magiskpolicy: Fix old xperms being cleared when adding new xperms

This commit updates sepol_impl::add_xperm_rule() so that it loads the
current xperm bits from the existing avtab entry before setting or
clearing xperm bits. This fixes new allowxperm rules causing old xperm
rules within the same xperm specified/driver to be removed.

Fixes: #7176

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
This commit is contained in:
Andrew Gunnerson 2023-07-25 01:56:15 -04:00 committed by John Wu
parent cf1bc82537
commit b191a14a23

View File

@ -272,6 +272,10 @@ void sepol_impl::add_xperm_rule(type_datum_t *src, type_datum_t *tgt,
xperms.driver = ioctl_driver(low); xperms.driver = ioctl_driver(low);
} }
datum = &get_avtab_node(&key, &xperms)->datum;
if (datum->xperms != nullptr)
memcpy(xperms.perms, datum->xperms->perms, sizeof(xperms.perms));
if (xperms.specified == AVTAB_XPERMS_IOCTLDRIVER) { if (xperms.specified == AVTAB_XPERMS_IOCTLDRIVER) {
for (int i = ioctl_driver(low); i <= ioctl_driver(high); ++i) { for (int i = ioctl_driver(low); i <= ioctl_driver(high); ++i) {
if (invert) if (invert)
@ -288,8 +292,6 @@ void sepol_impl::add_xperm_rule(type_datum_t *src, type_datum_t *tgt,
} }
} }
datum = &get_avtab_node(&key, &xperms)->datum;
if (datum->xperms == nullptr) if (datum->xperms == nullptr)
datum->xperms = auto_cast(malloc(sizeof(xperms))); datum->xperms = auto_cast(malloc(sizeof(xperms)));