From 4ffc3884913a1b3c322281d1bd6788aa9a7fa9e8 Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Fri, 20 Jul 2018 22:22:49 +0800 Subject: [PATCH] Allow bootctl to run --- native/jni/magiskpolicy/rules.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/native/jni/magiskpolicy/rules.c b/native/jni/magiskpolicy/rules.c index 2cfdb94e7..01205143f 100644 --- a/native/jni/magiskpolicy/rules.c +++ b/native/jni/magiskpolicy/rules.c @@ -29,7 +29,8 @@ void allowSuClient(char *target) { } } -void suRights() { +void otherToSU() { + // suRights sepol_allow("servicemanager", SEPOL_PROC_DOMAIN, "dir", "search"); sepol_allow("servicemanager", SEPOL_PROC_DOMAIN, "dir", "read"); sepol_allow("servicemanager", SEPOL_PROC_DOMAIN, "file", "open"); @@ -48,9 +49,7 @@ void suRights() { sepol_allow(SEPOL_PROC_DOMAIN, "servicemanager", "binder", "call"); sepol_allow(SEPOL_PROC_DOMAIN, "system_server", "binder", "transfer"); sepol_allow(SEPOL_PROC_DOMAIN, "system_server", "binder", "call"); -} -void otherToSU() { // allowLog sepol_allow("logd", SEPOL_PROC_DOMAIN, "dir", "search"); sepol_allow("logd", SEPOL_PROC_DOMAIN, "file", "read"); @@ -84,6 +83,13 @@ void otherToSU() { sepol_allow(ALL, SEPOL_PROC_DOMAIN, "fifo_file", "read"); sepol_allow(ALL, SEPOL_PROC_DOMAIN, "fifo_file", "open"); sepol_allow(ALL, SEPOL_PROC_DOMAIN, "fifo_file", "getattr"); + + // bootctl + sepol_allow("hwservicemanager", SEPOL_PROC_DOMAIN, "dir", "search"); + sepol_allow("hwservicemanager", SEPOL_PROC_DOMAIN, "file", "read"); + sepol_allow("hwservicemanager", SEPOL_PROC_DOMAIN, "file", "open"); + sepol_allow("hwservicemanager", SEPOL_PROC_DOMAIN, "process", "getattr"); + sepol_allow("hwservicemanager", SEPOL_PROC_DOMAIN, "binder", "transfer"); } void sepol_magisk_rules() { @@ -129,7 +135,6 @@ void sepol_magisk_rules() { allowSuClient("untrusted_app_27"); // Some superuser stuffs - suRights(); otherToSU(); // For mounting loop devices, mirrors, tmpfs