1255e72915d4cbddceb435e13d81601755714e9fSE Android/* 2255e72915d4cbddceb435e13d81601755714e9fSE Android * Author: Mary Garvin <mgarvin@tresys.com> 3255e72915d4cbddceb435e13d81601755714e9fSE Android * 4255e72915d4cbddceb435e13d81601755714e9fSE Android * Copyright (C) 2007-2008 Tresys Technology, LLC 5255e72915d4cbddceb435e13d81601755714e9fSE Android * 6255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is free software; you can redistribute it and/or 7255e72915d4cbddceb435e13d81601755714e9fSE Android * modify it under the terms of the GNU Lesser General Public 8255e72915d4cbddceb435e13d81601755714e9fSE Android * License as published by the Free Software Foundation; either 9255e72915d4cbddceb435e13d81601755714e9fSE Android * version 2.1 of the License, or (at your option) any later version. 10255e72915d4cbddceb435e13d81601755714e9fSE Android * 11255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is distributed in the hope that it will be useful, 12255e72915d4cbddceb435e13d81601755714e9fSE Android * but WITHOUT ANY WARRANTY; without even the implied warranty of 13255e72915d4cbddceb435e13d81601755714e9fSE Android * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14255e72915d4cbddceb435e13d81601755714e9fSE Android * Lesser General Public License for more details. 15255e72915d4cbddceb435e13d81601755714e9fSE Android * 16255e72915d4cbddceb435e13d81601755714e9fSE Android * You should have received a copy of the GNU Lesser General Public 17255e72915d4cbddceb435e13d81601755714e9fSE Android * License along with this library; if not, write to the Free Software 18255e72915d4cbddceb435e13d81601755714e9fSE Android * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 19255e72915d4cbddceb435e13d81601755714e9fSE Android */ 20255e72915d4cbddceb435e13d81601755714e9fSE Android 21255e72915d4cbddceb435e13d81601755714e9fSE Android#include "test-downgrade.h" 22255e72915d4cbddceb435e13d81601755714e9fSE Android#include "parse_util.h" 23255e72915d4cbddceb435e13d81601755714e9fSE Android#include "helpers.h" 24255e72915d4cbddceb435e13d81601755714e9fSE Android 25255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/debug.h> 26255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/handle.h> 27255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/policydb.h> 28255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/link.h> 29255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/expand.h> 30255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/conditional.h> 31255e72915d4cbddceb435e13d81601755714e9fSE Android#include <limits.h> 32255e72915d4cbddceb435e13d81601755714e9fSE Android#include <CUnit/Basic.h> 33255e72915d4cbddceb435e13d81601755714e9fSE Android 34255e72915d4cbddceb435e13d81601755714e9fSE Android#define POLICY_BIN_HI "policies/test-downgrade/policy.hi" 35255e72915d4cbddceb435e13d81601755714e9fSE Android#define POLICY_BIN_LO "policies/test-downgrade/policy.lo" 36255e72915d4cbddceb435e13d81601755714e9fSE Android 37255e72915d4cbddceb435e13d81601755714e9fSE Androidstatic policydb_t policydb; 38255e72915d4cbddceb435e13d81601755714e9fSE Android 39255e72915d4cbddceb435e13d81601755714e9fSE Android/* 40255e72915d4cbddceb435e13d81601755714e9fSE Android * Function Name: downgrade_test_init 41255e72915d4cbddceb435e13d81601755714e9fSE Android * 42255e72915d4cbddceb435e13d81601755714e9fSE Android * Input: None 43255e72915d4cbddceb435e13d81601755714e9fSE Android * 44255e72915d4cbddceb435e13d81601755714e9fSE Android * Output: None 45255e72915d4cbddceb435e13d81601755714e9fSE Android * 46255e72915d4cbddceb435e13d81601755714e9fSE Android * Description: Initialize the policydb (policy data base structure) 47255e72915d4cbddceb435e13d81601755714e9fSE Android */ 48255e72915d4cbddceb435e13d81601755714e9fSE Androidint downgrade_test_init(void) 49255e72915d4cbddceb435e13d81601755714e9fSE Android{ 50255e72915d4cbddceb435e13d81601755714e9fSE Android /* Initialize the policydb_t structure */ 51255e72915d4cbddceb435e13d81601755714e9fSE Android if (policydb_init(&policydb)) { 52255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__); 53255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 54255e72915d4cbddceb435e13d81601755714e9fSE Android } 55255e72915d4cbddceb435e13d81601755714e9fSE Android 56255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 57255e72915d4cbddceb435e13d81601755714e9fSE Android} 58255e72915d4cbddceb435e13d81601755714e9fSE Android 59255e72915d4cbddceb435e13d81601755714e9fSE Android/* 60255e72915d4cbddceb435e13d81601755714e9fSE Android * Function Name: downgrade_test_cleanup 61255e72915d4cbddceb435e13d81601755714e9fSE Android * 62255e72915d4cbddceb435e13d81601755714e9fSE Android * Input: None 63255e72915d4cbddceb435e13d81601755714e9fSE Android * 64255e72915d4cbddceb435e13d81601755714e9fSE Android * Output: None 65255e72915d4cbddceb435e13d81601755714e9fSE Android * 66255e72915d4cbddceb435e13d81601755714e9fSE Android * Description: Destroys policydb structure 67255e72915d4cbddceb435e13d81601755714e9fSE Android */ 68255e72915d4cbddceb435e13d81601755714e9fSE Androidint downgrade_test_cleanup(void) 69255e72915d4cbddceb435e13d81601755714e9fSE Android{ 70255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_destroy(&policydb); 71255e72915d4cbddceb435e13d81601755714e9fSE Android 72255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 73255e72915d4cbddceb435e13d81601755714e9fSE Android} 74255e72915d4cbddceb435e13d81601755714e9fSE Android 75255e72915d4cbddceb435e13d81601755714e9fSE Android/* 76255e72915d4cbddceb435e13d81601755714e9fSE Android * Function Name: downgrade_add_tests 77255e72915d4cbddceb435e13d81601755714e9fSE Android * 78255e72915d4cbddceb435e13d81601755714e9fSE Android * Input: CU_pSuite 79255e72915d4cbddceb435e13d81601755714e9fSE Android * 80255e72915d4cbddceb435e13d81601755714e9fSE Android * Output: Returns 0 upon success. Returns a CUnit error value on failure. 81255e72915d4cbddceb435e13d81601755714e9fSE Android * 82255e72915d4cbddceb435e13d81601755714e9fSE Android * Description: Add the given downgrade tests to the downgrade suite. 83255e72915d4cbddceb435e13d81601755714e9fSE Android */ 84255e72915d4cbddceb435e13d81601755714e9fSE Androidint downgrade_add_tests(CU_pSuite suite) 85255e72915d4cbddceb435e13d81601755714e9fSE Android{ 86255e72915d4cbddceb435e13d81601755714e9fSE Android if (CU_add_test(suite, "downgrade", test_downgrade) == NULL) 87255e72915d4cbddceb435e13d81601755714e9fSE Android return CU_get_error(); 88255e72915d4cbddceb435e13d81601755714e9fSE Android 89255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 90255e72915d4cbddceb435e13d81601755714e9fSE Android} 91255e72915d4cbddceb435e13d81601755714e9fSE Android 92255e72915d4cbddceb435e13d81601755714e9fSE Android/* 93255e72915d4cbddceb435e13d81601755714e9fSE Android * Function Name: test_downgrade_possible 94255e72915d4cbddceb435e13d81601755714e9fSE Android * 95255e72915d4cbddceb435e13d81601755714e9fSE Android * Input: None 96255e72915d4cbddceb435e13d81601755714e9fSE Android * 97255e72915d4cbddceb435e13d81601755714e9fSE Android * Output: None 98255e72915d4cbddceb435e13d81601755714e9fSE Android * 99255e72915d4cbddceb435e13d81601755714e9fSE Android * Description: 100255e72915d4cbddceb435e13d81601755714e9fSE Android * Tests the backward compatability of MLS and Non-MLS binary policy versions. 101255e72915d4cbddceb435e13d81601755714e9fSE Android */ 102255e72915d4cbddceb435e13d81601755714e9fSE Androidvoid test_downgrade(void) 103255e72915d4cbddceb435e13d81601755714e9fSE Android{ 104255e72915d4cbddceb435e13d81601755714e9fSE Android if (do_downgrade_test(0) < 0) 105255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, 106255e72915d4cbddceb435e13d81601755714e9fSE Android "\nError during downgrade testing of Non-MLS policy\n"); 107255e72915d4cbddceb435e13d81601755714e9fSE Android 108255e72915d4cbddceb435e13d81601755714e9fSE Android 109255e72915d4cbddceb435e13d81601755714e9fSE Android if (do_downgrade_test(1) < 0) 110255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, 111255e72915d4cbddceb435e13d81601755714e9fSE Android "\nError during downgrade testing of MLS policy\n"); 112255e72915d4cbddceb435e13d81601755714e9fSE Android} 113255e72915d4cbddceb435e13d81601755714e9fSE Android 114255e72915d4cbddceb435e13d81601755714e9fSE Android/* 115255e72915d4cbddceb435e13d81601755714e9fSE Android * Function Name: do_downgrade_test 116255e72915d4cbddceb435e13d81601755714e9fSE Android * 117255e72915d4cbddceb435e13d81601755714e9fSE Android * Input: 0 for Non-MLS policy and 1 for MLS policy downgrade testing 118255e72915d4cbddceb435e13d81601755714e9fSE Android * 119255e72915d4cbddceb435e13d81601755714e9fSE Android * Output: 0 on success, negative number upon failure 120255e72915d4cbddceb435e13d81601755714e9fSE Android * 121255e72915d4cbddceb435e13d81601755714e9fSE Android * Description: This function handles the downgrade testing. 122255e72915d4cbddceb435e13d81601755714e9fSE Android * A binary policy is read into the policydb structure, the 123255e72915d4cbddceb435e13d81601755714e9fSE Android * policy version is decreased by a specific amount, written 124255e72915d4cbddceb435e13d81601755714e9fSE Android * back out and then read back in again. The process is 125255e72915d4cbddceb435e13d81601755714e9fSE Android * repeated until the minimum policy version is reached. 126255e72915d4cbddceb435e13d81601755714e9fSE Android */ 127255e72915d4cbddceb435e13d81601755714e9fSE Androidint do_downgrade_test(int mls) 128255e72915d4cbddceb435e13d81601755714e9fSE Android{ 129255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_t policydb_tmp; 130255e72915d4cbddceb435e13d81601755714e9fSE Android int hi, lo, version; 131255e72915d4cbddceb435e13d81601755714e9fSE Android 132255e72915d4cbddceb435e13d81601755714e9fSE Android /* Reset policydb for re-use */ 133255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_destroy(&policydb); 134255e72915d4cbddceb435e13d81601755714e9fSE Android downgrade_test_init(); 135255e72915d4cbddceb435e13d81601755714e9fSE Android 136255e72915d4cbddceb435e13d81601755714e9fSE Android /* Read in the hi policy from file */ 137255e72915d4cbddceb435e13d81601755714e9fSE Android if (read_binary_policy(POLICY_BIN_HI, &policydb) != 0) { 138255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "error reading %spolicy binary\n", mls ? "mls " : ""); 139255e72915d4cbddceb435e13d81601755714e9fSE Android CU_FAIL("Unable to read the binary policy"); 140255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 141255e72915d4cbddceb435e13d81601755714e9fSE Android } 142255e72915d4cbddceb435e13d81601755714e9fSE Android 143255e72915d4cbddceb435e13d81601755714e9fSE Android /* Change MLS value based on parameter */ 144255e72915d4cbddceb435e13d81601755714e9fSE Android policydb.mls = mls ? 1 : 0; 145255e72915d4cbddceb435e13d81601755714e9fSE Android 146255e72915d4cbddceb435e13d81601755714e9fSE Android for (hi = policydb.policyvers; hi >= POLICYDB_VERSION_MIN; hi--) { 147255e72915d4cbddceb435e13d81601755714e9fSE Android /* Stash old version number */ 148255e72915d4cbddceb435e13d81601755714e9fSE Android version = policydb.policyvers; 149255e72915d4cbddceb435e13d81601755714e9fSE Android 150255e72915d4cbddceb435e13d81601755714e9fSE Android /* Try downgrading to each possible version. */ 151255e72915d4cbddceb435e13d81601755714e9fSE Android for (lo = hi - 1; lo >= POLICYDB_VERSION_MIN; lo--) { 152255e72915d4cbddceb435e13d81601755714e9fSE Android 153255e72915d4cbddceb435e13d81601755714e9fSE Android /* Reduce policy version */ 154255e72915d4cbddceb435e13d81601755714e9fSE Android policydb.policyvers = lo; 155255e72915d4cbddceb435e13d81601755714e9fSE Android 156255e72915d4cbddceb435e13d81601755714e9fSE Android /* Write out modified binary policy */ 157255e72915d4cbddceb435e13d81601755714e9fSE Android if (write_binary_policy(POLICY_BIN_LO, &policydb) != 0) { 158255e72915d4cbddceb435e13d81601755714e9fSE Android /* 159255e72915d4cbddceb435e13d81601755714e9fSE Android * Error from MLS to pre-MLS is expected due 160255e72915d4cbddceb435e13d81601755714e9fSE Android * to MLS re-implementation in version 19. 161255e72915d4cbddceb435e13d81601755714e9fSE Android */ 162255e72915d4cbddceb435e13d81601755714e9fSE Android if (mls && lo < POLICYDB_VERSION_MLS) 163255e72915d4cbddceb435e13d81601755714e9fSE Android continue; 164255e72915d4cbddceb435e13d81601755714e9fSE Android 165255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "error writing %spolicy binary, version %d (downgraded from %d)\n", mls ? "mls " : "", lo, hi); 166255e72915d4cbddceb435e13d81601755714e9fSE Android CU_FAIL("Failed to write downgraded binary policy"); 167255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 168255e72915d4cbddceb435e13d81601755714e9fSE Android } 169255e72915d4cbddceb435e13d81601755714e9fSE Android 170255e72915d4cbddceb435e13d81601755714e9fSE Android /* Make sure we can read back what we wrote. */ 171255e72915d4cbddceb435e13d81601755714e9fSE Android if (policydb_init(&policydb_tmp)) { 172255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "%s: Out of memory!\n", 173255e72915d4cbddceb435e13d81601755714e9fSE Android __FUNCTION__); 174255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 175255e72915d4cbddceb435e13d81601755714e9fSE Android } 176255e72915d4cbddceb435e13d81601755714e9fSE Android if (read_binary_policy(POLICY_BIN_LO, &policydb_tmp) != 0) { 177255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "error reading %spolicy binary, version %d (downgraded from %d)\n", mls ? "mls " : "", lo, hi); 178255e72915d4cbddceb435e13d81601755714e9fSE Android CU_FAIL("Unable to read downgraded binary policy"); 179255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 180255e72915d4cbddceb435e13d81601755714e9fSE Android } 181255e72915d4cbddceb435e13d81601755714e9fSE Android policydb_destroy(&policydb_tmp); 182255e72915d4cbddceb435e13d81601755714e9fSE Android } 183255e72915d4cbddceb435e13d81601755714e9fSE Android /* Restore version number */ 184255e72915d4cbddceb435e13d81601755714e9fSE Android policydb.policyvers = version; 185255e72915d4cbddceb435e13d81601755714e9fSE Android } 186255e72915d4cbddceb435e13d81601755714e9fSE Android 187255e72915d4cbddceb435e13d81601755714e9fSE Android return 0; 188255e72915d4cbddceb435e13d81601755714e9fSE Android} 189255e72915d4cbddceb435e13d81601755714e9fSE Android 190255e72915d4cbddceb435e13d81601755714e9fSE Android/* 191255e72915d4cbddceb435e13d81601755714e9fSE Android * Function Name: read_binary_policy 192255e72915d4cbddceb435e13d81601755714e9fSE Android * 193255e72915d4cbddceb435e13d81601755714e9fSE Android * Input: char * which is the path to the file containing the binary policy 194255e72915d4cbddceb435e13d81601755714e9fSE Android * 195255e72915d4cbddceb435e13d81601755714e9fSE Android * Output: Returns 0 upon success. Upon failure, -1 is returned. 196255e72915d4cbddceb435e13d81601755714e9fSE Android * Possible failures are, filename with given path does not exist, 197255e72915d4cbddceb435e13d81601755714e9fSE Android * a failure to open the file, or a failure from prolicydb_read 198255e72915d4cbddceb435e13d81601755714e9fSE Android * function call. 199255e72915d4cbddceb435e13d81601755714e9fSE Android * 200255e72915d4cbddceb435e13d81601755714e9fSE Android * Description: Get a filename, open file and read binary policy into policydb 201255e72915d4cbddceb435e13d81601755714e9fSE Android * structure. 202255e72915d4cbddceb435e13d81601755714e9fSE Android */ 203255e72915d4cbddceb435e13d81601755714e9fSE Androidint read_binary_policy(const char *path, policydb_t *p) 204255e72915d4cbddceb435e13d81601755714e9fSE Android{ 205255e72915d4cbddceb435e13d81601755714e9fSE Android FILE *in_fp = NULL; 206255e72915d4cbddceb435e13d81601755714e9fSE Android struct policy_file f; 207255e72915d4cbddceb435e13d81601755714e9fSE Android int rc; 208255e72915d4cbddceb435e13d81601755714e9fSE Android 209255e72915d4cbddceb435e13d81601755714e9fSE Android /* Open the binary policy file */ 210255e72915d4cbddceb435e13d81601755714e9fSE Android if ((in_fp = fopen(path, "rb")) == NULL) { 211255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "Unable to open %s: %s\n", path, 212255e72915d4cbddceb435e13d81601755714e9fSE Android strerror(errno)); 213255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_handle_destroy(f.handle); 214255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 215255e72915d4cbddceb435e13d81601755714e9fSE Android } 216255e72915d4cbddceb435e13d81601755714e9fSE Android 217255e72915d4cbddceb435e13d81601755714e9fSE Android /* Read in the binary policy. */ 218255e72915d4cbddceb435e13d81601755714e9fSE Android memset(&f, 0, sizeof(struct policy_file)); 219255e72915d4cbddceb435e13d81601755714e9fSE Android f.type = PF_USE_STDIO; 220255e72915d4cbddceb435e13d81601755714e9fSE Android f.fp = in_fp; 221255e72915d4cbddceb435e13d81601755714e9fSE Android rc = policydb_read(p, &f, 0); 222255e72915d4cbddceb435e13d81601755714e9fSE Android 223255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_handle_destroy(f.handle); 224255e72915d4cbddceb435e13d81601755714e9fSE Android fclose(in_fp); 225255e72915d4cbddceb435e13d81601755714e9fSE Android return rc; 226255e72915d4cbddceb435e13d81601755714e9fSE Android} 227255e72915d4cbddceb435e13d81601755714e9fSE Android 228255e72915d4cbddceb435e13d81601755714e9fSE Android/* 229255e72915d4cbddceb435e13d81601755714e9fSE Android * Function Name: write_binary_policy 230255e72915d4cbddceb435e13d81601755714e9fSE Android * 231255e72915d4cbddceb435e13d81601755714e9fSE Android * Input: char * which is the path to the file containing the binary policy 232255e72915d4cbddceb435e13d81601755714e9fSE Android * 233255e72915d4cbddceb435e13d81601755714e9fSE Android * Output: Returns 0 upon success. Upon failure, -1 is returned. 234255e72915d4cbddceb435e13d81601755714e9fSE Android * Possible failures are, filename with given path does not exist, 235255e72915d4cbddceb435e13d81601755714e9fSE Android * a failure to open the file, or a failure from prolicydb_read 236255e72915d4cbddceb435e13d81601755714e9fSE Android * function call. 237255e72915d4cbddceb435e13d81601755714e9fSE Android * 238255e72915d4cbddceb435e13d81601755714e9fSE Android * Description: open file and write the binary policy from policydb structure. 239255e72915d4cbddceb435e13d81601755714e9fSE Android */ 240255e72915d4cbddceb435e13d81601755714e9fSE Androidint write_binary_policy(const char *path, policydb_t *p) 241255e72915d4cbddceb435e13d81601755714e9fSE Android{ 242255e72915d4cbddceb435e13d81601755714e9fSE Android FILE *out_fp = NULL; 243255e72915d4cbddceb435e13d81601755714e9fSE Android struct policy_file f; 244255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_handle_t *handle; 245255e72915d4cbddceb435e13d81601755714e9fSE Android int rc; 246255e72915d4cbddceb435e13d81601755714e9fSE Android 247255e72915d4cbddceb435e13d81601755714e9fSE Android /* We don't want libsepol to print warnings to stderr */ 248255e72915d4cbddceb435e13d81601755714e9fSE Android handle = sepol_handle_create(); 249255e72915d4cbddceb435e13d81601755714e9fSE Android if (handle == NULL) { 250255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "Out of memory!\n"); 251255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 252255e72915d4cbddceb435e13d81601755714e9fSE Android } 253255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_msg_set_callback(handle, NULL, NULL); 254255e72915d4cbddceb435e13d81601755714e9fSE Android 255255e72915d4cbddceb435e13d81601755714e9fSE Android /* Open the binary policy file for writing */ 256255e72915d4cbddceb435e13d81601755714e9fSE Android if ((out_fp = fopen(path, "w" )) == NULL) { 257255e72915d4cbddceb435e13d81601755714e9fSE Android fprintf(stderr, "Unable to open %s: %s\n", path, 258255e72915d4cbddceb435e13d81601755714e9fSE Android strerror(errno)); 259255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_handle_destroy(f.handle); 260255e72915d4cbddceb435e13d81601755714e9fSE Android return -1; 261255e72915d4cbddceb435e13d81601755714e9fSE Android } 262255e72915d4cbddceb435e13d81601755714e9fSE Android 263255e72915d4cbddceb435e13d81601755714e9fSE Android /* Write the binary policy */ 264255e72915d4cbddceb435e13d81601755714e9fSE Android memset(&f, 0, sizeof(struct policy_file)); 265255e72915d4cbddceb435e13d81601755714e9fSE Android f.type = PF_USE_STDIO; 266255e72915d4cbddceb435e13d81601755714e9fSE Android f.fp = out_fp; 267255e72915d4cbddceb435e13d81601755714e9fSE Android f.handle = handle; 268255e72915d4cbddceb435e13d81601755714e9fSE Android rc = policydb_write(p, &f); 269255e72915d4cbddceb435e13d81601755714e9fSE Android 270255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_handle_destroy(f.handle); 271255e72915d4cbddceb435e13d81601755714e9fSE Android fclose(out_fp); 272255e72915d4cbddceb435e13d81601755714e9fSE Android return rc; 273255e72915d4cbddceb435e13d81601755714e9fSE Android} 274