From c05063fb1296eff4ba2e4fd1f81c9ffec164c927 Mon Sep 17 00:00:00 2001
From: Coxxs <3007303+Coxxs@users.noreply.github.com>
Date: Sat, 23 Oct 2021 19:53:37 +0800
Subject: [PATCH] Add SELinux policy for gmscore_app

No longer require `setenforcing 0`
---
 apply.sh | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/apply.sh b/apply.sh
index 2b51318..09a125d 100644
--- a/apply.sh
+++ b/apply.sh
@@ -71,4 +71,14 @@ find $InstallDir/etc/default-permissions -type f -exec chcon --reference=$Instal
 find $InstallDir/etc/preferred-apps -type f -exec chcon --reference=$InstallDir/etc/fs_config_dirs {} \;
 find $InstallDir/etc/sysconfig -type f -exec chcon --reference=$InstallDir/etc/fs_config_dirs {} \;
 
-echo "!! Apply completed !!"
\ No newline at end of file
+echo "Applying SELinux policy"
+# Sed will remove the SELinux policy for plat_sepolicy.cil, preserve policy using cp
+cp $InstallDir/etc/selinux/plat_sepolicy.cil $InstallDir/etc/selinux/plat_sepolicy_new.cil
+sed -i 's/(allow gmscore_app self (process (ptrace)))/(allow gmscore_app self (process (ptrace)))\n(allow gmscore_app self (vsock_socket (read write create connect)))\n(allow gmscore_app device_config_runtime_native_boot_prop (file (read)))/g' $InstallDir/etc/selinux/plat_sepolicy_new.cil
+cp $InstallDir/etc/selinux/plat_sepolicy_new.cil $InstallDir/etc/selinux/plat_sepolicy.cil
+rm $InstallDir/etc/selinux/plat_sepolicy_new.cil
+
+# Prevent android from using cached SELinux policy
+echo '0000000000000000000000000000000000000000000000000000000000000000' > $InstallDir/etc/selinux/plat_sepolicy_and_mapping.sha256
+
+echo "!! Apply completed !!"