Remove all dontaudit in magisk rules

native/jni/magiskpolicy/rules.cpp

@@ -165,4 +165,10 @@ void sepol_magisk_rules() {
 
 	// Allow update engine to source addon.d.sh
 	sepol_allow("update_engine", "adb_data_file", "dir", ALL);
+
+	// Remove all dontaudit
+	for_each_avtab_node([](auto p) -> void {
+		if (p->key.specified == AVTAB_AUDITDENY || p->key.specified == AVTAB_XPERMS_DONTAUDIT)
+			avtab_remove_node(&policydb->te_avtab, p);
+	});
 }

native/jni/magiskpolicy/sepolicy.c

@@ -406,6 +406,17 @@ int create_domain(const char *d) {
 	return set_attr("domain", value);
 }
 
+void for_each_avtab_node(void (*callback)(avtab_ptr_t)) {
+	avtab_ptr_t cur, next;
+	for (int i = 0; i < policydb->te_avtab.nslot; ++i) {
+		for (cur = policydb->te_avtab.htable[i]; cur; cur = next) {
+			// cur could be removed after callback
+			next = cur->next;
+			callback(cur);
+		}
+	}
+}
+
 int set_domain_state(const char *s, int state) {
 	type_datum_t *type;
 	hashtab_ptr_t cur;

native/jni/magiskpolicy/sepolicy.h

@@ -19,10 +19,9 @@ extern policydb_t *policydb;
 		for (*ptr = table->htable[_i]; *ptr != NULL; *ptr = (*ptr)->next)
 
 // sepolicy manipulation functions
+void for_each_avtab_node(void (*callback)(avtab_ptr_t));
 int create_domain(const char *d);
 int set_domain_state(const char *s, int state);
-int add_file_transition(const char *s, const char *t, const char *c, const char *d,
-						const char *o);
 int add_typeattribute(const char *domainS, const char *attr);
 int add_rule(const char *s, const char *t, const char *c, const char *p, int effect, int n);
 int add_xperm_rule(const char *s, const char *t, const char *c, const char *range, int effect, int n);