WeiguangTWK
/
LSPosed
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update sepolicy

This commit is contained in:
kotori0 2020-11-25 21:39:48 +08:00
parent 4570d8ff46
commit 8482237918
2 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
edxp-core/template_override/post-fs-data.sh
View File

@ -41,17 +41,12 @@ PATH_PREFIX="/data/user_de/0/"
#PATH_PREFIX_LEGACY="/data/user/0/" #PATH_PREFIX_LEGACY="/data/user/0/"
sepolicy() { sepolicy() {
# necessary for using mmap in system_server process # Should be deprecated now. This is for debug only.
# read configs set in our app supolicy --live "allow system_server system_server process execmem" \
# for built-in apps // TODO: maybe narrow down the target classes "allow system_server system_server memprotect mmap_zero" \
# read module apk file in zygote "allow zygote app_data_file dir { search read open }" \
# TODO: remove coredomain sepolicy "allow zygote app_data_file file { getattr read open }" \
supolicy --live "allow system_server system_server process { execmem }"\ "allow zygote app_data_file dir { getattr search read open }"
"allow system_server system_server memprotect { mmap_zero }"\
"allow coredomain coredomain process { execmem }"\
"allow coredomain app_data_file * *"\
"attradd { system_app platform_app } mlstrustedsubject"\
"allow zygote apk_data_file * *"
} }
#if [[ ${ANDROID_SDK} -ge 24 ]]; then #if [[ ${ANDROID_SDK} -ge 24 ]]; then

1
edxp-core/template_override/sepolicy.rule
View File

@ -2,3 +2,4 @@ allow system_server system_server process execmem
allow system_server system_server memprotect mmap_zero allow system_server system_server memprotect mmap_zero
allow zygote app_data_file dir { search read open } allow zygote app_data_file dir { search read open }
allow zygote app_data_file file { getattr read open } allow zygote app_data_file file { getattr read open }
allow zygote app_data_file dir { getattr search read open }