From 3fe9b0cafe64311c72d72c5630dcd5d117959996 Mon Sep 17 00:00:00 2001
From: JingMatrix <jingmatrix@gmail.com>
Date: Sun, 8 Mar 2026 19:09:26 +0100
Subject: [PATCH] Add execmem SELinux rule for system_server

In commit 3d11c2f0f7754201c6b5ec4213b77ab26b711d26, the rule execmem is removed without explanation, possibly because that it is by default allowed for nearly all devices.

However, from user bug report, this rule is missing on `Realme X7 Max 5G` (realme/RMX3031/RMX3031L1:13/TP1A.220905.001/R.ead5d5-5fba), causing the function `shouldSkipSystemServer` in `ConfigManager.java` returning true.

We add it back to support our IPC bridge injection into system_server.
---
 zygisk/module/sepolicy.rule | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/zygisk/module/sepolicy.rule b/zygisk/module/sepolicy.rule
index cc170e6b2..a8f06fe5a 100644
--- a/zygisk/module/sepolicy.rule
+++ b/zygisk/module/sepolicy.rule
@@ -1,6 +1,8 @@
 allow dex2oat dex2oat_exec file execute_no_trans
 allow dex2oat system_linker_exec file execute_no_trans
 
+allow system_server system_server process execmem
+
 allow shell shell dir write
 
 type xposed_file file_type