The existing sepolicy patching strategy looks like this:
1. 2SI: use LD_PRELOAD to hijack `security_load_policy`
2. Split policy: devices using split policy implies it also needs to
do early mount, which means fstab is stored in device tree.
So we do the following:
- Hijack the fstab node in the device tree in sysfs
- Wait for init to mount selinuxfs for us
- Hijack selinuxfs to intercept sepolicy loading
3. Monolithic policy: directly patch `/sepolicy`
Method #1 and #2 both has the magiskinit pre-init daemon handling
the sepolicy patching and loading process, while method #3 gives us
zero control over sepolicy loading process. Downsides:
a. Pre-init daemon bypasses the need to guess which sepolicy init
will load, because the original init will literally send the stock
sepolicy file directly to us with this approach.
b. If we want to add more features/functionalities during the sepolicy
patching process, we will leave out devices using method #3
In order to solve these issues, we completely redesign the sepolicy
patching strategy for non-2SI devices. Instead of limiting usage of
pre-init daemon to early mount devices, we always intercept the
sepolicy loading process regardless of the Android version and device
setup. This will give us a unified implementation for sepolicy patching,
and will make it easier to develop further new features down the line.
We resolve available partitions for sepolicy.rules when patching
boot and bind mount the partition by magiskinit.
For older devices, the previous logic won't work because the part name
is never readable.
Co-authored-by: topjohnwu <topjohnwu@gmail.com>
