From 6764a98409fac8da30218ec87b7f7e6fcfcef4c9 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Sat, 14 Apr 2018 18:08:53 +0800
Subject: [PATCH] SEPolicy updates

---
 .../magisk/database/MagiskDatabaseHelper.java          |  5 ++---
 src/main/java/com/topjohnwu/magisk/utils/Const.java    |  1 +
 src/main/res/raw/magiskdb.sh                           | 10 ++++++++--
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/topjohnwu/magisk/database/MagiskDatabaseHelper.java b/src/main/java/com/topjohnwu/magisk/database/MagiskDatabaseHelper.java
index 89b4d077d..ccb318ba5 100644
--- a/src/main/java/com/topjohnwu/magisk/database/MagiskDatabaseHelper.java
+++ b/src/main/java/com/topjohnwu/magisk/database/MagiskDatabaseHelper.java
@@ -96,10 +96,9 @@ public class MagiskDatabaseHelper {
                     Shell.Sync.su(Utils.fmt("mv -f %s %s; ln -s %s %s",
                             oldDB, GLOBAL_DB, GLOBAL_DB, oldDB));
                 }
-                if (mm.magiskVersionCode < 1550) {
+                if (mm.magiskVersionCode < Const.MAGISK_VER.SEPOL_REFACTOR) {
                     // We need some additional policies on old versions
-                    Shell.Sync.su("magiskpolicy --live " +
-                            "'create su_file' 'allow * su_file file *' 'allow * su_file dir *'");
+                    Shell.Sync.su("db_sepatch");
                 }
                 if (!GLOBAL_DB.exists()) {
                     Shell.Sync.su("db_init");
diff --git a/src/main/java/com/topjohnwu/magisk/utils/Const.java b/src/main/java/com/topjohnwu/magisk/utils/Const.java
index 7e8b8a874..983e8ac26 100644
--- a/src/main/java/com/topjohnwu/magisk/utils/Const.java
+++ b/src/main/java/com/topjohnwu/magisk/utils/Const.java
@@ -77,6 +77,7 @@ public class Const {
         public static final int DTBO_SUPPORT = 1446;
         public static final int LEGACY_GLOBAL_DB = 1450;
         public static final int HIDDEN_PATH = 1460;
+        public static final int SEPOL_REFACTOR = 1640;
     }
 
     public static class ID {
diff --git a/src/main/res/raw/magiskdb.sh b/src/main/res/raw/magiskdb.sh
index 355a5bdc2..e25ab8025 100644
--- a/src/main/res/raw/magiskdb.sh
+++ b/src/main/res/raw/magiskdb.sh
@@ -1,3 +1,9 @@
+db_sepatch() {
+  magiskpolicy --live 'create magisk_file' 'attradd magisk_file mlstrustedobject' \
+  'allow * magisk_file file *' 'allow * magisk_file dir *' \
+  'allow magisk_file * filesystem associate'
+}
+
 db_clean() {
   local USERID=$1
   local DIR="/sbin/.core/db-${USERID}"
@@ -8,7 +14,7 @@ db_clean() {
 
 db_init() {
   ADB_CONTEXT=`/system/bin/ls -dZ /data/adb | awk '{print $1}'`
-  chcon u:object_r:su_file:s0 /data/adb
+  chcon u:object_r:magisk_file:s0 /data/adb
   chmod 777 /data/adb
 }
 
@@ -25,7 +31,7 @@ db_setup() {
   touch $DIR/magisk.db
   mount -o bind /data/adb/magisk.db $DIR/magisk.db
   rm -f /data/adb/magisk.db-journal
-  chcon u:object_r:su_file:s0 $DIR $DIR/*
+  chcon u:object_r:magisk_file:s0 $DIR $DIR/*
   chmod 700 $DIR
   chown $USER.$USER $DIR
   chmod 666 $DIR/*