improve: SELinux rules

This commit is taken from JingMatrix/NeoZygisk@2bf90c1. Note that this will still cause issue with some modules due unused rules being taken out.
PerformanC · Jan 6, 2025 · c5f9b94 · c5f9b94
1 parent 42ce44e
commit c5f9b94
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 9 deletions.
diff --git a/module/src/sepolicy.rule b/module/src/sepolicy.rule
@@ -1,19 +1,15 @@
-type magisk_file file_type
-typeattribute magisk_file mlstrustedobject
-allow zygote magisk_file sock_file {read write}
+type zygisk_file file_type
+typeattribute zygisk_file mlstrustedobject
+allow zygote zygisk_file sock_file {read write}
 
 allow zygote magisk lnk_file read
 allow zygote unlabeled file {read open}
 allow zygote zygote capability sys_chroot
 allow zygote su dir search
-allow zygote su lnk_file read
-allow zygote su file read
+allow zygote su {lnk_file file} read
 
 allow zygote adb_data_file dir search
 allow zygote zygote process execmem
 allow system_server system_server process execmem
 allow zygote tmpfs file *
 allow zygote appdomain_tmpfs file *
-
-allow zygote mnt_vendor_file dir search
-allow zygote fs_type filesystem unmount
diff --git a/zygiskd/src/utils.c b/zygiskd/src/utils.c
@@ -191,7 +191,7 @@ int unix_listener_from_path(char *restrict path) {
     return -1;
   }
 
-  if (chcon(path, "u:object_r:magisk_file:s0") == -1) {
+  if (chcon(path, "u:object_r:zygisk_file:s0") == -1) {
     LOGE("chcon: %s\n", strerror(errno));
 
     return -1;