From 2977dbcded8adfd469cfa21d1b24b8492635b7ed Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Thu, 29 Nov 2018 06:28:37 -0500
Subject: [PATCH] Remove all dontaudit in magisk rules

---
 native/jni/magiskpolicy/rules.cpp  |  6 ++++++
 native/jni/magiskpolicy/sepolicy.c | 11 +++++++++++
 native/jni/magiskpolicy/sepolicy.h |  3 +--
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/native/jni/magiskpolicy/rules.cpp b/native/jni/magiskpolicy/rules.cpp
index 87d3c8430..88e00a53e 100644
--- a/native/jni/magiskpolicy/rules.cpp
+++ b/native/jni/magiskpolicy/rules.cpp
@@ -165,4 +165,10 @@ void sepol_magisk_rules() {
 
 	// Allow update engine to source addon.d.sh
 	sepol_allow("update_engine", "adb_data_file", "dir", ALL);
+
+	// Remove all dontaudit
+	for_each_avtab_node([](auto p) -> void {
+		if (p->key.specified == AVTAB_AUDITDENY || p->key.specified == AVTAB_XPERMS_DONTAUDIT)
+			avtab_remove_node(&policydb->te_avtab, p);
+	});
 }
diff --git a/native/jni/magiskpolicy/sepolicy.c b/native/jni/magiskpolicy/sepolicy.c
index a9477c028..2d8063c1c 100644
--- a/native/jni/magiskpolicy/sepolicy.c
+++ b/native/jni/magiskpolicy/sepolicy.c
@@ -406,6 +406,17 @@ int create_domain(const char *d) {
 	return set_attr("domain", value);
 }
 
+void for_each_avtab_node(void (*callback)(avtab_ptr_t)) {
+	avtab_ptr_t cur, next;
+	for (int i = 0; i < policydb->te_avtab.nslot; ++i) {
+		for (cur = policydb->te_avtab.htable[i]; cur; cur = next) {
+			// cur could be removed after callback
+			next = cur->next;
+			callback(cur);
+		}
+	}
+}
+
 int set_domain_state(const char *s, int state) {
 	type_datum_t *type;
 	hashtab_ptr_t cur;
diff --git a/native/jni/magiskpolicy/sepolicy.h b/native/jni/magiskpolicy/sepolicy.h
index a306bc2bd..31cde10e4 100644
--- a/native/jni/magiskpolicy/sepolicy.h
+++ b/native/jni/magiskpolicy/sepolicy.h
@@ -19,10 +19,9 @@ extern policydb_t *policydb;
 		for (*ptr = table->htable[_i]; *ptr != NULL; *ptr = (*ptr)->next)
 
 // sepolicy manipulation functions
+void for_each_avtab_node(void (*callback)(avtab_ptr_t));
 int create_domain(const char *d);
 int set_domain_state(const char *s, int state);
-int add_file_transition(const char *s, const char *t, const char *c, const char *d,
-						const char *o);
 int add_typeattribute(const char *domainS, const char *attr);
 int add_rule(const char *s, const char *t, const char *c, const char *p, int effect, int n);
 int add_xperm_rule(const char *s, const char *t, const char *c, const char *range, int effect, int n);