diff --git a/native/src/init/mount.cpp b/native/src/init/mount.cpp
index 8f774fb88..c22bfbd8f 100644
--- a/native/src/init/mount.cpp
+++ b/native/src/init/mount.cpp
@@ -126,7 +126,7 @@ static void switch_root(const string &path) {
 
 #define PREINITMNT MIRRDIR "/preinit"
 
-static void mount_preinit_dir(string path, string preinit_dev) {
+static void mount_preinit_dir(string preinit_dev) {
     if (preinit_dev.empty()) return;
     strcpy(blk_info.partname, preinit_dev.data());
     strcpy(blk_info.block_dev, PREINITDEV);
@@ -161,7 +161,6 @@ static void mount_preinit_dir(string path, string preinit_dev) {
         } else {
             LOGD("preinit: %s\n", preinit_dir.data());
             xmount(preinit_dir.data(), PREINITMIRR, nullptr, MS_BIND, nullptr);
-            mount_list.emplace_back(path += "/" PREINITMIRR);
         }
         xumount2(PREINITMNT, MNT_DETACH);
     } else {
@@ -271,7 +270,7 @@ void MagiskInit::setup_tmp(const char *path) {
     xmkdir(BLOCKDIR, 0);
     xmkdir(WORKERDIR, 0);
 
-    mount_preinit_dir(path, preinit_dev);
+    mount_preinit_dir(preinit_dev);
 
     cp_afc(".backup/.magisk", MAIN_CONFIG);
     rm_rf(".backup");
@@ -281,7 +280,7 @@ void MagiskInit::setup_tmp(const char *path) {
         xsymlink("./magisk", applet_names[i]);
     xsymlink("./magiskpolicy", "supolicy");
 
-    xmount(".", path, nullptr, MS_BIND | MS_REC, nullptr);
+    xmount(".", path, nullptr, MS_BIND, nullptr);
 
     chdir("/");
 }
diff --git a/native/src/init/rootdir.cpp b/native/src/init/rootdir.cpp
index 7bb1d7338..1e853757d 100644
--- a/native/src/init/rootdir.cpp
+++ b/native/src/init/rootdir.cpp
@@ -224,9 +224,8 @@ void MagiskInit::patch_ro_root() {
     setup_tmp(tmp_dir.data());
     chdir(tmp_dir.data());
 
-    // Recreate original sbin structure if necessary
     if (tmp_dir == "/sbin") {
-        // Mount system_root mirror
+        // Recreate original sbin structure
         xmkdir(ROOTMIR, 0755);
         xmount("/", ROOTMIR, nullptr, MS_BIND, nullptr);
         recreate_sbin(ROOTMIR "/sbin", true);
@@ -272,7 +271,8 @@ void MagiskInit::patch_ro_root() {
     // Oculus Go will use a special sepolicy if unlocked
     if (access("/sepolicy.unlocked", F_OK) == 0) {
         patch_sepolicy("/sepolicy.unlocked", ROOTOVL "/sepolicy.unlocked");
-    } else if ((access(SPLIT_PLAT_CIL, F_OK) != 0 && access("/sepolicy", F_OK) == 0) || !hijack_sepolicy()) {
+    } else if ((access(SPLIT_PLAT_CIL, F_OK) != 0 && access("/sepolicy", F_OK) == 0) ||
+               !hijack_sepolicy()) {
         patch_sepolicy("/sepolicy", ROOTOVL "/sepolicy");
     }
 
diff --git a/native/src/init/selinux.cpp b/native/src/init/selinux.cpp
index 4eb68a09b..4ddb92350 100644
--- a/native/src/init/selinux.cpp
+++ b/native/src/init/selinux.cpp
@@ -15,12 +15,13 @@ void MagiskInit::patch_sepolicy(const char *in, const char *out) {
     sepol->magisk_rules();
 
     // Custom rules
-    if (auto dir = xopen_dir(PREINITMIRR)) {
+    if (auto dir = xopen_dir("/data/" PREINITMIRR)) {
         for (dirent *entry; (entry = xreaddir(dir.get()));) {
-            auto rule = PREINITMIRR "/"s + entry->d_name + "/sepolicy.rule";
+            auto name = "/data/" PREINITMIRR "/"s + entry->d_name;
+            auto rule = name + "/sepolicy.rule";
             if (xaccess(rule.data(), R_OK) == 0 &&
-                access((PREINITMIRR "/"s + entry->d_name + "/disable").data(), F_OK) != 0 &&
-                access((PREINITMIRR "/"s + entry->d_name + "/remove").data(), F_OK) != 0) {
+                access((name + "/disable").data(), F_OK) != 0 &&
+                access((name + "/remove").data(), F_OK) != 0) {
                 LOGD("Loading custom sepolicy patch: [%s]\n", rule.data());
                 sepol->load_rule_file(rule.data());
             }
@@ -96,12 +97,13 @@ bool MagiskInit::hijack_sepolicy() {
 
     // Read all custom rules into memory
     string rules;
-    if (auto dir = xopen_dir(PREINITMIRR)) {
+    if (auto dir = xopen_dir("/data/" PREINITMIRR)) {
         for (dirent *entry; (entry = xreaddir(dir.get()));) {
-            auto rule_file = PREINITMIRR "/"s + entry->d_name + "/sepolicy.rule";
+            auto name = "/data/" PREINITMIRR "/"s + entry->d_name;
+            auto rule_file = name + "/sepolicy.rule";
             if (xaccess(rule_file.data(), R_OK) == 0 &&
-                access((PREINITMIRR "/"s + entry->d_name + "/disable").data(), F_OK) != 0 &&
-                access((PREINITMIRR "/"s + entry->d_name + "/remove").data(), F_OK) != 0) {
+                access((name + "/disable").data(), F_OK) != 0 &&
+                access((name + "/remove").data(), F_OK) != 0) {
                 LOGD("Load custom sepolicy patch: [%s]\n", rule_file.data());
                 full_read(rule_file.data(), rules);
                 rules += '\n';