Home | History | Annotate | Download | only in src
      1 #!/usr/bin/python
      2 # genCheckAccessCTS.py - takes an input SELinux policy.conf file and generates
      3 # an XML file based on the allow and neverallow rules.  The file contains rules,
      4 # which are created by expanding the SELinux rule notation into the individual
      5 # components which a checkAccess() check, that a policy manager would have to
      6 # perform, needs.
      7 #
      8 # This test does not work with all valid SELinux policy.conf files.  It is meant
      9 # to simply use a given AOSP generated policy.conf file to create sets
     10 # representing the policy's types, attributes, classes and permissions, which
     11 # are used to expand the allow and neverallow rules found.  For a full parser
     12 # and compiler of SELinux, see external/checkpolicy.
     13 # @dcashman
     14 
     15 import pdb
     16 import re
     17 import sys
     18 from xml.etree.ElementTree import Element, SubElement, tostring
     19 from xml.dom import minidom
     20 
     21 import SELinux_CTS
     22 from SELinux_CTS import SELinuxPolicy
     23 
     24 usage = "Usage: ./gen_SELinux_CTS.py input_policy_file output_xml_avc_rules_file neverallow_only=[t/f]"
     25 
     26 if __name__ == "__main__":
     27     # check usage
     28     if len(sys.argv) != 4:
     29         print usage
     30         exit()
     31     input_file = sys.argv[1]
     32     output_file = sys.argv[2]
     33     neverallow_only = (sys.argv[3] == "neverallow_only=t")
     34     policy = SELinuxPolicy()
     35     policy.from_file_name(input_file) #load data from file
     36 
     37     # expand rules into 4-tuples for SELinux.h checkAccess() check
     38     xml_root = Element('SELinux_AVC_Rules')
     39     if not neverallow_only:
     40         count = 1
     41         for a in policy.allow_rules:
     42             expanded_xml = SELinux_CTS.expand_avc_rule_to_xml(policy, a, str(count), 'allow')
     43             if len(expanded_xml):
     44                 xml_root.append(expanded_xml)
     45                 count += 1
     46     count = 1
     47     for n in policy.neverallow_rules:
     48         expanded_xml = SELinux_CTS.expand_avc_rule_to_xml(policy, n, str(count), 'neverallow')
     49         if len(expanded_xml):
     50             xml_root.append(expanded_xml)
     51             count += 1
     52 
     53     #print out the xml file
     54     s = tostring(xml_root)
     55     s_parsed = minidom.parseString(s)
     56     output = s_parsed.toprettyxml(indent="    ")
     57     with open(output_file, 'w') as out_file:
     58         out_file.write(output)
     59