Cross Reference: /external/sepolicy/tools/check

History log of /external/sepolicy/tools/check_seapp.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
884ee2a61cc78ddaaf54b812932730045dd155c3	13-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	checkseapp, seapp_contexts: drop sebool= support. SELinux policy booleans are prohibited in AOSP, so we can drop the support for the sebool= input selector. Change-Id: I5ae31247b2f68d90f6ae4c8830458f22c4ffc854 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/tools/check_seapp.c
534fb0711d95615a77af23ffe643e8b720a527e6	13-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	checkseapp: Detect duplicate keys in seapp_contexts entries. Presently it ignores duplicate keys in seapp_contexts entries, e.g. if you were to specify: user=system seinfo=platform user=bluetooth domain=system_app type=system_app_data_file checkseapp would ignore the duplicate and libselinux would end up using the last value defined for the key in each line. Change-Id: I18cadb0c1bf5a907e6fc6513df65aafed91d76fe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/tools/check_seapp.c
0b820042e4bb9bb93790e0cf0812fd97d15ce7a5	13-Feb-2015	Stephen Smalley <sds@tycho.nsa.gov>	checkseapp: Detect duplicate entries within seapp_contexts. Presently it only detects complete duplicates if you specify -s (strict), which is not used in the external/sepolicy Makefile, and it allows overriding earlier entries that have the same input selectors (e.g. user=, seinfo=) with different values for the output selectors (e.g. domain=, type=). Thus, a device/<vendor>/<board>/sepolicy/seapp_contexts file can override the external/sepolicy definitions, and even a single seapp_contexts file can contain duplicated or conflicting definitions. Make it always check strictly, and prohibit either duplicates on the input selectors (i.e. overrides) or complete duplicates (redundant). Change-Id: Id1e38133cbe31b796253101cfe3b111d1826bc8c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/tools/check_seapp.c
ff4db9194e684a894939f88effc84f79f222e1c3	15-Sep-2014	Stephen Smalley <sds@tycho.nsa.gov>	Add isOwner= input selector for seapp_contexts. Enable labeling apps differently depending on whether they are running for the primary user / owner or for a secondary user. Change-Id: I37aa5b183a7a617cce68ccf14510c31dfee4e04d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/tools/check_seapp.c
f4fa7567f4e3d010a3e96c22034bf19fa05d15a7	04-Apr-2014	Stephen Smalley <sds@tycho.nsa.gov>	Treat seinfo=default name=<anything> as an error. check_app already checks for usage of name= entries in seapp_contexts with no seinfo= specification to link it back to a signer in mac_permissions.xml. However, one can avoid this error by specifying a seinfo=default which merely matches the default stanza of mac_permissions.xml without actually ensuring that it is tied to a specific certificate. Catch that error case too. Change-Id: If33cf21501e8bfee44d31c92b6341dfa583552b2 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/tools/check_seapp.c
6139de50fdb212d28fe406525dce5246f4a4da36	19-Feb-2014	Stephen Smalley <sds@tycho.nsa.gov>	Add support for and use new path= specifier in seapp_contexts. Extend check_seapp to accept the use of the new path= specifier in seapp_contexts and use it to ensure proper labeling of the cache subdirectory of com.android.providers.downloads for restorecon. After this change, restorecon /data/data/com.android.providers.downloads/cache does not change the context, leaving it in download_file rather than relabeling it to platform_app_data_file. Depends on Iddaa3931cfd4ddd5b9f62cd66989e1f26553baa1. Change-Id: Ief65b8c8dcb44ec701d53e0b58c52d6688cc2a14 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/tools/check_seapp.c
c9bb91da5fc84bce936f0795d18bf5c36fa5db6f	01-Nov-2013	Robert Craig <rpcraig@tycho.ncsc.mil>	Reintroduce -Wall -Werror to check_seapp. Also add attribute for a potential unused function argument when dealing with darwin SDK builds. Change-Id: Iefdbecb050cc5fff6036f15413566e10cefa3813 /external/sepolicy/tools/check_seapp.c
7b2bee99c18b8cb3f52161b1191d16b8ab50b08f	31-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Add sepolicy-analyze tool. And also remove the unnecessary references to libselinux for sepolicy-check, as it has no dependencies on libselinux. Also enable -Wall -Werror on building all of these tools and fix up all such errors. Usage: $ sepolicy-analyze -e -P out/target/product/<device>/root/sepolicy or $ sepolicy-analyze -d -P out/target/product/<device>/root/sepolicy The first form will display all type pairs that are "equivalent", i.e. they are identical with respect to allow rules, including indirect allow rules via attributes and default-enabled conditional rules (i.e. default boolean values yield a true conditional expression). Equivalent types are candidates for being coalesced into a single type. However, there may be legitimate reasons for them to remain separate, for example: - the types may differ in a respect not included in the current analysis, such as default-disabled conditional rules, audit-related rules (auditallow or dontaudit), default type transitions, or constraints (e.g. mls), or - the current policy may be overly permissive with respect to one or the other of the types and thus the correct action may be to tighten access to one or the other rather than coalescing them together, or - the domains that would in fact have different accesses to the types may not yet be defined or may be unconfined in the policy you are analyzing (e.g. in AOSP policy). The second form will display type pairs that differ and the first difference found between the two types. This output can be long. We have plans to explore further enhancements to this tool, including support for identifying isomorphic types. That will be required to identify similar domains since all domains differ in at least their entrypoint type and in their tmpfs type and thus will never show up as equivalent even if they are in all other respects identical to each other. Change-Id: If0ee00188469d2a1e165fdd52f235c705d22cd4e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/tools/check_seapp.c
610a4b1c32490ac9f6f7ca0fafba8c182a542934	16-Oct-2013	William Roberts <wroberts@tresys.com>	tools: update lengths from int to size_t Change-Id: If4839218b200a0d90bdf7779d2e039719fae85a5 /external/sepolicy/tools/check_seapp.c
61846291746a3a3559f615ef3665312ccd2228c2	15-Oct-2013	William Roberts <wroberts@tresys.com>	tools: require that seinfo and packagename be used Modify check_seapp.c to verify that a packagname (name) must be specified with a signing key (seinfo). This will help thwart spoof attacks on the packagename. Change-Id: I8f1aa8a479cb5beb5c3522d85e3181604931ea72 /external/sepolicy/tools/check_seapp.c
d1f1070acb4f5d29ddc6536126d6834ec418b8f1	15-Oct-2013	William Roberts <wroberts@tresys.com>	tools: drop unused field in struct check_seapp at one point in time switch from a home implementation of a hash table to using GLIBC search.h routines. A struct in one of the fields was never removed during this transition. Change-Id: I65c028103ffe90fa52e0b3c9fce28124ed9c7ff9 /external/sepolicy/tools/check_seapp.c
632972117a754dc64102cf81154ae6aed86febf3	20-Apr-2013	William Roberts <w.roberts@sta.samsung.com>	Support strict duplicate checking Change-Id: I3bb4755b86a90414a3912c8099dd7a4389249b24 /external/sepolicy/tools/check_seapp.c
1e8c061b053cdfd808c7a7649c78df4c33ded63d	20-Apr-2013	William Roberts <w.roberts@sta.samsung.com>	Fix segfault on -v with duplicates Change-Id: Ic040af5cfcd1be22074a691ecdd01e890866bc19 /external/sepolicy/tools/check_seapp.c
38084146e0fd665b68c8c4ff131cae9d07ef5993	28-Nov-2012	Stephen Smalley <sds@tycho.nsa.gov>	Generalize levelFromUid support. Introduce a levelFrom=none\|app\|user\|all syntax for specifying per-app, per-user, or per-combination level assignment. levelFromUid=true\|false remains valid syntax but is deprecated. levelFromUid=true is equivalent to levelFrom=app. Update check_seapp to accept the new syntax. Update seapp_contexts to document the new syntax and switch from levelFromUid=true to levelFrom=app. No change in behavior. Change-Id: Ibaddeed9bc3e2586d524efc2f1faa5ce65dea470 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/tools/check_seapp.c
fff2980a1ac2aca5966f6b54fa030309a0d98e0c	27-Nov-2012	William Roberts <w.roberts@sta.samsung.com>	Whitespace and doxygen fix Change-Id: I7b6ad050051854120dc8031b17da6aec0e644be3 /external/sepolicy/tools/check_seapp.c
cdfb06f55394d68a7df1110d83070961a2cc52aa	01-Nov-2012	Alice Chu <alice.chu@sta.samsung.com>	Moved Android policy tools to tools directory Change-Id: I57b0dd9f8071eae492020f410c87f465ba820711 /external/sepolicy/tools/check_seapp.c