Don't load sepolicy on Huawei devices
Of course, the cancer of Android, Huawei, has to do some f**king weird modifications to the Linux kernel. Its kernel only accepts 1 single policy load in its lifetime, a second load will result in ENOMEM error. Since Huawei devices always use their own stupid ramdisk setup and not system-as-root, not loading sepolicy is not a concern (for now).
This commit is contained in:
parent
a1b5185ecb
commit
e476c18c99
@ -57,6 +57,7 @@ int (*init_applet_main[]) (int, char *[]) = { magiskpolicy_main, magiskpolicy_ma
|
||||
|
||||
static bool mnt_system = false;
|
||||
static bool mnt_vendor = false;
|
||||
static bool kirin = false;
|
||||
|
||||
static void *self, *config;
|
||||
static size_t self_sz, config_sz;
|
||||
@ -109,7 +110,7 @@ static void parse_cmdline(struct cmdline *cmd) {
|
||||
cmdline[read(fd, cmdline, sizeof(cmdline))] = '\0';
|
||||
close(fd);
|
||||
|
||||
bool skip_initramfs = false, kirin = false, enter_recovery = false;
|
||||
bool skip_initramfs = false, enter_recovery = false;
|
||||
|
||||
parse_cmdline([&](auto key, auto value) -> void {
|
||||
LOGD("cmdline: [%s]=[%s]\n", key.data(), value);
|
||||
@ -278,9 +279,11 @@ static bool patch_sepolicy() {
|
||||
sepol_allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL);
|
||||
dump_policydb("/sepolicy");
|
||||
|
||||
// Load policy to kernel so we can label rootfs
|
||||
xmount("selinuxfs", SELINUX_MNT, "selinuxfs", 0, nullptr);
|
||||
dump_policydb(SELINUX_LOAD);
|
||||
if (!kirin) {
|
||||
// Load policy to kernel so we can label rootfs
|
||||
xmount("selinuxfs", SELINUX_MNT, "selinuxfs", 0, nullptr);
|
||||
dump_policydb(SELINUX_LOAD);
|
||||
}
|
||||
|
||||
// Remove OnePlus stupid debug sepolicy and use our own
|
||||
if (access("/sepolicy_debug", F_OK) == 0) {
|
||||
|
Loading…
Reference in New Issue
Block a user