From caad129d6988d5768215a5404fa9a3c51b502cae Mon Sep 17 00:00:00 2001
From: LoveSy <shana@zju.edu.cn>
Date: Sat, 1 Feb 2025 21:02:48 +0800
Subject: [PATCH] Move MagiskInit::patch_sepolicy to rust

---
 native/src/init/lib.rs      |  4 +++-
 native/src/init/selinux.cpp | 23 -----------------------
 native/src/init/selinux.rs  | 29 +++++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 24 deletions(-)
 create mode 100644 native/src/init/selinux.rs

diff --git a/native/src/init/lib.rs b/native/src/init/lib.rs
index f898559c7..20927c7bd 100644
--- a/native/src/init/lib.rs
+++ b/native/src/init/lib.rs
@@ -14,6 +14,7 @@ mod rootdir;
 mod getinfo;
 mod init;
 mod twostage;
+mod selinux;
 
 #[cxx::bridge]
 pub mod ffi {
@@ -54,6 +55,8 @@ pub mod ffi {
 
     extern "Rust" {
         fn print(self: &BootConfig);
+
+        fn patch_sepolicy(self: &MagiskInit, in_: Utf8CStrRef, out: Utf8CStrRef);
     }
 
     unsafe extern "C++" {
@@ -82,7 +85,6 @@ pub mod ffi {
         fn patch_ro_root(self: &mut MagiskInit);
 
         // SELinux
-        unsafe fn patch_sepolicy(self: &MagiskInit, in_: *const c_char, out: *const c_char);
         fn hijack_sepolicy(self: &mut MagiskInit) -> bool;
         fn backup_init(self: &MagiskInit) -> *const c_char;
     }
diff --git a/native/src/init/selinux.cpp b/native/src/init/selinux.cpp
index 218a2d8d3..ddee912ca 100644
--- a/native/src/init/selinux.cpp
+++ b/native/src/init/selinux.cpp
@@ -7,29 +7,6 @@
 
 using namespace std;
 
-void MagiskInit::patch_sepolicy(const char *in, const char *out) const noexcept {
-    LOGD("Patching monolithic policy\n");
-    auto sepol = SePolicy::from_file(in);
-
-    sepol.magisk_rules();
-
-    // Custom rules
-    auto rule = "/data/" PREINITMIRR "/sepolicy.rule";
-    if (xaccess(rule, R_OK) == 0) {
-        LOGD("Loading custom sepolicy patch: [%s]\n", rule);
-        sepol.load_rule_file(rule);
-    }
-
-    LOGD("Dumping sepolicy to: [%s]\n", out);
-    sepol.to_file(out);
-
-    // Remove OnePlus stupid debug sepolicy and use our own
-    if (access("/sepolicy_debug", F_OK) == 0) {
-        unlink("/sepolicy_debug");
-        link("/sepolicy", "/sepolicy_debug");
-    }
-}
-
 #define MOCK_COMPAT    SELINUXMOCK "/compatible"
 #define MOCK_LOAD      SELINUXMOCK "/load"
 #define MOCK_ENFORCE   SELINUXMOCK "/enforce"
diff --git a/native/src/init/selinux.rs b/native/src/init/selinux.rs
new file mode 100644
index 000000000..c5e11d8b3
--- /dev/null
+++ b/native/src/init/selinux.rs
@@ -0,0 +1,29 @@
+use crate::ffi::MagiskInit;
+use base::{cstr, debug, ffi::Utf8CStrRef, FsPath};
+use magiskpolicy::ffi::SePolicy;
+
+impl MagiskInit {
+    pub(crate) fn patch_sepolicy(self: &MagiskInit, in_: Utf8CStrRef, out: Utf8CStrRef) {
+        debug!("Patching monolithic policy");
+        let mut sepol = SePolicy::from_file(in_);
+
+        sepol.magisk_rules();
+
+        // Custom rules
+        let rule = FsPath::from(cstr!("/data/.magisk/preinit/sepolicy.rule"));
+        if rule.exists() {
+            debug!("Loading custom sepolicy patch: [{}]", rule);
+            sepol.load_rule_file(rule);
+        }
+
+        debug!("Dumping sepolicy to: [{}]", out);
+        sepol.to_file(out);
+
+        // Remove OnePlus stupid debug sepolicy and use our own
+        let sepol_debug = FsPath::from(cstr!("/sepolicy_debug"));
+        if sepol_debug.exists() {
+            sepol_debug.remove().ok();
+            FsPath::from(cstr!("/sepolicy")).link_to(sepol_debug).ok();
+        }
+    }
+}