andreacavalli/Magisk
1
0
Fork 0
forked from MarcoBuster/Magisk
Code Issues Pull Requests Projects Releases Wiki Activity

Support system-as-root devices with monolithic sepolicy

Browse Source
This commit is contained in:
topjohnwu 2019-03-18 04:54:15 -04:00
parent 957feca626
commit 945f88105f
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
native/jni/core/init.cpp
View File

@ -354,6 +354,10 @@ void MagiskInit::early_mount() {
if (is_lnk("/system_root/init"))
load_sepol = true;
// System-as-root with monolithic sepolicy
if (access("/system_root/sepolicy", F_OK) == 0)
cp_afc("/system_root/sepolicy", "/sepolicy");
// Copy if these partitions are symlinks
link_root("/vendor");
link_root("/product");
@ -380,6 +384,9 @@ void MagiskInit::setup_rootfs() {
excl_list = nullptr;
}
// Override /sepolicy if exist
rename("/magisk_sepolicy", "/sepolicy");
if (patch_init) {
constexpr char SYSTEM_INIT[] = "/system/bin/init";
// If init is symlink, copy it to rootfs so we can patch
@ -452,7 +459,7 @@ bool MagiskInit::patch_sepolicy() {
sepol_magisk_rules();
sepol_allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL);
dump_policydb("/sepolicy");
dump_policydb("/magisk_sepolicy");
// Load policy to kernel so we can label rootfs
if (load_sepol)
@ -461,7 +468,7 @@ bool MagiskInit::patch_sepolicy() {
// Remove OnePlus stupid debug sepolicy and use our own
if (access("/sepolicy_debug", F_OK) == 0) {
unlink("/sepolicy_debug");
link("/sepolicy", "/sepolicy_debug");
link("/magisk_sepolicy", "/sepolicy_debug");
}
// Enable selinux functions