Skip to content
Snippets Groups Projects
Commit d1559144 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

sepolicy-analyze: Change booleans command to be more test-friendly.


Instead of displaying the boolean count, display a list of booleans
defined in the policy, if any.  This makes sepolicy-analyze booleans
consistent with sepolicy-analyze permissive and allows automated tests
to simply check whether there was any output at all.

Change-Id: I221b60d94e6e7f6d80399bf0833887af3747fe83
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 5434a8a9
No related branches found
No related tags found
No related merge requests found
......@@ -56,9 +56,9 @@ sepolicy-analyze
BOOLEANS (booleans)
sepolicy-analyze out/target/product/<board>/root/sepolicy booleans
Displays the number of booleans defined in the policy. Policy
booleans are forbidden in Android policy, so if the output is
non-zero, the policy will fail CTS.
Displays the boolean names in the policy (if any).
Policy booleans are forbidden in Android policy, so if there is any
output, the policy will fail CTS.
NEVERALLOW CHECKING (neverallow)
sepolicy-analyze out/target/product/<board>/root/sepolicy neverallow \
......
#include "booleans.h"
#include <sepol/booleans.h>
void booleans_usage() {
fprintf(stderr, "\tbooleans\n");
}
static int list_booleans(hashtab_key_t k,
__attribute__ ((unused)) hashtab_datum_t d,
__attribute__ ((unused)) void *args)
{
const char *name = k;
printf("%s\n", name);
return 0;
}
int booleans_func (int argc, __attribute__ ((unused)) char **argv, policydb_t *policydb) {
int rc;
unsigned int count;
if (argc != 1) {
USAGE_ERROR = true;
return -1;
}
rc = sepol_bool_count(NULL, (const struct sepol_policydb *) policydb,
&count);
if (rc)
return rc;
printf("%u\n", count);
return 0;
return hashtab_map(policydb->p_bools.table, list_booleans, NULL);
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment