diff --git a/scripts/build.sh b/scripts/build.sh
index 4e7af90..1727ed4 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -474,8 +474,6 @@ if [ "$HAS_GAPPS" ] || [ "$ROOT_SOL" = "magisk" ]; then
"add 0644 overlay.d/sbin/magisk32.xz $WORK_DIR/magisk/magisk32.xz" \
"add 0644 overlay.d/sbin/stub.xz $WORK_DIR/magisk/stub.xz" \
"mkdir 000 .backup" \
- "add 0750 overlay.d/sbin/post-fs-data.sh post-fs-data.sh" \
- "add 000 overlay.d/init.lsp.se.rc init.lsp.se.rc" \
|| abort "Unable to patch initrd"
elif [ "$ROOT_SOL" = "kernelsu" ]; then
echo "Extracting KernelSU"
@@ -503,7 +501,7 @@ if [ "$HAS_GAPPS" ]; then
echo "Integrating GApps"
"$WORK_DIR/magisk/magiskboot" cpio "$WORK_DIR/wsa/$ARCH/Tools/initrd.img" \
"add 000 overlay.d/init.lsp.cust.rc init.lsp.cust.rc" \
- "add 000 overlay.d/sbin/sepolicy.rule sepolicy.rule" \
+ "add 000 /lspolicy.rule sepolicy.rule" \
"add 000 overlay.d/sbin/cust.img $GAPPS_PATH" \
|| abort "Unable to patch initrd"
echo -e "done\n"
diff --git a/scripts/init.lsp.cust.rc b/scripts/init.lsp.cust.rc
index a4804bc..f02db70 100644
--- a/scripts/init.lsp.cust.rc
+++ b/scripts/init.lsp.cust.rc
@@ -1,11 +1,12 @@
on post-fs
mkdir /mnt/cust 0775 system system
- mount erofs loop@${MAGISKTMP}/cust.img /mnt/cust ro,seclabel
+ mount erofs loop@${MAGISKTMP}/cust.img /mnt/cust noatime,ro cache_strategy=readaround
wait /system_ext
- mount overlay overlay /system_ext lowerdir=/mnt/cust/system_ext:/system_ext,seclabel
+ mount overlay system_ext_etc_permissions_overlay /system_ext/etc/permissions noatime lowerdir=/system_ext/etc/permissions:/mnt/cust/system_ext/etc/permissions,redirect_dir=on,xino=on
+ mount overlay system_ext_priv-app_overlay /system_ext/priv-app noatime lowerdir=/system_ext/priv-app:/mnt/cust/system_ext/priv-app,redirect_dir=on,xino=on
wait /product
- mount overlay overlay /product lowerdir=/mnt/cust/product:/product,seclabel
+ mount overlay product_overlay /product noatime lowerdir=/product:/mnt/cust/product,redirect_dir=on,xino=on
wait /vendor
- mount overlay overlay /vendor lowerdir=/mnt/cust/vendor:/vendor,seclabel
+ mount overlay vendor_overlay /vendor noatime lowerdir=/vendor:/mnt/cust/vendor,redirect_dir=on,xino=on
wait /system
- mount overlay overlay /system/priv-app lowerdir=/mnt/cust/system/priv-app:/system/priv-app,seclabel
+ mount overlay system_priv-app_overlay /system/priv-app noatime lowerdir=/mnt/cust/system/priv-app:/system/priv-app,redirect_dir=on,xino=on
diff --git a/scripts/init.lsp.se.rc b/scripts/init.lsp.se.rc
deleted file mode 100644
index fbf50dc..0000000
--- a/scripts/init.lsp.se.rc
+++ /dev/null
@@ -1,2 +0,0 @@
-on post-fs-data
- exec u:r:magisk:s0 0 0 -- ${MAGISKTMP}/post-fs-data.sh
diff --git a/scripts/post-fs-data.sh b/scripts/post-fs-data.sh
deleted file mode 100644
index 5c615f6..0000000
--- a/scripts/post-fs-data.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/system/bin/sh
-MAGISKTMP=/sbin
-[ -d /sbin ] || MAGISKTMP=/debug_ramdisk
-MAGISKBIN=/data/adb/magisk
-if [ ! -f $MAGISKBIN/magiskpolicy ]; then
- # shellcheck disable=SC2174
- mkdir -p -m 755 $MAGISKBIN
- chcon u:object_r:system_file:s0 $MAGISKBIN
- ABI=$(/system/bin/getprop ro.product.cpu.abi)
- /system/bin/unzip -d $MAGISKBIN -j $MAGISKTMP/stub.apk "lib/$ABI/libmagiskpolicy.so"
- mv $MAGISKBIN/libmagiskpolicy.so $MAGISKBIN/magiskpolicy
- chmod 755 $MAGISKBIN/magiskpolicy
-fi
-[ -f $MAGISKTMP/sepolicy.rule ] && $MAGISKBIN/magiskpolicy --live --apply $MAGISKTMP/sepolicy.rule
diff --git a/scripts/sepolicy.rule b/scripts/sepolicy.rule
index f5504dd..265b4de 100644
--- a/scripts/sepolicy.rule
+++ b/scripts/sepolicy.rule
@@ -3,5 +3,3 @@ allow gmscore_app device_config_runtime_native_boot_prop file read
allow gmscore_app system_server_tmpfs dir search
allow gmscore_app system_server_tmpfs file open
allow gmscore_app { system_server_tmpfs media_rw_data_file } filesystem getattr
-allow { platform_app system_app } default_android_service service_manager { find add }
-allow system_server default_android_service service_manager add