diff --git a/magiskpolicy.h b/magiskpolicy.h
index 5d88a86b7..1f4b700fb 100644
--- a/magiskpolicy.h
+++ b/magiskpolicy.h
@@ -7,6 +7,8 @@
 #include <stdlib.h>
 
 #define ALL NULL
+#define SEPOL_PROC_DOMAIN "magisk"
+#define SEPOL_FILE_DOMAIN "magisk_file"
 
 // policydb functions
 int load_policydb(const char *filename);
diff --git a/rules.c b/rules.c
index 7865e8f06..2948acb0c 100644
--- a/rules.c
+++ b/rules.c
@@ -4,72 +4,72 @@
 void allowSuClient(char *target) {
 	if (!sepol_exists(target))
 		return;
-	sepol_allow(target, "rootfs", "file", ALL);
-	sepol_allow(target, "rootfs", "lnk_file", ALL);
-	sepol_allow(target, "su", "unix_stream_socket", "connectto");
-	sepol_allow(target, "su", "unix_stream_socket", "getopt");
-	sepol_allow(target, "su_file", "sock_file", "read");
-	sepol_allow(target, "su_file", "sock_file", "write");
-	sepol_allow(target, "su_file", "file", ALL);
-	sepol_allow(target, "su_file", "dir", ALL);
+	sepol_allow(target, SEPOL_PROC_DOMAIN, "unix_stream_socket", "connectto");
+	sepol_allow(target, SEPOL_PROC_DOMAIN, "unix_stream_socket", "getopt");
 	sepol_allow(target, "devpts", "chr_file", "ioctl");
-	sepol_allow("su", target, "fd", "use");
-	sepol_allow("su", target, "fifo_file", ALL);
+	sepol_allow(SEPOL_PROC_DOMAIN, target, "fd", "use");
+	sepol_allow(SEPOL_PROC_DOMAIN, target, "fifo_file", ALL);
+
+	// Allow access to magisk files
+	sepol_allow(target, SEPOL_FILE_DOMAIN, "sock_file", "read");
+	sepol_allow(target, SEPOL_FILE_DOMAIN, "sock_file", "write");
+	sepol_allow(target, SEPOL_FILE_DOMAIN, "file", ALL);
+	sepol_allow(target, SEPOL_FILE_DOMAIN, "dir", ALL);
 }
 
 void suRights() {
-	sepol_allow("servicemanager", "su", "dir", "search");
-	sepol_allow("servicemanager", "su", "dir", "read");
-	sepol_allow("servicemanager", "su", "file", "open");
-	sepol_allow("servicemanager", "su", "file", "read");
-	sepol_allow("servicemanager", "su", "process", "getattr");
-	sepol_allow("servicemanager", "su", "binder", "transfer");
-	sepol_allow("system_server", "su", "binder", "call");
-	sepol_allow("system_server", "su", "fd", "use");
+	sepol_allow("servicemanager", SEPOL_PROC_DOMAIN, "dir", "search");
+	sepol_allow("servicemanager", SEPOL_PROC_DOMAIN, "dir", "read");
+	sepol_allow("servicemanager", SEPOL_PROC_DOMAIN, "file", "open");
+	sepol_allow("servicemanager", SEPOL_PROC_DOMAIN, "file", "read");
+	sepol_allow("servicemanager", SEPOL_PROC_DOMAIN, "process", "getattr");
+	sepol_allow("servicemanager", SEPOL_PROC_DOMAIN, "binder", "transfer");
+	sepol_allow("system_server", SEPOL_PROC_DOMAIN, "binder", "call");
+	sepol_allow("system_server", SEPOL_PROC_DOMAIN, "fd", "use");
 
-	sepol_allow("su", "servicemanager", "dir", "search");
-	sepol_allow("su", "servicemanager", "dir", "read");
-	sepol_allow("su", "servicemanager", "file", "open");
-	sepol_allow("su", "servicemanager", "file", "read");
-	sepol_allow("su", "servicemanager", "process", "getattr");
-	sepol_allow("su", "servicemanager", "binder", "transfer");
-	sepol_allow("su", "servicemanager", "binder", "call");
-	sepol_allow("su", "system_server", "binder", "transfer");
-	sepol_allow("su", "system_server", "binder", "call");
+	sepol_allow(SEPOL_PROC_DOMAIN, "servicemanager", "dir", "search");
+	sepol_allow(SEPOL_PROC_DOMAIN, "servicemanager", "dir", "read");
+	sepol_allow(SEPOL_PROC_DOMAIN, "servicemanager", "file", "open");
+	sepol_allow(SEPOL_PROC_DOMAIN, "servicemanager", "file", "read");
+	sepol_allow(SEPOL_PROC_DOMAIN, "servicemanager", "process", "getattr");
+	sepol_allow(SEPOL_PROC_DOMAIN, "servicemanager", "binder", "transfer");
+	sepol_allow(SEPOL_PROC_DOMAIN, "servicemanager", "binder", "call");
+	sepol_allow(SEPOL_PROC_DOMAIN, "system_server", "binder", "transfer");
+	sepol_allow(SEPOL_PROC_DOMAIN, "system_server", "binder", "call");
 }
 
 void otherToSU() {
 	// allowLog
-	sepol_allow("logd", "su", "dir", "search");
-	sepol_allow("logd", "su", "file", "read");
-	sepol_allow("logd", "su", "file", "open");
-	sepol_allow("logd", "su", "file", "getattr");
+	sepol_allow("logd", SEPOL_PROC_DOMAIN, "dir", "search");
+	sepol_allow("logd", SEPOL_PROC_DOMAIN, "file", "read");
+	sepol_allow("logd", SEPOL_PROC_DOMAIN, "file", "open");
+	sepol_allow("logd", SEPOL_PROC_DOMAIN, "file", "getattr");
 
 	// suBackL0
-	sepol_allow("system_server", "su", "binder", "call");
-	sepol_allow("system_server", "su", "binder", "transfer");
+	sepol_allow("system_server", SEPOL_PROC_DOMAIN, "binder", "call");
+	sepol_allow("system_server", SEPOL_PROC_DOMAIN, "binder", "transfer");
 
 	// ES Explorer opens a sokcet
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "ioctl");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "read");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "getattr");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "write");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "setattr");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "lock");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "append");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "bind");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "connect");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "getopt");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "setopt");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "shutdown");
-	sepol_allow("untrusted_app", "su", "unix_stream_socket", "connectto");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "ioctl");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "read");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "getattr");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "write");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "setattr");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "lock");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "append");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "bind");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "connect");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "getopt");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "setopt");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "shutdown");
+	sepol_allow("untrusted_app", SEPOL_PROC_DOMAIN, "unix_stream_socket", "connectto");
 
 	// Any domain is allowed to send su "sigchld"
-	sepol_allow(ALL, "su", "process", "sigchld");
+	sepol_allow(ALL, SEPOL_PROC_DOMAIN, "process", "sigchld");
 
 	// uNetworkL0
-	sepol_attradd("su", "netdomain");
-	sepol_attradd("su", "bluetoothdomain");
+	sepol_attradd(SEPOL_PROC_DOMAIN, "netdomain");
+	sepol_attradd(SEPOL_PROC_DOMAIN, "bluetoothdomain");
 
 	// suBackL6
 	sepol_allow("surfaceflinger", "app_data_file", "dir", ALL);
@@ -82,43 +82,36 @@ void otherToSU() {
 		sepol_allow("audioserver", "audioserver", "process", "execmem");
 
 	// Liveboot
-	sepol_allow("surfaceflinger", "su", "process", "ptrace");
-	sepol_allow("surfaceflinger", "su", "binder", "transfer");
-	sepol_allow("surfaceflinger", "su", "binder", "call");
-	sepol_allow("surfaceflinger", "su", "fd", "use");
-	sepol_allow("debuggerd", "su", "process", "ptrace");
+	sepol_allow("surfaceflinger", SEPOL_PROC_DOMAIN, "process", "ptrace");
+	sepol_allow("surfaceflinger", SEPOL_PROC_DOMAIN, "binder", "transfer");
+	sepol_allow("surfaceflinger", SEPOL_PROC_DOMAIN, "binder", "call");
+	sepol_allow("surfaceflinger", SEPOL_PROC_DOMAIN, "fd", "use");
+	sepol_allow("debuggerd", SEPOL_PROC_DOMAIN, "process", "ptrace");
 
 	// dumpsys
-	sepol_allow(ALL, "su", "fd", "use");
-	sepol_allow(ALL, "su", "fifo_file", "write");
-	sepol_allow(ALL, "su", "fifo_file", "read");
-	sepol_allow(ALL, "su", "fifo_file", "open");
-	sepol_allow(ALL, "su", "fifo_file", "getattr");
+	sepol_allow(ALL, SEPOL_PROC_DOMAIN, "fd", "use");
+	sepol_allow(ALL, SEPOL_PROC_DOMAIN, "fifo_file", "write");
+	sepol_allow(ALL, SEPOL_PROC_DOMAIN, "fifo_file", "read");
+	sepol_allow(ALL, SEPOL_PROC_DOMAIN, "fifo_file", "open");
+	sepol_allow(ALL, SEPOL_PROC_DOMAIN, "fifo_file", "getattr");
 }
 
 void sepol_magisk_rules() {
 	// First prevent anything to change sepolicy except ourselves
 	sepol_deny(ALL, "kernel", "security", "load_policy");
 
-	if (!sepol_exists("su"))
-		sepol_create("su");
-	if (!sepol_exists("su_file"))
-		sepol_create("su_file");
-	sepol_permissive("su");
+	if (!sepol_exists(SEPOL_PROC_DOMAIN))
+		sepol_create(SEPOL_PROC_DOMAIN);
+	if (!sepol_exists(SEPOL_FILE_DOMAIN))
+		sepol_create(SEPOL_FILE_DOMAIN);
+	sepol_permissive(SEPOL_PROC_DOMAIN);
 
-	sepol_attradd("su", "mlstrustedsubject");
-	sepol_attradd("su_file", "mlstrustedobject");
-
-	// Allow magiskinit daemon to run and run in su context
-	sepol_allow("kernel", "device", "dir", ALL);
-	sepol_allow("kernel", "device", "file", ALL);
-	sepol_allow("kernel", "su", "unix_stream_socket", "connectto");
-	sepol_allow("kernel", "kernel", "process", "setcurrent");
-	sepol_allow("kernel", "su", "process", "dyntransition");
+	sepol_attradd(SEPOL_PROC_DOMAIN, "mlstrustedsubject");
+	sepol_attradd(SEPOL_FILE_DOMAIN, "mlstrustedobject");
 
 	// Let init run stuffs
-	sepol_allow("kernel", "su", "fd", "use");
-	sepol_allow("init", "su", "process", ALL);
+	sepol_allow("kernel", SEPOL_PROC_DOMAIN, "fd", "use");
+	sepol_allow("init", SEPOL_PROC_DOMAIN, "process", ALL);
 	sepol_allow("init", "system_file", "dir", ALL);
 	sepol_allow("init", "system_file", "lnk_file", ALL);
 	sepol_allow("init", "system_file", "file", ALL);
@@ -126,18 +119,19 @@ void sepol_magisk_rules() {
 
 	// Shell, properties, logs
 	if (sepol_exists("default_prop"))
-		sepol_allow("su", "default_prop", "property_service", "set");
-	sepol_allow("su", "init", "unix_stream_socket", "connectto");
-	sepol_allow("su", "rootfs", "filesystem", "remount");
+		sepol_allow(SEPOL_PROC_DOMAIN, "default_prop", "property_service", "set");
+	sepol_allow(SEPOL_PROC_DOMAIN, "init", "unix_stream_socket", "connectto");
+	sepol_allow(SEPOL_PROC_DOMAIN, "rootfs", "filesystem", "remount");
 	if (sepol_exists("logd"))
-		sepol_allow("su", "logd", "unix_stream_socket", "connectto");
-	sepol_allow("su", "su", ALL, ALL);
+		sepol_allow(SEPOL_PROC_DOMAIN, "logd", "unix_stream_socket", "connectto");
+	sepol_allow(SEPOL_PROC_DOMAIN, SEPOL_PROC_DOMAIN, ALL, ALL);
 
 	// For sepolicy live patching
-	sepol_allow("su", "kernel", "security", "read_policy");
-	sepol_allow("su", "kernel", "security", "load_policy");
+	sepol_allow(SEPOL_PROC_DOMAIN, "kernel", "security", "read_policy");
+	sepol_allow(SEPOL_PROC_DOMAIN, "kernel", "security", "load_policy");
 
 	// Allow these client to access su
+	allowSuClient("init");
 	allowSuClient("shell");
 	allowSuClient("untrusted_app");
 	allowSuClient("system_app");
@@ -151,26 +145,26 @@ void sepol_magisk_rules() {
 	otherToSU();
 
 	// For mounting loop devices, mirrors, tmpfs
-	sepol_allow("su", "kernel", "process", "setsched");
-	sepol_allow("su", "labeledfs", "filesystem", "mount");
-	sepol_allow("su", "labeledfs", "filesystem", "unmount");
-	sepol_allow("su", "tmpfs", "filesystem", "mount");
-	sepol_allow("su", "tmpfs", "filesystem", "unmount");
+	sepol_allow(SEPOL_PROC_DOMAIN, "kernel", "process", "setsched");
+	sepol_allow(SEPOL_PROC_DOMAIN, "labeledfs", "filesystem", "mount");
+	sepol_allow(SEPOL_PROC_DOMAIN, "labeledfs", "filesystem", "unmount");
+	sepol_allow(SEPOL_PROC_DOMAIN, "tmpfs", "filesystem", "mount");
+	sepol_allow(SEPOL_PROC_DOMAIN, "tmpfs", "filesystem", "unmount");
 	sepol_allow("kernel", ALL, "file", "read");
 
 	// Allow su to do anything to any files/dir/links
-	sepol_allow("su", ALL, "file", ALL);
-	sepol_allow("su", ALL, "dir", ALL);
-	sepol_allow("su", ALL, "lnk_file", ALL);
-	sepol_allow("su", ALL, "blk_file", ALL);
-	sepol_allow("su", ALL, "sock_file", ALL);
-	sepol_allow("su", ALL, "chr_file", ALL);
-	sepol_allow("su", ALL, "fifo_file", ALL);
+	sepol_allow(SEPOL_PROC_DOMAIN, ALL, "file", ALL);
+	sepol_allow(SEPOL_PROC_DOMAIN, ALL, "dir", ALL);
+	sepol_allow(SEPOL_PROC_DOMAIN, ALL, "lnk_file", ALL);
+	sepol_allow(SEPOL_PROC_DOMAIN, ALL, "blk_file", ALL);
+	sepol_allow(SEPOL_PROC_DOMAIN, ALL, "sock_file", ALL);
+	sepol_allow(SEPOL_PROC_DOMAIN, ALL, "chr_file", ALL);
+	sepol_allow(SEPOL_PROC_DOMAIN, ALL, "fifo_file", ALL);
 
 	// For changing attributes
 	sepol_allow("rootfs", "tmpfs", "filesystem", "associate");
-	sepol_allow("su_file", "labeledfs", "filesystem", "associate");
-	sepol_allow("su_file", "tmpfs", "filesystem", "associate");
+	sepol_allow(SEPOL_FILE_DOMAIN, "labeledfs", "filesystem", "associate");
+	sepol_allow(SEPOL_FILE_DOMAIN, "tmpfs", "filesystem", "associate");
 
 	// Xposed
 	sepol_allow("untrusted_app", "untrusted_app", "capability", "setgid");
@@ -185,4 +179,3 @@ void sepol_magisk_rules() {
 			sepol_allowxperm("domain", "untrusted_app_devpts", "chr_file", "0x5400-0x54FF");
 	}
 }
-