From 5c662f1230beef96bbd3c0e9db144892ffa7f826 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Sun, 16 Apr 2017 04:11:02 +0800
Subject: [PATCH] Add Android O rules

---
 rules.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rules.c b/rules.c
index 13210bb56..dad30cb37 100644
--- a/rules.c
+++ b/rules.c
@@ -73,6 +73,7 @@ void allowSuClient(char *target) {
 	sepol_allow(target, "su_device", "dir", "read");
 	sepol_allow(target, "su_device", "sock_file", "read");
 	sepol_allow(target, "su_device", "sock_file", "write");
+	sepol_allow(target, "devpts", "chr_file", "ioctl");
 	sepol_allow("su", target, "fd", "use");
 	sepol_allow("su", target, "fifo_file", ALL);
 }
@@ -85,6 +86,7 @@ void suRights() {
 	sepol_allow("servicemanager", "su", "process", "getattr");
 	sepol_allow("servicemanager", "su", "binder", "transfer");
 	sepol_allow("system_server", "su", "binder", "call");
+	sepol_allow("system_server", "su", "fd", "use");
 
 	sepol_allow("su", "servicemanager", "dir", "search");
 	sepol_allow("su", "servicemanager", "dir", "read");
@@ -229,6 +231,8 @@ void sepol_med_rules() {
 		allowSuClient("priv_app");
 	if (sepol_exists("ssd_tool"))
 		allowSuClient("ssd_tool");
+	if (sepol_exists("untrusted_app_25"))
+		allowSuClient("untrusted_app_25");
 
 	suRights();
 	otherToSU();