Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / bec54f42ede821a31c7a7acc570ec70d8591dad6
commitbec54f42ede821a31c7a7acc570ec70d8591dad6[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Sun Nov 17 18:17:29 2013 -0500
committerStephen Smalley <sds@tycho.nsa.gov>Mon Nov 18 16:11:36 2013 -0800
tree9f20b79b57ce13c7d19f3023f6cb7db351e3c877
parentae49e7a3691137b5276254074b2c282bcdfee523 [diff]
Add support for duplicate allow rule detection (-D / --dups).

Usage:
sepolicy-analyze -D -P out/target/product/<board>/root/sepolicy

Displays duplicate allow rules, i.e. pairs of allow rules that grant
the same permissions where one allow rule is written directly in terms
of individual types and the other is written in terms of attributes
associated with those same types.  The rule with individual types is
a candidate for removal.  The rule with individual types may be directly
represented in the source policy or may be a result of expansion of
a type negation (e.g. domain -foo -bar is expanded to individual allow
rules by the policy compiler).  Domains with unconfineddomain will
typically have such duplicate rules as a natural side effect and can
be ignored.

Also add a tools/README with a description of all of the tools.

Change-Id: I07838dbd22c5cc8a4a65b57003ccae38129050f5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2 files changed
tree: 9f20b79b57ce13c7d19f3023f6cb7db351e3c877
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. bluetooth.te
  8. clatd.te
  9. debuggerd.te
  10. device.te
  11. dhcp.te
  12. dnsmasq.te
  13. domain.te
  14. drmserver.te
  15. file.te
  16. file_contexts
  17. fs_use
  18. genfs_contexts
  19. global_macros
  20. gpsd.te
  21. hci_attach.te
  22. healthd.te
  23. hostapd.te
  24. init.te
  25. init_shell.te
  26. initial_sid_contexts
  27. initial_sids
  28. installd.te
  29. isolated_app.te
  30. kernel.te
  31. keys.conf
  32. keystore.te
  33. mac_permissions.xml
  34. media_app.te
  35. mediaserver.te
  36. mls
  37. mls_macros
  38. mtp.te
  39. net.te
  40. netd.te
  41. nfc.te
  42. NOTICE
  43. ping.te
  44. platform_app.te
  45. policy_capabilities
  46. port_contexts
  47. ppp.te
  48. property.te
  49. property_contexts
  50. qemud.te
  51. racoon.te
  52. radio.te
  53. README
  54. release_app.te
  55. rild.te
  56. roles
  57. runas.te
  58. sdcardd.te
  59. seapp_contexts
  60. security_classes
  61. selinux-network.sh
  62. servicemanager.te
  63. shared_app.te
  64. shell.te
  65. su.te
  66. su_user.te
  67. surfaceflinger.te
  68. system_app.te
  69. system_server.te
  70. te_macros
  71. tee.te
  72. ueventd.te
  73. unconfined.te
  74. untrusted_app.te
  75. users
  76. vold.te
  77. watchdogd.te
  78. wpa_supplicant.te
  79. zygote.te