From da43ac89a07c7b13b4cf4ae1539c95363ecd1f9f Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Sat, 30 Nov 2024 23:21:33 -0800 Subject: [PATCH] Allow all domains to access tmpfs files Fix #8457 --- native/src/sepolicy/rules.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/native/src/sepolicy/rules.rs b/native/src/sepolicy/rules.rs index f34c315cb..c8194fc7a 100644 --- a/native/src/sepolicy/rules.rs +++ b/native/src/sepolicy/rules.rs @@ -101,9 +101,8 @@ impl SepolicyMagisk for sepolicy { "system_app", "priv_app", "untrusted_app", "untrusted_app_all"], [proc], ["unix_stream_socket"], ["connectto", "getopt"]); - // Let selected domains access tmpfs files - // For tmpfs overlay on 2SI, Zygisk on lower Android versions and AVD scripts - allow(["init", "zygote", "shell"], ["tmpfs"], ["file"], all); + // For tmpfs overlay on 2SI. We allow all domains to access tmpfs files. + allow(["domain"], ["tmpfs"], ["file"], all); // Allow magiskinit daemon to handle mock selinuxfs allow(["kernel"], ["tmpfs"], ["fifo_file"], ["write"]);