Home | History | Annotate | Download | only in tools 
      1 This directory contains a number of tools related to policy, some of
      2 which are used in building and validating the policy and others are
      3 available for help in auditing and analyzing policy.  The tools are
      4 described further below.
      5 
      6 checkfc
      7    A utility for checking the validity of a file_contexts or a
      8    property_contexts configuration file.  Used as part of the policy
      9    build to validate both files.  Requires the sepolicy file as an
     10    argument in order to check the validity of the security contexts
     11    in the file_contexts or property_contexts file.
     12 
     13    Usage1:
     14    checkfc sepolicy file_contexts
     15    checkfc -p sepolicy property_contexts
     16 
     17    Also used to compare two file_contexts or file_contexts.bin files.
     18    Displays one of subset, equal, superset, or incomparable.
     19 
     20    Usage2:
     21    checkfc -c file_contexts1 file_contexts2
     22 
     23    Example:
     24    $ checkfc -c out/target/product/shamu/system/etc/general_file_contexts out/target/product/shamu/root/file_contexts.bin
     25    subset
     26 
     27 checkseapp
     28     A utility for merging together the main seapp_contexts
     29     configuration and the device-specific one, and simultaneously
     30     checking the validity of the configurations. Used as part of the
     31     policy build process to merge and validate the configuration.
     32 
     33     Usage:
     34     checkseapp -p sepolicy input_seapp_contexts0 [input_seapp_contexts1...] -o seapp_contexts
     35 
     36 insertkeys.py
     37     A helper script for mapping tags in the signature stanzas of
     38     mac_permissions.xml to public keys found in pem files.  This
     39     script is described further in the top-level sepolicy/README.
     40 
     41 post_process_mac_perms
     42     A tool to help modify an existing mac_permissions.xml with additional app
     43     certs not already found in that policy. This becomes useful when a directory
     44     containing apps is searched and the certs from those apps are added to the
     45     policy not already explicitly listed.
     46 
     47     Usage:
     48     post_process_mac_perms [-h] -s SEINFO -d DIR -f POLICY
     49 
     50       -s SEINFO, --seinfo SEINFO  seinfo tag for each generated stanza
     51       -d DIR, --dir DIR           Directory to search for apks
     52       -f POLICY, --file POLICY    mac_permissions.xml policy file
     53 
     54 sepolicy-check
     55     A tool for auditing a sepolicy file for any allow rule that grants
     56     a given permission.
     57 
     58     Usage:
     59     sepolicy-check -s <domain> -t <type> -c <class> -p <permission> -P out/target/product/<board>/root/sepolicy
     60 
     61 sepolicy-analyze
     62     A tool for performing various kinds of analysis on a sepolicy
     63     file.
     64