Refactor sepolicy.rules resolve

We resolve available partitions for sepolicy.rules when patching
boot and bind mount the partition by magiskinit.

For older devices, the previous logic won't work because the part name
is never readable.

Co-authored-by: topjohnwu <topjohnwu@gmail.com>

scripts/avd_patch.sh

@@ -59,6 +59,8 @@ cp ramdisk.cpio ramdisk.cpio.orig
 
 touch config
 
+echo "RULESDEVICE=$(ISENCRYPTED=true ./magiskinit --rules-device)" >> config
+
 # For API 28, we also patch advancedFeatures.ini to disable SAR
 # Manually override skip_initramfs by setting RECOVERYMODE=true
 [ $API = "28" ] && echo 'RECOVERYMODE=true' >> config

scripts/boot_patch.sh

@@ -73,12 +73,16 @@ fi
 [ -z $KEEPFORCEENCRYPT ] && KEEPFORCEENCRYPT=false
 [ -z $PATCHVBMETAFLAG ] && PATCHVBMETAFLAG=false
 [ -z $RECOVERYMODE ] && RECOVERYMODE=false
+[ -z $ISENCRYPTED ] && ISENCRYPTED=false
 export KEEPVERITY
 export KEEPFORCEENCRYPT
 export PATCHVBMETAFLAG
+export ISENCRYPTED
 
 chmod -R 755 .
 
+RULESDEVICE="$(./magiskinit --rules-device)" || abort "! Unable to find rules partition!"
+
 #########
 # Unpack
 #########
@@ -152,6 +156,7 @@ echo "KEEPVERITY=$KEEPVERITY" > config
 echo "KEEPFORCEENCRYPT=$KEEPFORCEENCRYPT" >> config
 echo "PATCHVBMETAFLAG=$PATCHVBMETAFLAG" >> config
 echo "RECOVERYMODE=$RECOVERYMODE" >> config
+echo "RULESDEVICE=$RULESDEVICE" >> config
 [ ! -z $SHA1 ] && echo "SHA1=$SHA1" >> config
 
 # Compress to save precious ramdisk space

scripts/util_functions.sh

@@ -637,37 +637,14 @@ run_migrations() {
 }
 
 copy_sepolicy_rules() {
-  # Remove all existing rule folders
-  rm -rf /data/unencrypted/magisk /cache/magisk /metadata/magisk /persist/magisk /mnt/vendor/persist/magisk
-
-  # Find current active RULESDIR
-  local RULESDIR
-  local ACTIVEDIR=$(magisk --path)/.magisk/mirror/sepolicy.rules
-  if [ -L $ACTIVEDIR ]; then
-    RULESDIR=$(readlink $ACTIVEDIR)
-    [ "${RULESDIR:0:1}" != "/" ] && RULESDIR="$(magisk --path)/.magisk/mirror/$RULESDIR"
-  elif ! $ISENCRYPTED; then
-    RULESDIR=$NVBASE/modules
-  elif [ -d /data/unencrypted ] && ! grep ' /data ' /proc/mounts | grep -qE 'dm-|f2fs'; then
-    RULESDIR=/data/unencrypted/magisk
-  elif grep ' /cache ' /proc/mounts | grep -q 'ext4' ; then
-    RULESDIR=/cache/magisk
-  elif grep ' /metadata ' /proc/mounts | grep -q 'ext4' ; then
-    RULESDIR=/metadata/magisk
-  elif grep ' /persist ' /proc/mounts | grep -q 'ext4' ; then
-    RULESDIR=/persist/magisk
-  elif grep ' /mnt/vendor/persist ' /proc/mounts | grep -q 'ext4' ; then
-    RULESDIR=/mnt/vendor/persist/magisk
-  else
+  local RULESDIR=$(magisk --path)/.magisk/sepolicy.rules
+  if ! grep -q " $RULESDIR " /proc/mounts; then
     ui_print "- Unable to find sepolicy rules dir"
     return 1
   fi
 
-  if [ -d ${RULESDIR%/magisk} ]; then
-    echo "RULESDIR=$RULESDIR" >&2
-  else
-    ui_print "- Unable to find sepolicy rules dir ${RULESDIR%/magisk}"
-    return 1
+  if ! grep -q "/adb/modules $RULESDIR " /proc/self/mountinfo; then
+    rm -rf $RULESDIR/*
   fi
 
   # Copy all enabled sepolicy.rule