Support system-as-root devices with monolithic sepolicy

native/jni/core/init.cpp

@@ -354,6 +354,10 @@ void MagiskInit::early_mount() {
 		if (is_lnk("/system_root/init"))
 			load_sepol = true;
 
+		// System-as-root with monolithic sepolicy
+		if (access("/system_root/sepolicy", F_OK) == 0)
+			cp_afc("/system_root/sepolicy", "/sepolicy");
+
 		// Copy if these partitions are symlinks
 		link_root("/vendor");
 		link_root("/product");
@@ -380,6 +384,9 @@ void MagiskInit::setup_rootfs() {
 		excl_list = nullptr;
 	}
 
+	// Override /sepolicy if exist
+	rename("/magisk_sepolicy", "/sepolicy");
+
 	if (patch_init) {
 		constexpr char SYSTEM_INIT[] = "/system/bin/init";
 		// If init is symlink, copy it to rootfs so we can patch
@@ -452,7 +459,7 @@ bool MagiskInit::patch_sepolicy() {
 
 	sepol_magisk_rules();
 	sepol_allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL);
-	dump_policydb("/sepolicy");
+	dump_policydb("/magisk_sepolicy");
 
 	// Load policy to kernel so we can label rootfs
 	if (load_sepol)
@@ -461,7 +468,7 @@ bool MagiskInit::patch_sepolicy() {
 	// Remove OnePlus stupid debug sepolicy and use our own
 	if (access("/sepolicy_debug", F_OK) == 0) {
 		unlink("/sepolicy_debug");
-		link("/sepolicy", "/sepolicy_debug");
+		link("/magisk_sepolicy", "/sepolicy_debug");
 	}
 
 	// Enable selinux functions