Home | History | Annotate | only in /system/sepolicy/tools
Up to higher level directory
NameDateSize
Android.mk21-Aug-20181.4K
build_policies.sh21-Aug-20182.5K
check_seapp.c21-Aug-201829.4K
checkfc.c21-Aug-201811.5K
fc_sort/21-Aug-2018
insertkeys.py21-Aug-20189.3K
post_process_mac_perms21-Aug-20183.7K
README21-Aug-20182.7K
sepolicy-analyze/21-Aug-2018
sepolicy-check.c21-Aug-20186.6K
version_policy.c21-Aug-20184.4K
whitespace.sh21-Aug-2018180

README

      1 This directory contains a number of tools related to policy, some of
      2 which are used in building and validating the policy and others are
      3 available for help in auditing and analyzing policy.  The tools are
      4 described further below.
      5 
      6 build_policies.sh
      7    A tool to build SELinux policy for multiple targets in parallel.
      8    This is useful for quickly testing a new test or neverallow rule
      9    on multiple targets.
     10 
     11    Usage:
     12    ./build_policies.sh ~/android/master ~/tmp/build_policies
     13    ./build_policies.sh ~/android/master ~/tmp/build_policies sailfish-eng walleye-eng
     14 
     15 checkfc
     16    A utility for checking the validity of a file_contexts or a
     17    property_contexts configuration file.  Used as part of the policy
     18    build to validate both files.  Requires the sepolicy file as an
     19    argument in order to check the validity of the security contexts
     20    in the file_contexts or property_contexts file.
     21 
     22    Usage1:
     23    checkfc sepolicy file_contexts
     24    checkfc -p sepolicy property_contexts
     25 
     26    Also used to compare two file_contexts or file_contexts.bin files.
     27    Displays one of subset, equal, superset, or incomparable.
     28 
     29    Usage2:
     30    checkfc -c file_contexts1 file_contexts2
     31 
     32    Example:
     33    $ checkfc -c out/target/product/shamu/system/etc/general_file_contexts out/target/product/shamu/root/file_contexts.bin
     34    subset
     35 
     36 checkseapp
     37     A utility for merging together the main seapp_contexts
     38     configuration and the device-specific one, and simultaneously
     39     checking the validity of the configurations. Used as part of the
     40     policy build process to merge and validate the configuration.
     41 
     42     Usage:
     43     checkseapp -p sepolicy input_seapp_contexts0 [input_seapp_contexts1...] -o seapp_contexts
     44 
     45 insertkeys.py
     46     A helper script for mapping tags in the signature stanzas of
     47     mac_permissions.xml to public keys found in pem files.  This
     48     script is described further in the top-level sepolicy/README.
     49 
     50 post_process_mac_perms
     51     A tool to help modify an existing mac_permissions.xml with additional app
     52     certs not already found in that policy. This becomes useful when a directory
     53     containing apps is searched and the certs from those apps are added to the
     54     policy not already explicitly listed.
     55 
     56     Usage:
     57     post_process_mac_perms [-h] -s SEINFO -d DIR -f POLICY
     58 
     59       -s SEINFO, --seinfo SEINFO  seinfo tag for each generated stanza
     60       -d DIR, --dir DIR           Directory to search for apks
     61       -f POLICY, --file POLICY    mac_permissions.xml policy file
     62 
     63 sepolicy-check
     64     A tool for auditing a sepolicy file for any allow rule that grants
     65     a given permission.
     66 
     67     Usage:
     68     sepolicy-check -s <domain> -t <type> -c <class> -p <permission> -P out/target/product/<board>/root/sepolicy
     69 
     70 sepolicy-analyze
     71     A tool for performing various kinds of analysis on a sepolicy
     72     file.
     73