diff --git a/native/jni/magiskpolicy/rules.cpp b/native/jni/magiskpolicy/rules.cpp index 0c5df399f..bb3670045 100644 --- a/native/jni/magiskpolicy/rules.cpp +++ b/native/jni/magiskpolicy/rules.cpp @@ -171,10 +171,11 @@ void sepol_magisk_rules() { sepol_allow("update_engine", "adb_data_file", "dir", ALL); // Remove all dontaudit - for_each_avtab_node([](auto p) -> void { - if (p->key.specified == AVTAB_AUDITDENY || p->key.specified == AVTAB_XPERMS_DONTAUDIT) - avtab_remove_node(&policydb->te_avtab, p); - }); + avtab_ptr_t av; + avtab_for_each(&policydb->te_avtab, av, { + if (av->key.specified == AVTAB_AUDITDENY || av->key.specified == AVTAB_XPERMS_DONTAUDIT) + avtab_remove_node(&policydb->te_avtab, av); + }) log_cb.w = bak; } diff --git a/native/jni/magiskpolicy/sepolicy.c b/native/jni/magiskpolicy/sepolicy.c index c80c9a14a..92a9b0625 100644 --- a/native/jni/magiskpolicy/sepolicy.c +++ b/native/jni/magiskpolicy/sepolicy.c @@ -138,20 +138,20 @@ static int add_rule_auto(type_datum_t *src, type_datum_t *tgt, class_datum_t *cl int ret = 0; if (src == NULL) { - hashtab_for_each(policydb->p_types.table, &cur) { + hashtab_for_each(policydb->p_types.table, cur, { src = cur->datum; ret |= add_rule_auto(src, tgt, cls, perm, effect, not); - } + }) } else if (tgt == NULL) { - hashtab_for_each(policydb->p_types.table, &cur) { + hashtab_for_each(policydb->p_types.table, cur, { tgt = cur->datum; ret |= add_rule_auto(src, tgt, cls, perm, effect, not); - } + }) } else if (cls == NULL) { - hashtab_for_each(policydb->p_classes.table, &cur) { + hashtab_for_each(policydb->p_classes.table, cur, { cls = cur->datum; ret |= add_rule_auto(src, tgt, cls, perm, effect, not); - } + }) } else { key.source_type = src->s.value; key.target_type = tgt->s.value; @@ -210,20 +210,20 @@ static int add_xperm_rule_auto(type_datum_t *src, type_datum_t *tgt, class_datum int ret = 0; if (src == NULL) { - hashtab_for_each(policydb->p_types.table, &cur) { + hashtab_for_each(policydb->p_types.table, cur, { src = cur->datum; ret |= add_xperm_rule_auto(src, tgt, cls, low, high, effect, not); - } + }) } else if (tgt == NULL) { - hashtab_for_each(policydb->p_types.table, &cur) { + hashtab_for_each(policydb->p_types.table, cur, { tgt = cur->datum; ret |= add_xperm_rule_auto(src, tgt, cls, low, high, effect, not); - } + }) } else if (cls == NULL) { - hashtab_for_each(policydb->p_classes.table, &cur) { + hashtab_for_each(policydb->p_classes.table, cur, { cls = cur->datum; ret |= add_xperm_rule_auto(src, tgt, cls, low, high, effect, not); - } + }) } else { key.source_type = src->s.value; key.target_type = tgt->s.value; @@ -407,28 +407,17 @@ int create_domain(const char *d) { return set_attr("domain", value); } -void for_each_avtab_node(void (*callback)(avtab_ptr_t)) { - avtab_ptr_t cur, next; - for (int i = 0; i < policydb->te_avtab.nslot; ++i) { - for (cur = policydb->te_avtab.htable[i]; cur; cur = next) { - // cur could be removed after callback - next = cur->next; - callback(cur); - } - } -} - int set_domain_state(const char *s, int state) { type_datum_t *type; hashtab_ptr_t cur; if (s == NULL) { - hashtab_for_each(policydb->p_types.table, &cur) { + hashtab_for_each(policydb->p_types.table, cur, { type = cur->datum; if (ebitmap_set_bit(&policydb->permissive_map, type->s.value, state)) { LOGW("Could not set bit in permissive map\n"); return 1; } - } + }) } else { type = hashtab_search(policydb->p_types.table, s); if (type == NULL) { diff --git a/native/jni/magiskpolicy/sepolicy.h b/native/jni/magiskpolicy/sepolicy.h index 31cde10e4..4c5cc1c26 100644 --- a/native/jni/magiskpolicy/sepolicy.h +++ b/native/jni/magiskpolicy/sepolicy.h @@ -13,13 +13,22 @@ extern "C" { // Global policydb extern policydb_t *policydb; -// hashtab traversal macro -#define hashtab_for_each(table, ptr) \ - for (int _i = 0; _i < table->size; ++_i) \ - for (*ptr = table->htable[_i]; *ptr != NULL; *ptr = (*ptr)->next) +// General hash table traversal +#define hash_for_each(table, slots, tab, cur, block) \ + for (int __i = 0; __i < (tab)->slots; ++__i) { \ + __typeof__(cur) __next; \ + for (cur = (tab)->table[__i]; cur; cur = __next) { \ + __next = cur->next; \ + block \ + } \ + } \ + +// hashtab traversal +#define hashtab_for_each(hashtab, cur, block) hash_for_each(htable, size, hashtab, cur, block) + +// avtab traversal +#define avtab_for_each(avtab, cur, block) hash_for_each(htable, nslot, avtab, cur, block) -// sepolicy manipulation functions -void for_each_avtab_node(void (*callback)(avtab_ptr_t)); int create_domain(const char *d); int set_domain_state(const char *s, int state); int add_typeattribute(const char *domainS, const char *attr);