3fa92beda7ee062b15f6b214bdc7e5f6a71df28e |
|
20-Oct-2014 |
dcashman <dcashman@google.com> |
Accept command-line input for neverallow-check. Also, divide each sepolicy-analyze function into its own component for simplified command-line parsing and potentially eventual modularization. Bug: 18005561 Cherry-pick from: https://android-review.googlesource.com/#/c/111626/ Change-Id: I751a99feffe820308ec58514fdba4cdef184d964
/external/sepolicy/tools/Android.mk
|
c9bb91da5fc84bce936f0795d18bf5c36fa5db6f |
|
01-Nov-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Reintroduce -Wall -Werror to check_seapp. Also add attribute for a potential unused function argument when dealing with darwin SDK builds. Change-Id: Iefdbecb050cc5fff6036f15413566e10cefa3813
/external/sepolicy/tools/Android.mk
|
2d8a42373e483d0f3b952699ada5bbf323593d8a |
|
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Revert -Wall -Werror Temporarily revert -Wall -Werror on checkseapp. This is causing a compiler error on darwin SDK builds. cc1: warnings being treated as errors external/sepolicy/tools/check_seapp.c: In function 'rule_map_free': external/sepolicy/tools/check_seapp.c:439: warning: unused parameter 's' make: *** [out/host/darwin-x86/obj/EXECUTABLES/checkseapp_intermediates/check_seapp.o] Error 1 Change-Id: I9776777a751f16d5ca0d90e731482c31dac813f9
/external/sepolicy/tools/Android.mk
|
7b2bee99c18b8cb3f52161b1191d16b8ab50b08f |
|
31-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add sepolicy-analyze tool. And also remove the unnecessary references to libselinux for sepolicy-check, as it has no dependencies on libselinux. Also enable -Wall -Werror on building all of these tools and fix up all such errors. Usage: $ sepolicy-analyze -e -P out/target/product/<device>/root/sepolicy or $ sepolicy-analyze -d -P out/target/product/<device>/root/sepolicy The first form will display all type pairs that are "equivalent", i.e. they are identical with respect to allow rules, including indirect allow rules via attributes and default-enabled conditional rules (i.e. default boolean values yield a true conditional expression). Equivalent types are candidates for being coalesced into a single type. However, there may be legitimate reasons for them to remain separate, for example: - the types may differ in a respect not included in the current analysis, such as default-disabled conditional rules, audit-related rules (auditallow or dontaudit), default type transitions, or constraints (e.g. mls), or - the current policy may be overly permissive with respect to one or the other of the types and thus the correct action may be to tighten access to one or the other rather than coalescing them together, or - the domains that would in fact have different accesses to the types may not yet be defined or may be unconfined in the policy you are analyzing (e.g. in AOSP policy). The second form will display type pairs that differ and the first difference found between the two types. This output can be long. We have plans to explore further enhancements to this tool, including support for identifying isomorphic types. That will be required to identify similar domains since all domains differ in at least their entrypoint type and in their tmpfs type and thus will never show up as equivalent even if they are in all other respects identical to each other. Change-Id: If0ee00188469d2a1e165fdd52f235c705d22cd4e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/tools/Android.mk
|
01aaeb6a82ca23744fd629e8522697f0fcac8c13 |
|
23-Aug-2013 |
Geremy Condra <gcondra@google.com> |
Add sepolicy-check, a utility for auditing selinux policy. This is based on Joshua Brindle's sepolicy-inject. Change-Id: Ie75bd56a2996481592dcfe7ad302b52f381d5b18
/external/sepolicy/tools/Android.mk
|
edf7b4c861144764d0bc17436064d52e7147f916 |
|
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""" This reverts commit 60d4d71ead9e9ac96e9cb81380c254bac3a9df4f This should (finally) be fixed in https://android-review.googlesource.com/#/c/54730/ Change-Id: I3dd358560f7236f28387ffbe247fc2b004e303ea
/external/sepolicy/tools/Android.mk
|
60d4d71ead9e9ac96e9cb81380c254bac3a9df4f |
|
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""" This reverts commit cd4104e84b438827fddd6a7fe6cb86e91392152d This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution. Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0
/external/sepolicy/tools/Android.mk
|
cd4104e84b438827fddd6a7fe6cb86e91392152d |
|
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"" This reverts commit 1446e714af0b0c358b5ecf37c5d704c96c72cf7c Hidden dependency has been resolved. Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae
/external/sepolicy/tools/Android.mk
|
1446e714af0b0c358b5ecf37c5d704c96c72cf7c |
|
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Dynamic insertion of pubkey to mac_permissions.xml" This reverts commit 22fc04103b70dd5a1cb1b5a8309ef20461e06289 Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee
/external/sepolicy/tools/Android.mk
|
22fc04103b70dd5a1cb1b5a8309ef20461e06289 |
|
05-Dec-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Dynamic insertion of pubkey to mac_permissions.xml Support the inseretion of the public key from pem files into the mac_permissions.xml file at build time. Change-Id: Ia42b6cba39bf93723ed3fb85236eb8f80a08962a
/external/sepolicy/tools/Android.mk
|
cdfb06f55394d68a7df1110d83070961a2cc52aa |
|
01-Nov-2012 |
Alice Chu <alice.chu@sta.samsung.com> |
Moved Android policy tools to tools directory Change-Id: I57b0dd9f8071eae492020f410c87f465ba820711
/external/sepolicy/tools/Android.mk
|