21:02:48 +08:00 · 2025-02-01 21:02:48 +08:00 · caad129d69
commit caad129d69
parent da58571ce5
3 changed files with 32 additions and 24 deletions
--- a/native/src/init/lib.rs
+++ b/native/src/init/lib.rs
@ -14,6 +14,7 @@ mod rootdir;
 mod getinfo;
 mod init;
 mod twostage;
+mod selinux;

 #[cxx::bridge]
 pub mod ffi {
@ -54,6 +55,8 @@ pub mod ffi {

    extern "Rust" {
        fn print(self: &BootConfig);
+
+        fn patch_sepolicy(self: &MagiskInit, in_: Utf8CStrRef, out: Utf8CStrRef);
    }

    unsafe extern "C++" {
@ -82,7 +85,6 @@ pub mod ffi {
        fn patch_ro_root(self: &mut MagiskInit);

        // SELinux
-        unsafe fn patch_sepolicy(self: &MagiskInit, in_: *const c_char, out: *const c_char);
        fn hijack_sepolicy(self: &mut MagiskInit) -> bool;
        fn backup_init(self: &MagiskInit) -> *const c_char;
    }
--- a/native/src/init/selinux.cpp
+++ b/native/src/init/selinux.cpp
@ -7,29 +7,6 @@

 using namespace std;

-void MagiskInit::patch_sepolicy(const char *in, const char *out) const noexcept {
-    LOGD("Patching monolithic policy\n");
-    auto sepol = SePolicy::from_file(in);
-
-    sepol.magisk_rules();
-
-    // Custom rules
-    auto rule = "/data/" PREINITMIRR "/sepolicy.rule";
-    if (xaccess(rule, R_OK) == 0) {
-        LOGD("Loading custom sepolicy patch: [%s]\n", rule);
-        sepol.load_rule_file(rule);
-    }
-
-    LOGD("Dumping sepolicy to: [%s]\n", out);
-    sepol.to_file(out);
-
-    // Remove OnePlus stupid debug sepolicy and use our own
-    if (access("/sepolicy_debug", F_OK) == 0) {
-        unlink("/sepolicy_debug");
-        link("/sepolicy", "/sepolicy_debug");
-    }
-}
-
 #define MOCK_COMPAT    SELINUXMOCK "/compatible"
 #define MOCK_LOAD      SELINUXMOCK "/load"
 #define MOCK_ENFORCE   SELINUXMOCK "/enforce"
--- a/native/src/init/selinux.rs
+++ b/native/src/init/selinux.rs
@ -0,0 +1,29 @@
+use crate::ffi::MagiskInit;
+use base::{cstr, debug, ffi::Utf8CStrRef, FsPath};
+use magiskpolicy::ffi::SePolicy;
+
+impl MagiskInit {
+    pub(crate) fn patch_sepolicy(self: &MagiskInit, in_: Utf8CStrRef, out: Utf8CStrRef) {
+        debug!("Patching monolithic policy");
+        let mut sepol = SePolicy::from_file(in_);
+
+        sepol.magisk_rules();
+
+        // Custom rules
+        let rule = FsPath::from(cstr!("/data/.magisk/preinit/sepolicy.rule"));
+        if rule.exists() {
+            debug!("Loading custom sepolicy patch: [{}]", rule);
+            sepol.load_rule_file(rule);
+        }
+
+        debug!("Dumping sepolicy to: [{}]", out);
+        sepol.to_file(out);
+
+        // Remove OnePlus stupid debug sepolicy and use our own
+        let sepol_debug = FsPath::from(cstr!("/sepolicy_debug"));
+        if sepol_debug.exists() {
+            sepol_debug.remove().ok();
+            FsPath::from(cstr!("/sepolicy")).link_to(sepol_debug).ok();
+        }
+    }
+}