TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-02-20 06:28:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clean up unneeded rules

Browse Source
This commit is contained in:
vvb2060 2021-07-23 00:08:26 +08:00 committed by John Wu
parent 773bf0c6bc
commit f98c68a280
1 changed files with 0 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
native/jni/magiskpolicy/rules.cpp
View File

@ -54,18 +54,6 @@ void sepolicy::magisk_rules() {
allow(SEPOL_CLIENT_DOMAIN, SEPOL_EXEC_TYPE, "file", ALL); allow(SEPOL_CLIENT_DOMAIN, SEPOL_EXEC_TYPE, "file", ALL);
allow(SEPOL_CLIENT_DOMAIN, SEPOL_CLIENT_DOMAIN, ALL, ALL); allow(SEPOL_CLIENT_DOMAIN, SEPOL_CLIENT_DOMAIN, ALL, ALL);
const char *pts[] {
"devpts", "untrusted_app_devpts",
"untrusted_app_25_devpts", "untrusted_app_all_devpts" };
for (auto type : pts) {
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "open");
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "getattr");
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "read");
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "write");
allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "ioctl");
allowxperm(SEPOL_CLIENT_DOMAIN, type, "chr_file", "0x5400-0x54FF");
}
// Allow these processes to access MagiskSU // Allow these processes to access MagiskSU
vector<const char *> clients{ "init", "shell", "update_engine", "appdomain" }; vector<const char *> clients{ "init", "shell", "update_engine", "appdomain" };
for (auto type : clients) { for (auto type : clients) {
@ -119,14 +107,6 @@ void sepolicy::magisk_rules() {
continue; continue;
allow(type, SEPOL_PROC_DOMAIN, "unix_stream_socket", "connectto"); allow(type, SEPOL_PROC_DOMAIN, "unix_stream_socket", "connectto");
allow(type, SEPOL_PROC_DOMAIN, "unix_stream_socket", "getopt"); allow(type, SEPOL_PROC_DOMAIN, "unix_stream_socket", "getopt");
// Allow termios ioctl
const char *pts[] { "devpts", "untrusted_app_devpts" };
for (auto pts_type : pts) {
allow(type, pts_type, "chr_file", "ioctl");
if (db->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL)
allowxperm(type, pts_type, "chr_file", "0x5400-0x54FF");
}
} }
} }