Switch from deprecated AUDITDENY to DONTAUDIT

piowind · Nov 29, 2018 · 9b170f2 · 9b170f2
1 parent 51e9ff5
commit 9b170f2
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 7 deletions.
diff --git a/native/jni/magiskpolicy/api.cpp b/native/jni/magiskpolicy/api.cpp
@@ -16,8 +16,8 @@ int sepol_auditallow(const char *s, const char *t, const char *c, const char *p)
 	return add_rule(s, t, c, p, AVTAB_AUDITALLOW, 0);
 }
 
-int sepol_auditdeny(const char *s, const char *t, const char *c, const char *p) {
-	// printf("auditdeny %s %s %s %s\n", s, t, c, p);
+int sepol_dontaudit(const char *s, const char *t, const char *c, const char *p) {
+	// printf("dontaudit %s %s %s %s\n", s, t, c, p);
 	return add_rule(s, t, c, p, AVTAB_AUDITDENY, 0);
 }
 

diff --git a/native/jni/magiskpolicy/magiskpolicy.cpp b/native/jni/magiskpolicy/magiskpolicy.cpp
@@ -15,7 +15,7 @@
 static const char *type_msg_1 =
 "Type 1:\n"
 "\"<rule_name> source_type target_type class perm_set\"\n"
-"Rules: allow, deny, auditallow, auditdeny\n";
+"Rules: allow, deny, auditallow, dontaudit\n";
 
 static const char *type_msg_2 =
 "Type 2:\n"
@@ -135,7 +135,7 @@ static int parse_pattern_1(int action, const char *action_str, char *stmt) {
 			action_func = sepol_auditallow;
 			break;
 		case 3:
-			action_func = sepol_auditdeny;
+			action_func = sepol_dontaudit;
 			break;
 		default:
 			return 1;
@@ -418,7 +418,7 @@ static void parse_statement(char *statement) {
 	add_action("allow", 1, 0)
 	add_action("deny", 1, 1)
 	add_action("auditallow", 1, 2)
-	add_action("auditdeny", 1, 3)
+	add_action("dontaudit", 1, 3)
 	add_action("allowxperm", 2, 0)
 	add_action("auditallowxperm", 2, 1)
 	add_action("dontauditxperm", 2, 2)

diff --git a/native/jni/magiskpolicy/magiskpolicy.h b/native/jni/magiskpolicy/magiskpolicy.h
@@ -30,7 +30,7 @@ void destroy_policydb();
 int sepol_allow(const char *s, const char *t, const char *c, const char *p);
 int sepol_deny(const char *s, const char *t, const char *c, const char *p);
 int sepol_auditallow(const char *s, const char *t, const char *c, const char *p);
-int sepol_auditdeny(const char *s, const char *t, const char *c, const char *p);
+int sepol_dontaudit(const char *s, const char *t, const char *c, const char *p);
 int sepol_typetrans(const char *s, const char *t, const char *c, const char *d);
 int sepol_typechange(const char *s, const char *t, const char *c, const char *d);
 int sepol_typemember(const char *s, const char *t, const char *c, const char *d);

diff --git a/native/jni/magiskpolicy/sepolicy.c b/native/jni/magiskpolicy/sepolicy.c
@@ -115,7 +115,8 @@ static avtab_ptr_t get_avtab_node(avtab_key_t *key, avtab_extended_perms_t *xper
 
 static int add_avrule(avtab_key_t *key, int p, int not) {
 	avtab_ptr_t node = get_avtab_node(key, NULL);
-	if (not) {
+	// Support DONTAUDIT (AUDITDENY is inverted)
+	if (AVTAB_AUDITDENY == node->key.specified == !not) {
 		if (p < 0)
 			node->datum.data = 0U;
 		else