From e476c18c9932415e34e0a32b9ac572197407c70d Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Thu, 14 Mar 2019 22:48:23 -0400 Subject: [PATCH] Don't load sepolicy on Huawei devices Of course, the cancer of Android, Huawei, has to do some f**king weird modifications to the Linux kernel. Its kernel only accepts 1 single policy load in its lifetime, a second load will result in ENOMEM error. Since Huawei devices always use their own stupid ramdisk setup and not system-as-root, not loading sepolicy is not a concern (for now). --- native/jni/core/init.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/native/jni/core/init.cpp b/native/jni/core/init.cpp index 2bb00331f..2943468df 100644 --- a/native/jni/core/init.cpp +++ b/native/jni/core/init.cpp @@ -57,6 +57,7 @@ int (*init_applet_main[]) (int, char *[]) = { magiskpolicy_main, magiskpolicy_ma static bool mnt_system = false; static bool mnt_vendor = false; +static bool kirin = false; static void *self, *config; static size_t self_sz, config_sz; @@ -109,7 +110,7 @@ static void parse_cmdline(struct cmdline *cmd) { cmdline[read(fd, cmdline, sizeof(cmdline))] = '\0'; close(fd); - bool skip_initramfs = false, kirin = false, enter_recovery = false; + bool skip_initramfs = false, enter_recovery = false; parse_cmdline([&](auto key, auto value) -> void { LOGD("cmdline: [%s]=[%s]\n", key.data(), value); @@ -278,9 +279,11 @@ static bool patch_sepolicy() { sepol_allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL); dump_policydb("/sepolicy"); - // Load policy to kernel so we can label rootfs - xmount("selinuxfs", SELINUX_MNT, "selinuxfs", 0, nullptr); - dump_policydb(SELINUX_LOAD); + if (!kirin) { + // Load policy to kernel so we can label rootfs + xmount("selinuxfs", SELINUX_MNT, "selinuxfs", 0, nullptr); + dump_policydb(SELINUX_LOAD); + } // Remove OnePlus stupid debug sepolicy and use our own if (access("/sepolicy_debug", F_OK) == 0) {