MarcoBuster/Magisk
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update rules

Browse Source
This commit is contained in:
topjohnwu 2017-11-22 16:03:57 +08:00
parent 9e96824161
commit b7e717ee8c
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
rules.c
View File

@ -165,11 +165,9 @@ void sepol_min_rules() {
// Let pre-init do stuffs // Let pre-init do stuffs
sepol_allow("kernel", "kernel", "security", "load_policy"); sepol_allow("kernel", "kernel", "security", "load_policy");
sepol_allow("kernel", "device", "dir", "write"); sepol_allow("kernel", "kernel", "capability", "dac_override");
sepol_allow("kernel", "device", "dir", "add_name"); sepol_allow("kernel", "device", "dir", ALL);
sepol_allow("kernel", "device", "file", "create"); sepol_allow("kernel", "device", "file", ALL);
sepol_allow("kernel", "device", "file", "open");
sepol_allow("kernel", "device", "file", "read");
// Let init run stuffs in su context // Let init run stuffs in su context
sepol_allow("kernel", "su", "fd", "use"); sepol_allow("kernel", "su", "fd", "use");
@ -233,7 +231,7 @@ void sepol_min_rules() {
sepol_allow("su", "kernel", "process", "setsched"); sepol_allow("su", "kernel", "process", "setsched");
sepol_allow("su", "labeledfs", "filesystem", "mount"); sepol_allow("su", "labeledfs", "filesystem", "mount");
sepol_allow("su", "labeledfs", "filesystem", "unmount"); sepol_allow("su", "labeledfs", "filesystem", "unmount");
sepol_allow("kernel", "system_data_file", "file", "read"); sepol_allow("kernel", ALL, "file", "read");
// For changing attributes // For changing attributes
sepol_allow("rootfs", "tmpfs", "filesystem", "associate"); sepol_allow("rootfs", "tmpfs", "filesystem", "associate");
@ -243,8 +241,10 @@ void sepol_min_rules() {
sepol_allow("system_server", "dex2oat_exec", "file", ALL); sepol_allow("system_server", "dex2oat_exec", "file", ALL);
// xperms // xperms
if (policydb->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) if (policydb->policyvers >= POLICYDB_VERSION_XPERMS_IOCTL) {
sepol_allowxperm("domain", "devpts", "chr_file", "0x5400-0x54FF"); sepol_allowxperm("domain", "devpts", "chr_file", "0x5400-0x54FF");
sepol_allowxperm("domain", "untrusted_app_25_devpts", "chr_file", "0x5400-0x54FF");
}
} }
void sepol_med_rules() { void sepol_med_rules() {