From b191a14a232add499315e2aa573e986fb5f02b74 Mon Sep 17 00:00:00 2001 From: Andrew Gunnerson Date: Tue, 25 Jul 2023 01:56:15 -0400 Subject: [PATCH] magiskpolicy: Fix old xperms being cleared when adding new xperms This commit updates sepol_impl::add_xperm_rule() so that it loads the current xperm bits from the existing avtab entry before setting or clearing xperm bits. This fixes new allowxperm rules causing old xperm rules within the same xperm specified/driver to be removed. Fixes: #7176 Signed-off-by: Andrew Gunnerson --- native/src/sepolicy/sepolicy.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/native/src/sepolicy/sepolicy.cpp b/native/src/sepolicy/sepolicy.cpp index 59d4aa077..48dd69ac1 100644 --- a/native/src/sepolicy/sepolicy.cpp +++ b/native/src/sepolicy/sepolicy.cpp @@ -272,6 +272,10 @@ void sepol_impl::add_xperm_rule(type_datum_t *src, type_datum_t *tgt, xperms.driver = ioctl_driver(low); } + datum = &get_avtab_node(&key, &xperms)->datum; + if (datum->xperms != nullptr) + memcpy(xperms.perms, datum->xperms->perms, sizeof(xperms.perms)); + if (xperms.specified == AVTAB_XPERMS_IOCTLDRIVER) { for (int i = ioctl_driver(low); i <= ioctl_driver(high); ++i) { if (invert) @@ -288,8 +292,6 @@ void sepol_impl::add_xperm_rule(type_datum_t *src, type_datum_t *tgt, } } - datum = &get_avtab_node(&key, &xperms)->datum; - if (datum->xperms == nullptr) datum->xperms = auto_cast(malloc(sizeof(xperms)));