Remove all dontaudit in magisk rules

This commit is contained in:
topjohnwu 2018-11-29 06:28:37 -05:00
parent ac60b51035
commit 2977dbcded
3 changed files with 18 additions and 2 deletions

View File

@ -165,4 +165,10 @@ void sepol_magisk_rules() {
// Allow update engine to source addon.d.sh // Allow update engine to source addon.d.sh
sepol_allow("update_engine", "adb_data_file", "dir", ALL); sepol_allow("update_engine", "adb_data_file", "dir", ALL);
// Remove all dontaudit
for_each_avtab_node([](auto p) -> void {
if (p->key.specified == AVTAB_AUDITDENY || p->key.specified == AVTAB_XPERMS_DONTAUDIT)
avtab_remove_node(&policydb->te_avtab, p);
});
} }

View File

@ -406,6 +406,17 @@ int create_domain(const char *d) {
return set_attr("domain", value); return set_attr("domain", value);
} }
void for_each_avtab_node(void (*callback)(avtab_ptr_t)) {
avtab_ptr_t cur, next;
for (int i = 0; i < policydb->te_avtab.nslot; ++i) {
for (cur = policydb->te_avtab.htable[i]; cur; cur = next) {
// cur could be removed after callback
next = cur->next;
callback(cur);
}
}
}
int set_domain_state(const char *s, int state) { int set_domain_state(const char *s, int state) {
type_datum_t *type; type_datum_t *type;
hashtab_ptr_t cur; hashtab_ptr_t cur;

View File

@ -19,10 +19,9 @@ extern policydb_t *policydb;
for (*ptr = table->htable[_i]; *ptr != NULL; *ptr = (*ptr)->next) for (*ptr = table->htable[_i]; *ptr != NULL; *ptr = (*ptr)->next)
// sepolicy manipulation functions // sepolicy manipulation functions
void for_each_avtab_node(void (*callback)(avtab_ptr_t));
int create_domain(const char *d); int create_domain(const char *d);
int set_domain_state(const char *s, int state); int set_domain_state(const char *s, int state);
int add_file_transition(const char *s, const char *t, const char *c, const char *d,
const char *o);
int add_typeattribute(const char *domainS, const char *attr); int add_typeattribute(const char *domainS, const char *attr);
int add_rule(const char *s, const char *t, const char *c, const char *p, int effect, int n); int add_rule(const char *s, const char *t, const char *c, const char *p, int effect, int n);
int add_xperm_rule(const char *s, const char *t, const char *c, const char *range, int effect, int n); int add_xperm_rule(const char *s, const char *t, const char *c, const char *range, int effect, int n);