SEPolicy updates

topjohnwu · Apr 14, 2018 · 6764a98 · 6764a98
1 parent fd7b5f3
commit 6764a98
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/src/main/java/com/topjohnwu/magisk/database/MagiskDatabaseHelper.java b/src/main/java/com/topjohnwu/magisk/database/MagiskDatabaseHelper.java
@@ -96,10 +96,9 @@ private SQLiteDatabase openDatabase(MagiskManager mm) {
                     Shell.Sync.su(Utils.fmt("mv -f %s %s; ln -s %s %s",
                             oldDB, GLOBAL_DB, GLOBAL_DB, oldDB));
                 }
-                if (mm.magiskVersionCode < 1550) {
+                if (mm.magiskVersionCode < Const.MAGISK_VER.SEPOL_REFACTOR) {
                     // We need some additional policies on old versions
-                    Shell.Sync.su("magiskpolicy --live " +
-                            "'create su_file' 'allow * su_file file *' 'allow * su_file dir *'");
+                    Shell.Sync.su("db_sepatch");
                 }
                 if (!GLOBAL_DB.exists()) {
                     Shell.Sync.su("db_init");

diff --git a/src/main/java/com/topjohnwu/magisk/utils/Const.java b/src/main/java/com/topjohnwu/magisk/utils/Const.java
@@ -77,6 +77,7 @@ public static final class MAGISK_VER {
         public static final int DTBO_SUPPORT = 1446;
         public static final int LEGACY_GLOBAL_DB = 1450;
         public static final int HIDDEN_PATH = 1460;
+        public static final int SEPOL_REFACTOR = 1640;
     }
 
     public static class ID {

diff --git a/src/main/res/raw/magiskdb.sh b/src/main/res/raw/magiskdb.sh
@@ -1,3 +1,9 @@
+db_sepatch() {
+  magiskpolicy --live 'create magisk_file' 'attradd magisk_file mlstrustedobject' \
+  'allow * magisk_file file *' 'allow * magisk_file dir *' \
+  'allow magisk_file * filesystem associate'
+}
+
 db_clean() {
   local USERID=$1
   local DIR="/sbin/.core/db-${USERID}"
@@ -8,7 +14,7 @@ db_clean() {
 
 db_init() {
   ADB_CONTEXT=`/system/bin/ls -dZ /data/adb | awk '{print $1}'`
-  chcon u:object_r:su_file:s0 /data/adb
+  chcon u:object_r:magisk_file:s0 /data/adb
   chmod 777 /data/adb
 }
 
@@ -25,7 +31,7 @@ db_setup() {
   touch $DIR/magisk.db
   mount -o bind /data/adb/magisk.db $DIR/magisk.db
   rm -f /data/adb/magisk.db-journal
-  chcon u:object_r:su_file:s0 $DIR $DIR/*
+  chcon u:object_r:magisk_file:s0 $DIR $DIR/*
   chmod 700 $DIR
   chown $USER.$USER $DIR
   chmod 666 $DIR/*