Support loading split sepolicy on non skip_initramfs devices

For certain device (e.g ZenFone 4 ZE554KL) there’s no sepolicy under rootfs and no a/b partition (implies no vendor partition) Magisk will failed to patch SELinux policy database and the system won’t boot up. In order to cope with this configuration the status of loading policy db needs to be checked, once it failed we have to mount the system partition and do patch_sepolicy() again. Signed-off-by: Shaka Huang <[email protected]>
WindWT · Dec 31, 2017 · 3dc22db · 3dc22db
1 parent d8c51cb
commit 3dc22db
Showing 1 changed file with 20 additions and 2 deletions.
diff --git a/core/jni/core/magiskinit.c b/core/jni/core/magiskinit.c
@@ -305,16 +305,20 @@ static int verify_precompiled() {
 	return strcmp(sys_sha, ven_sha) == 0;
 }
 
-static void patch_sepolicy() {
+static int patch_sepolicy() {
 	if (access("/sepolicy", R_OK) == 0)
 		load_policydb("/sepolicy");
 	else if (access(SPLIT_PRECOMPILE, R_OK) == 0 && verify_precompiled())
 		load_policydb(SPLIT_PRECOMPILE);
 	else if (access(SPLIT_PLAT_CIL, R_OK) == 0)
 		compile_cil();
+	else
+		return 1;
 
 	sepol_magisk_rules();
 	dump_policydb("/sepolicy");
+
+	return 0;
 }
 
 #define BUFSIZE (1 << 20)
@@ -508,7 +512,21 @@ int main(int argc, char *argv[]) {
 		mv_dir(overlay, root);
 
 		patch_ramdisk(root);
-		patch_sepolicy();
+		if (patch_sepolicy()) {
+			/* Non skip_initramfs devices using separate sepolicy
+			 * Mount /system and try to load again */
+			mount("sysfs", "/sys", "sysfs", 0, NULL);
+			struct device dev;
+			setup_block(&dev, "system");
+			mount(dev.path, "/system", "ext4", MS_RDONLY, NULL);
+			// We need to mount independent vendor partition
+			if (setup_block(&dev, "vendor") == 0)
+				mount(dev.path, "/vendor", "ext4", MS_RDONLY, NULL);
+
+			patch_sepolicy();
+
+			umount("/system");
+		}
 
 		if (fork_dont_care() == 0) {
 			strcpy(argv[0], "magiskinit");