Skip to content

Commit

Permalink
Add SELinux rules for shell (#143)
Browse files Browse the repository at this point in the history 
According to the SELinux logs, one rule is needed to write to the mangaer's sharedpreference.
  • Loading branch information
@JingMatrix
JingMatrix authored Jan 3, 2025
1 parent fba56a9 commit dd3aea8
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions magisk-loader/magisk_module/sepolicy.rule
View file
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
allow dex2oat dex2oat_exec file execute_no_trans

allow shell shell dir write

3 comments on commit dd3aea8

@aviraxp
Copy link

@aviraxp aviraxp commented on dd3aea8 Jan 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think issue comes from here:

LSPosed/daemon/src/main/java/org/lsposed/lspd/service/ConfigFileManager.java

Line 460 in dd3aea8

SELinux.setFileContext(path.toString(), "u:object_r:magisk_file:s0");

u:object_r:magisk_file:s0 serves as a object that everyone can write to in lsposed and there are still other usages for it.

@JingMatrix
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for remarking it, I haven't noticed it before.
From the logs in #146, LSPosed has to stop abusing this SELinux context label reserved for Zygisk implementation.

@aviraxp
Copy link

@aviraxp aviraxp commented on dd3aea8 Jan 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Original reason for lsposed abusing it is there are some users with broken root implementation and fails to apply rules in sepolicy.rule according to report. I think these conditions have decreased since then.

Please sign in to comment.