diff options
| author | dcashman <dcashman@google.com> | 2014-03-25 16:27:56 -0700 |
|---|---|---|
| committer | dcashman <dcashman@google.com> | 2014-08-22 11:54:35 -0700 |
| commit | 9793ea7aa6734bfab3e0577b79ef46421560293a (patch) | |
| tree | 4e53909d24caddbbe3bc0205e7132c79b2405ac4 /tools | |
| parent | 302f59aaf026365b7560c317a14ff04152d69935 (diff) | |
| download | android_external_sepolicy-9793ea7aa6734bfab3e0577b79ef46421560293a.tar.gz android_external_sepolicy-9793ea7aa6734bfab3e0577b79ef46421560293a.tar.bz2 android_external_sepolicy-9793ea7aa6734bfab3e0577b79ef46421560293a.zip | |
Add permissive domains check to sepolicy-analyze.
Also enable global reading of kernel policy file. Motivation for this is to
allow read access to the kernel version of the binary selinux policy.
Change-Id: I1eefb457cea1164a8aa9eeb7683b3d99ee56ca99
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/sepolicy-analyze.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/tools/sepolicy-analyze.c b/tools/sepolicy-analyze.c index 3cef012..c9dab81 100644 --- a/tools/sepolicy-analyze.c +++ b/tools/sepolicy-analyze.c @@ -15,7 +15,7 @@ void usage(char *arg0) { - fprintf(stderr, "%s [-e|--equiv] [-d|--diff] [-D|--dups] -P <policy file>\n", arg0); + fprintf(stderr, "%s [-e|--equiv] [-d|--diff] [-D|--dups] [-p|--permissive] -P <policy file>\n", arg0); exit(1); } @@ -408,23 +408,41 @@ static int find_dups(policydb_t * policydb) return 0; } +static int list_permissive(policydb_t * policydb) +{ + struct ebitmap_node *n; + unsigned int bit; + + /* + * iterate over all domains and check if domain is in permissive + */ + ebitmap_for_each_bit(&policydb->permissive_map, n, bit) + { + if (ebitmap_node_get_bit(n, bit)) { + printf("%s\n", policydb->p_type_val_to_name[bit -1]); + } + } + return 0; +} + int main(int argc, char **argv) { char *policy = NULL; struct policy_file pf; policydb_t policydb; char ch; - char equiv = 0, diff = 0, dups = 0; + char equiv = 0, diff = 0, dups = 0, permissive = 0; struct option long_options[] = { {"equiv", no_argument, NULL, 'e'}, {"diff", no_argument, NULL, 'd'}, {"dups", no_argument, NULL, 'D'}, + {"permissive", no_argument, NULL, 'p'}, {"policy", required_argument, NULL, 'P'}, {NULL, 0, NULL, 0} }; - while ((ch = getopt_long(argc, argv, "edDP:", long_options, NULL)) != -1) { + while ((ch = getopt_long(argc, argv, "edDpP:", long_options, NULL)) != -1) { switch (ch) { case 'e': equiv = 1; @@ -435,6 +453,9 @@ int main(int argc, char **argv) case 'D': dups = 1; break; + case 'p': + permissive = 1; + break; case 'P': policy = optarg; break; @@ -443,7 +464,7 @@ int main(int argc, char **argv) } } - if (!policy || (!equiv && !diff && !dups)) + if (!policy || (!equiv && !diff && !dups && !permissive)) usage(argv[0]); if (load_policy(policy, &policydb, &pf)) @@ -455,6 +476,9 @@ int main(int argc, char **argv) if (dups) find_dups(&policydb); + if (permissive) + list_permissive(&policydb); + policydb_destroy(&policydb); return 0; |