From 88f1b7fdb976d2d6ff7a04b5cfd85287bfe2d44a Mon Sep 17 00:00:00 2001
From: "Pedro.js" <pedroolimpioguerra@gmail.com>
Date: Mon, 5 Aug 2024 12:40:50 -0300
Subject: [PATCH] fix: permission loophole

This commit tights the permissions for `tmpfs`, removing the permission loophole.

Signed-off-by: Pedro.js <pedroolimpioguerra@gmail.com>
---
 module/src/sepolicy.rule | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/module/src/sepolicy.rule b/module/src/sepolicy.rule
index a99f9ef..48669a6 100644
--- a/module/src/sepolicy.rule
+++ b/module/src/sepolicy.rule
@@ -1,9 +1,9 @@
-allow * tmpfs * *
-allow zygote appdomain_tmpfs dir *
+allow zygote tmpfs file *
 allow zygote appdomain_tmpfs file *
 
 type magisk_file file_type
 typeattribute magisk_file mlstrustedobject
+
 allow * magisk_file file *
 allow * magisk_file dir *
 allow * magisk_file fifo_file *
@@ -12,9 +12,10 @@ allow * magisk_file lnk_file *
 allow * magisk_file sock_file *
 
 allow system_server system_server process execmem
+allow zygote zygote process execmem
+
 allow zygote adb_data_file dir search
 allow zygote mnt_vendor_file dir search
 allow zygote system_file dir mounton
 allow zygote labeledfs filesystem mount
 allow zygote fs_type filesystem unmount
-allow zygote zygote process execmem