| Up to higher level directory | |||
| Name | Date | Size | |
|---|---|---|---|
| Android.mk | 21-Aug-2018 | 428 | |
| attribute.c | 21-Aug-2018 | 3K | |
| attribute.h | 21-Aug-2018 | 218 | |
| booleans.c | 21-Aug-2018 | 568 | |
| booleans.h | 21-Aug-2018 | 213 | |
| dups.c | 21-Aug-2018 | 3K | |
| dups.h | 21-Aug-2018 | 193 | |
| neverallow.c | 21-Aug-2018 | 13K | |
| neverallow.h | 21-Aug-2018 | 223 | |
| perm.c | 21-Aug-2018 | 690 | |
| perm.h | 21-Aug-2018 | 205 | |
| README | 21-Aug-2018 | 5K | |
| sepolicy-analyze.c | 21-Aug-2018 | 1.5K | |
| typecmp.c | 21-Aug-2018 | 8.5K | |
| typecmp.h | 21-Aug-2018 | 208 | |
| utils.c | 21-Aug-2018 | 1.9K | |
| utils.h | 21-Aug-2018 | 361 | |
README
1 sepolicy-analyze 2 A component-ized tool for performing various kinds of analysis on a 3 sepolicy file. The current kinds of analysis that are currently 4 supported include: 5 6 TYPE EQUIVALENCE (typecmp) 7 sepolicy-analyze out/target/product/<board>/root/sepolicy typecmp -e 8 9 Display all type pairs that are "equivalent", i.e. they are 10 identical with respect to allow rules, including indirect allow 11 rules via attributes and default-enabled conditional rules 12 (i.e. default boolean values yield a true conditional expression). 13 14 Equivalent types are candidates for being coalesced into a single 15 type. However, there may be legitimate reasons for them to remain 16 separate, for example: - the types may differ in a respect not 17 included in the current analysis, such as default-disabled 18 conditional rules, audit-related rules (auditallow or dontaudit), 19 default type transitions, or constraints (e.g. mls), or - the 20 current policy may be overly permissive with respect to one or the 21 other of the types and thus the correct action may be to tighten 22 access to one or the other rather than coalescing them together, 23 or - the domains that would in fact have different accesses to the 24 types may not yet be defined or may be unconfined in the policy 25 you are analyzing. 26 27 TYPE DIFFERENCE (typecmp) 28 sepolicy-analyze out/target/product/<board>/root/sepolicy typecmp -d 29 30 Display type pairs that differ and the first difference found 31 between the two types. This may be used in looking for similar 32 types that are not equivalent but may be candidates for coalescing. 33 34 DUPLICATE ALLOW RULES (dups) 35 sepolicy-analyze out/target/product/<board>/root/sepolicy dups 36 37 Displays duplicate allow rules, i.e. pairs of allow rules that 38 grant the same permissions where one allow rule is written 39 directly in terms of individual types and the other is written in 40 terms of attributes associated with those same types. The rule 41 with individual types is a candidate for removal. The rule with 42 individual types may be directly represented in the source policy 43 or may be a result of expansion of a type negation (e.g. domain 44 -foo -bar is expanded to individual allow rules by the policy 45 compiler). Domains with unconfineddomain will typically have such 46 duplicate rules as a natural side effect and can be ignored. 47 48 PERMISSIVE DOMAINS (permissive) 49 sepolicy-analyze out/target/product/<board>/root/sepolicy permissive 50 51 Displays domains in the policy that are permissive, i.e. avc 52 denials are logged but not enforced for these domains. While 53 permissive domains can be helpful during development, they 54 should not be present in a final -user build. 55 56 BOOLEANS (booleans) 57 sepolicy-analyze out/target/product/<board>/root/sepolicy booleans 58 59 Displays the boolean names in the policy (if any). 60 Policy booleans are forbidden in Android policy, so if there is any 61 output, the policy will fail CTS. 62 63 ATTRIBUTE (attribute) 64 sepolicy-analyze out/target/product/<board>/root/sepolicy attribute <name> 65 66 Displays the types associated with the specified attribute name. 67 68 sepolicy-analyze out/target/product/<board>/root/sepolicy attribute -r <name> 69 70 Displays the attributes associated with the specified type name. 71 72 sepolicy-analyze out/target/product/<board>/root/sepolicy attribute -l 73 74 Displays all attributes in the policy. 75 76 NEVERALLOW CHECKING (neverallow) 77 sepolicy-analyze out/target/product/<board>/root/sepolicy neverallow \ 78 [-w] [-d] [-f neverallows.conf] | [-n "neverallow string"] 79 80 Check whether the sepolicy file violates any of the neverallow rules 81 from the neverallows.conf file or a given string, which contain neverallow 82 statements in the same format as the SELinux policy.conf file, i.e. after 83 m4 macro expansion of the rules from a .te file. You can use an entire 84 policy.conf file as the neverallows.conf file and sepolicy-analyze will 85 ignore everything except for the neverallows within it. You can also 86 specify this as a command-line string argument, which could be useful for 87 quickly checking an individual expanded rule or group of rules. If there are 88 no violations, sepolicy-analyze will exit successfully with no output. 89 Otherwise, sepolicy-analyze will report all violations and exit 90 with a non-zero exit status. 91 92 The -w or --warn option may be used to warn on any types, attributes, 93 classes, or permissions from a neverallow rule that could not be resolved 94 within the sepolicy file. This can be normal due to differences between 95 the policy from which the neverallow rules were taken and the policy 96 being checked. Such values are ignored for the purposes of neverallow 97 checking. 98 99 The -d or --debug option may be used to cause sepolicy-analyze to emit the 100 neverallow rules as it parses them. This is principally a debugging facility 101 for the parser but could also be used to extract neverallow rules from 102 a full policy.conf file and output them in a more easily parsed format. 103
