[Bug] Zygote crash due to missing SELinux rules (enchilada, LOS, Magisk)

[droserasprout]

Steps to reproduce/复现步骤

Setup

• OnePlus 6 (enchilada)
• Official LineageOS (lineage-22.2-20260408-nightly-enchilada-signed.zip)
• Magisk 30.7 (30700)
• NeoZygisk v2.3 (282-de38c62-debug, latest debug build)
• Vector 2.0 (3021)

Problem

Zygote crash-loops when NeoZygisk tries to load Vector Xposed.

Root Cause

A two-part failure:

1. SELinux blocks Vector's injection. NeoZygisk injects code that runs in the original u:r:zygote:s0 context (unlike Magisk's Zygisk, which uses a privileged context). Zygote lacks permission to write lspd.dex into /system/framework/, so it crashes on every restart.

2. Preinit sepolicy rules aren't being applied. The rules in /data/unencrypted/magisk/sepolicy.rule — including NeoZygisk's own allow zygote adb_data_file dir search — are never loaded by magiskinit on this device. Likely a Magisk 30.7 regression or device-specific bug.

Additionally, Magisk 30+ hard-ignores any module with a zygisk/ directory when its built-in Zygisk is off, skipping that module's scripts, overlays, and sepolicy rules entirely.

Fix

Live-patch SELinux in NeoZygisk's post-fs-data.sh before the ptrace monitor starts:

# 1. Apply NeoZygisk's own rules (fixes zygote crash)
magiskpolicy --live --apply "$MODDIR/sepolicy.rule"

# 2. Apply rules from all Magisk-ignored zygisk modules (fixes Vector's missing types)
for file in ../*; do
  if [ -d "$file" ] && [ -d "$file/zygisk" ] && ! [ -f "$file/disable" ]; then
    [ -f "$file/sepolicy.rule" ] && magiskpolicy --live --apply "$(realpath $file/sepolicy.rule)"
  fi
done

Missing SELinux rules that had to be added:

allow zygote system_file dir { write add_name create }
allow zygote system_file file { write create open append }

Result

After reboot: zygote injected, zero crashes, zero SELinux denials, Vector fully operational.

Expected behaviour/预期行为

• NeoZygisk: monitor: 😋 tracing
• Vector: Activated

Actual behaviour/实际行为

• NeoZygisk: monitor: ❌ stopped(zygote crashed)
• Vector: manager warns about SELinux issues

Root implementation/Root 方案

Magisk 30.7

System Module List/系统模块列表

- audio-misc-settings
- callrecorder-skvalex
- compatible-magisk-mirroring
- microg_installer
- zygisk_shamiko (was uninstalled later, not the cause)
- zygisksu
- zygisk_vector

NeoZygisk version/NeoZygisk 版本

282-de38c62-debug

Android version/Android 版本

Android 15 (LineageOS 22.2 build 20260408)

Version requirement/版本要求

• I am using the latest debug build from GitHub Actions./我正在使用 GitHub Actions 中最新的调试版本。

Logs/日志

LSPosed_2026-04-12T18_07_00.689641.zip

[droserasprout]

As far as I understand, this is not a NeoZygisk bug (#121). But described workaround helped me to get NeoZygisk working on my device, so I think it's worth sharing. Should I also report this bug to Magisk?

[JingMatrix]

@droserasprout The real cause seems to be not a simply SELinux issue.

Please flash the latest build of Vector and NeoZygisk (without your modification), and upload your folder /data/adb/lspd/log as logs for me to investigate later.

[droserasprout]

Done on Vector-v2.0-3039-Debug/NeoZygisk-v2.3-282-de38c62-debug, one boot with Zygisk enabled in Magisk settings and one with disabled.

log_zygisk_enabled.zip

log_zygisk_disabled.zip

[GalaxJann]

Hey, my zygote has been crashing consistently since yesterday. I haven't changed anything in my module configuration. I'm using NeoZygisk and Vector.

However, I'm running KernelSU Next instead of Magisk

Edit: I tried to switch to ReZygisk, but that also doesn't work. It crashes for unknown reason

[MR0000001]

Hey, my zygote has been crashing consistently since yesterday. I haven't changed anything in my module configuration. I'm using NeoZygisk and Vector.

However, I'm running KernelSU Next instead of Magisk

Edit: I tried to switch to ReZygisk, but that also doesn't work. It crashes for unknown reason

Me same situation without changing anything