Home | History | Annotate | Download | only in tools 
      1 This directory contains a number of tools related to policy, some of
      2 which are used in building and validating the policy and others are
      3 available for help in auditing and analyzing policy.  The tools are
      4 described further below.
      5 
      6 checkfc
      7    A utility for checking the validity of a file_contexts or a
      8    property_contexts configuration file.  Used as part of the policy
      9    build to validate both files.  Requires the sepolicy file as an
     10    argument in order to check the validity of the security contexts
     11    in the file_contexts or property_contexts file.
     12 
     13    Usage:
     14    checkfc sepolicy file_contexts
     15    checkfc -p sepolicy property_contexts
     16 
     17 checkseapp
     18     A utility for merging together the main seapp_contexts
     19     configuration and the device-specific one, and simultaneously
     20     checking the validity of the configurations. Used as part of the
     21     policy build process to merge and validate the configuration.
     22 
     23     Usage:
     24     checkseapp -p sepolicy input_seapp_contexts0 [input_seapp_contexts1...] -o seapp_contexts
     25 
     26 insertkeys.py
     27     A helper script for mapping tags in the signature stanzas of
     28     mac_permissions.xml to public keys found in pem files.  This
     29     script is described further in the top-level sepolicy/README.
     30 
     31 post_process_mac_perms
     32     A tool to help modify an existing mac_permissions.xml with additional app
     33     certs not already found in that policy. This becomes useful when a directory
     34     containing apps is searched and the certs from those apps are added to the
     35     policy not already explicitly listed.
     36 
     37     Usage:
     38     post_process_mac_perms [-h] -s SEINFO -d DIR -f POLICY
     39 
     40       -s SEINFO, --seinfo SEINFO  seinfo tag for each generated stanza
     41       -d DIR, --dir DIR           Directory to search for apks
     42       -f POLICY, --file POLICY    mac_permissions.xml policy file
     43 
     44 sepolicy-check
     45     A tool for auditing a sepolicy file for any allow rule that grants
     46     a given permission.
     47 
     48     Usage:
     49     sepolicy-check -s <domain> -t <type> -c <class> -p <permission> -P out/target/product/<board>/root/sepolicy
     50 
     51 sepolicy-analyze
     52     A tool for performing various kinds of analysis on a sepolicy
     53     file.