Allow kernel to relabel

topjohnwu · Dec 15, 2024 · 7bc2344 · 7bc2344
1 parent 1e702e0
commit 7bc2344
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/native/src/sepolicy/rules.rs b/native/src/sepolicy/rules.rs
@@ -111,6 +111,8 @@ impl SepolicyMagisk for sepolicy {
             // For relabelling files
             allow(["rootfs"], ["labeledfs", "tmpfs"], ["filesystem"], ["associate"]);
             allow([file], ["pipefs", "devpts"], ["filesystem"], ["associate"]);
+            allow(["kernel"], all, ["file"], ["relabelto"]);
+            allow(["kernel"], ["tmpfs"], ["file"], ["relabelfrom"]);
 
             // Let init transit to SEPOL_PROC_DOMAIN
             allow(["kernel"], ["kernel"], ["process"], ["setcurrent"]);