From e729eec6366f67bd3ced4ad611a6f40fd5070bc9 Mon Sep 17 00:00:00 2001 From: Wang Han <416810799@qq.com> Date: Tue, 2 Dec 2025 08:41:02 +0800 Subject: [PATCH] Remove unnecessary file system permissions Removed permissions for mounting loop devices, mirrors, and tmpfs. --- native/src/sepolicy/rules.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/native/src/sepolicy/rules.rs b/native/src/sepolicy/rules.rs index 0bc548de2..5bb6daf32 100644 --- a/native/src/sepolicy/rules.rs +++ b/native/src/sepolicy/rules.rs @@ -125,9 +125,6 @@ impl SePolicy { // Let init run stuffs allow(["init"], [proc], ["process"], all); - // For mounting loop devices, mirrors, tmpfs - allow(["kernel"], ["fs_type", "dev_type", "file_type"], ["file"], ["read", "write"]); - // Zygisk rules allow(["zygote"], ["zygote"], ["process"], ["execmem"]); allow(["zygote"], ["fs_type"], ["filesystem"], ["unmount"]);