br0kenpixel/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-09-06 06:36:58 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

Misc changes

Browse Source 
- actions: Update all actions/checkout references to v4
- magiskboot: Add missing new line to dtb help message
- docs: Update documents, fix some errors and remove outdated info
This commit is contained in:
canyie
2023-11-13 19:11:24 +08:00
committed by John Wu
parent 8d5b9e5329
commit 68442f38ac
5 changed files with 44 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/details.md
View File

@@ -110,4 +110,4 @@ Before Android 8.0, all allowed su client domains are allowed to directly connec
After Android 8.0, to reduce relaxation of rules in Android's sandbox, a new SELinux model is deployed. The `magisk` binary is labelled with `magisk_exec` file type, and processes running as allowed su client domains executing the `magisk` binary (this includes the `su` command) will transit to `magisk_client` by using a `type_transition` rule. Rules strictly restrict that only `magisk` domain processes are allowed to attribute files to `magisk_exec`. Direct connection to sockets of `magiskd` are not allowed; the only way to access the daemon is through a `magisk_client` process. These changes allow us to keep the sandbox intact, and keep Magisk specific rules separated from the rest of the policies.
The full set of rules can be found in `magiskpolicy/rules.cpp`.
The full set of rules can be found in `sepolicy/rules.cpp`.