From 843086f6f365df29aea99f0a9e090a40e507bfc4 Mon Sep 17 00:00:00 2001
From: Nullptr <noreply@nullptr.icu>
Date: Fri, 3 Mar 2023 18:17:31 +0800
Subject: [PATCH] Add more sepolicy

---
 module/src/customize.sh  | 6 +++++-
 module/src/sepolicy.rule | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/module/src/customize.sh b/module/src/customize.sh
index 119fbb1..5b7d4ad 100644
--- a/module/src/customize.sh
+++ b/module/src/customize.sh
@@ -82,6 +82,10 @@ extract "$ZIPFILE" 'sepolicy.rule' "$TMPDIR"
 
 if [ "$KSU" ]; then
   ui_print "- Checking SELinux patches"
+  if [ "$(getprop ro.product.first_api_level)" -lt 31 ]; then
+    echo "allow zygote appdomain_tmpfs file *" >> "$TMPDIR/sepolicy.rule"
+    echo "allow zygote appdomain_tmpfs dir *"  >> "$TMPDIR/sepolicy.rule"
+  fi
   if ! check_sepolicy "$TMPDIR/sepolicy.rule"; then
     ui_print "*********************************************************"
     ui_print "! Unable to apply SELinux patches!"
@@ -93,8 +97,8 @@ fi
 ui_print "- Extracting module files"
 extract "$ZIPFILE" 'module.prop'     "$MODPATH"
 extract "$ZIPFILE" 'post-fs-data.sh' "$MODPATH"
-extract "$ZIPFILE" 'sepolicy.rule'   "$MODPATH"
 extract "$ZIPFILE" 'service.sh'      "$MODPATH"
+mv "$TMPDIR/sepolicy.rule" "$MODPATH"
 
 HAS32BIT=false && [ -d "/system/lib" ] && HAS32BIT=true
 HAS64BIT=false && [ -d "/system/lib64" ] && HAS64BIT=true
diff --git a/module/src/sepolicy.rule b/module/src/sepolicy.rule
index 95b3aa7..33462ac 100644
--- a/module/src/sepolicy.rule
+++ b/module/src/sepolicy.rule
@@ -10,6 +10,7 @@ allow * magisk_file lnk_file *
 allow * magisk_file sock_file *
 
 allow system_server system_server process execmem
+allow zygote adb_data_file dir search
 allow zygote mnt_vendor_file dir search
 allow zygote system_file dir mounton
 allow zygote labeledfs filesystem mount