From 209a5417ec341d2714398202494cb57fda12332c Mon Sep 17 00:00:00 2001
From: JingMatrix <jingmatrix@gmail.com>
Date: Wed, 22 Jan 2025 12:01:55 +0100
Subject: [PATCH] Allow dex2oat to access files received from sockets (#165)

On some devices `dex2oat` cannot access files (fd) received from sockets due to SELinux restrictions.
Hence, we add a new rule according to the avc logs, which showed that permissions `open` and `getattr` were needed.
---
 magisk-loader/magisk_module/sepolicy.rule | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/magisk-loader/magisk_module/sepolicy.rule b/magisk-loader/magisk_module/sepolicy.rule
index 30b56f22..1c7f04d0 100644
--- a/magisk-loader/magisk_module/sepolicy.rule
+++ b/magisk-loader/magisk_module/sepolicy.rule
@@ -6,6 +6,8 @@ type xposed_file file_type
 typeattribute xposed_file mlstrustedobject
 allow {dex2oat installd isolated_app shell} xposed_file {file dir} *
 
+allow dex2oat unlabeled file *
+
 type xposed_data file_type
 typeattribute xposed_data mlstrustedobject
 allow * xposed_data {file dir} *