Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results

README

Blame
    • Stephen Smalley's avatar
      bec54f42
      Add support for duplicate allow rule detection (-D / --dups). · bec54f42
      Stephen Smalley authored
      
      Usage:
      sepolicy-analyze -D -P out/target/product/<board>/root/sepolicy
      
      Displays duplicate allow rules, i.e. pairs of allow rules that grant
      the same permissions where one allow rule is written directly in terms
      of individual types and the other is written in terms of attributes
      associated with those same types.  The rule with individual types is
      a candidate for removal.  The rule with individual types may be directly
      represented in the source policy or may be a result of expansion of
      a type negation (e.g. domain -foo -bar is expanded to individual allow
      rules by the policy compiler).  Domains with unconfineddomain will
      typically have such duplicate rules as a natural side effect and can
      be ignored.
      
      Also add a tools/README with a description of all of the tools.
      
      Change-Id: I07838dbd22c5cc8a4a65b57003ccae38129050f5
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      bec54f42
      History
      Add support for duplicate allow rule detection (-D / --dups).
      Stephen Smalley authored
      
      Usage:
      sepolicy-analyze -D -P out/target/product/<board>/root/sepolicy
      
      Displays duplicate allow rules, i.e. pairs of allow rules that grant
      the same permissions where one allow rule is written directly in terms
      of individual types and the other is written in terms of attributes
      associated with those same types.  The rule with individual types is
      a candidate for removal.  The rule with individual types may be directly
      represented in the source policy or may be a result of expansion of
      a type negation (e.g. domain -foo -bar is expanded to individual allow
      rules by the policy compiler).  Domains with unconfineddomain will
      typically have such duplicate rules as a natural side effect and can
      be ignored.
      
      Also add a tools/README with a description of all of the tools.
      
      Change-Id: I07838dbd22c5cc8a4a65b57003ccae38129050f5
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>