From 17b5291bbbfef29d67d15b4b43985dc9591158f0 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Sun, 20 Sep 2020 14:39:11 -0700
Subject: [PATCH] Fix Android 8.0 selinux rules

---
 native/jni/magiskpolicy/rules.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/native/jni/magiskpolicy/rules.cpp b/native/jni/magiskpolicy/rules.cpp
index bb242a00e..3592a995f 100644
--- a/native/jni/magiskpolicy/rules.cpp
+++ b/native/jni/magiskpolicy/rules.cpp
@@ -54,11 +54,15 @@ void sepolicy::magisk_rules() {
 		allow(SEPOL_CLIENT_DOMAIN, SEPOL_EXEC_TYPE, "file", ALL);
 		allow(SEPOL_CLIENT_DOMAIN, SEPOL_CLIENT_DOMAIN, ALL, ALL);
 
-		// Allow su client termios ioctl
 		const char *pts[] {
 			"devpts", "untrusted_app_devpts",
 			"untrusted_app_25_devpts", "untrusted_app_all_devpts" };
 		for (auto type : pts) {
+			allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "open");
+			allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "getattr");
+			allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "read");
+			allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "write");
+			allow(SEPOL_CLIENT_DOMAIN, type, "chr_file", "ioctl");
 			allowxperm(SEPOL_CLIENT_DOMAIN, type, "chr_file", "0x5400-0x54FF");
 		}