diff --git a/.gitignore b/.gitignore
index 2246beae1..47cd35844 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,4 +15,3 @@ native/out
 /.idea
 /build
 /captures
-.externalNativeBuild
diff --git a/native/.gitignore b/native/.gitignore
index c6f79a7c4..861b7b95e 100644
--- a/native/.gitignore
+++ b/native/.gitignore
@@ -1,3 +1,5 @@
 /build
 obj
-libs
\ No newline at end of file
+libs
+/.externalNativeBuild
+/.cxx
diff --git a/native/jni/core/init.cpp b/native/jni/core/init.cpp
index 926d59615..649d70b4d 100644
--- a/native/jni/core/init.cpp
+++ b/native/jni/core/init.cpp
@@ -281,14 +281,29 @@ static bool patch_sepolicy() {
 	}
 
 	if (init_patch) {
-		// Force init to load /sepolicy
-		uint8_t *addr;
+		// If init is symlink, copy it to rootfs so we can patch
+		char real_init[128];
+		real_init[0] = '\0';
+		struct stat st;
+		lstat("/init", &st);
+		if (S_ISLNK(st.st_mode)) {
+			xreadlink("/init", real_init, sizeof(real_init));
+			cp_afc(real_init, "/init");
+		}
+		size_t real_init_len = strlen(real_init);
+
+		char *addr;
 		size_t size;
 		mmap_rw("/init", addr, size);
-		for (int i = 0; i < size; ++i) {
-			if (memcmp(addr + i, SPLIT_PLAT_CIL, sizeof(SPLIT_PLAT_CIL) - 1) == 0) {
-				memcpy(addr + i + sizeof(SPLIT_PLAT_CIL) - 4, "xxx", 3);
-				break;
+		for (char *p = addr; p < addr + size; ++p) {
+			if (memcmp(p, SPLIT_PLAT_CIL, sizeof(SPLIT_PLAT_CIL)) == 0) {
+				// Force init to load /sepolicy
+				memset(p, 'x', sizeof(SPLIT_PLAT_CIL) - 1);
+				p += sizeof(SPLIT_PLAT_CIL) - 1;
+			} else if (real_init_len > 0 && memcmp(p, real_init, real_init_len + 1) == 0) {
+				// Force execute /init instead of real init
+				strcpy(p, "/init");
+				p += real_init_len;
 			}
 		}
 		munmap(addr, size);
diff --git a/scripts/util_functions.sh b/scripts/util_functions.sh
index c275ad023..1bd7e5dd5 100644
--- a/scripts/util_functions.sh
+++ b/scripts/util_functions.sh
@@ -185,12 +185,13 @@ mount_partitions() {
   fi
   [ -f /system/build.prop ] || is_mounted /system || abort "! Cannot mount /system"
   grep -qE '/dev/root|/system_root' /proc/mounts && SYSTEM_ROOT=true || SYSTEM_ROOT=false
-  if [ -f /system/init ]; then
+  if [ -f /system/init.rc ]; then
     SYSTEM_ROOT=true
     mkdir /system_root 2>/dev/null
     mount --move /system /system_root
     mount -o bind /system_root/system /system
   fi
+  $SYSTEM_ROOT && ui_print "- Device is system-as-root"
   if [ -L /system/vendor ]; then
     mkdir /vendor 2>/dev/null
     is_mounted /vendor || mount -o ro /vendor 2>/dev/null
@@ -210,7 +211,7 @@ get_flags() {
   if [ -z $KEEPVERITY ]; then
     if $SYSTEM_ROOT; then
       KEEPVERITY=true
-      ui_print "- Using system_root_image, keep dm/avb-verity"
+      ui_print "- System-as-root, keep dm/avb-verity"
     else
       KEEPVERITY=false
     fi
@@ -221,7 +222,7 @@ get_flags() {
     # No data access means unable to decrypt in recovery
     if $FDE || $FBE || ! $DATA; then
       KEEPFORCEENCRYPT=true
-      ui_print "- Encrypted data detected, keep forceencrypt"
+      ui_print "- Encrypted data, keep forceencrypt"
     else
       KEEPFORCEENCRYPT=false
     fi