From d1559144795a3a5100fb81c27e71765fe9578f06 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 11 Mar 2015 17:26:34 -0400
Subject: [PATCH] sepolicy-analyze:  Change booleans command to be more
 test-friendly.

Instead of displaying the boolean count, display a list of booleans
defined in the policy, if any.  This makes sepolicy-analyze booleans
consistent with sepolicy-analyze permissive and allows automated tests
to simply check whether there was any output at all.

Change-Id: I221b60d94e6e7f6d80399bf0833887af3747fe83
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 tools/sepolicy-analyze/README     |  6 +++---
 tools/sepolicy-analyze/booleans.c | 19 ++++++++++---------
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/tools/sepolicy-analyze/README b/tools/sepolicy-analyze/README
index 6e3f83bb9..0cb890b6d 100644
--- a/tools/sepolicy-analyze/README
+++ b/tools/sepolicy-analyze/README
@@ -56,9 +56,9 @@ sepolicy-analyze
     BOOLEANS (booleans)
     sepolicy-analyze out/target/product/<board>/root/sepolicy booleans
 
-    Displays the number of booleans defined in the policy.  Policy
-    booleans are forbidden in Android policy, so if the output is
-    non-zero, the policy will fail CTS.
+    Displays the boolean names in the policy (if any).
+    Policy booleans are forbidden in Android policy, so if there is any
+    output, the policy will fail CTS.
 
     NEVERALLOW CHECKING (neverallow)
     sepolicy-analyze out/target/product/<board>/root/sepolicy neverallow \
diff --git a/tools/sepolicy-analyze/booleans.c b/tools/sepolicy-analyze/booleans.c
index 6533b8948..c3b605d0a 100644
--- a/tools/sepolicy-analyze/booleans.c
+++ b/tools/sepolicy-analyze/booleans.c
@@ -1,21 +1,22 @@
 #include "booleans.h"
-#include <sepol/booleans.h>
 
 void booleans_usage() {
     fprintf(stderr, "\tbooleans\n");
 }
 
+static int list_booleans(hashtab_key_t k,
+                         __attribute__ ((unused)) hashtab_datum_t d,
+                         __attribute__ ((unused)) void *args)
+{
+    const char *name = k;
+    printf("%s\n", name);
+    return 0;
+}
+
 int booleans_func (int argc, __attribute__ ((unused)) char **argv, policydb_t *policydb) {
-    int rc;
-    unsigned int count;
     if (argc != 1) {
         USAGE_ERROR = true;
         return -1;
     }
-    rc = sepol_bool_count(NULL, (const struct sepol_policydb *) policydb,
-                          &count);
-    if (rc)
-        return rc;
-    printf("%u\n", count);
-    return 0;
+    return hashtab_map(policydb->p_bools.table, list_booleans, NULL);
 }
-- 
GitLab