Merge "sepolicy-analyze: Implement booleans test."

fbaf72ed · Nick Kralevich · Gerrit Code Review · c01f7fd1 · a7b2c5f4 · fbaf72ed
Commit fbaf72ed authored 10 years ago by Nick Kralevich Committed by Gerrit Code Review 10 years ago
--- a/tools/sepolicy-analyze/Android.mk
+++ b/tools/sepolicy-analyze/Android.mk
@@ -7,7 +7,7 @@ LOCAL_MODULE := sepolicy-analyze
 LOCAL_MODULE_TAGS := optional
 LOCAL_C_INCLUDES := external/libsepol/include
 LOCAL_CFLAGS := -Wall -Werror
-LOCAL_SRC_FILES := sepolicy-analyze.c dups.c neverallow.c perm.c typecmp.c utils.c
+LOCAL_SRC_FILES := sepolicy-analyze.c dups.c neverallow.c perm.c typecmp.c booleans.c utils.c
 LOCAL_STATIC_LIBRARIES := libsepol

 include $(BUILD_HOST_EXECUTABLE)
--- a/tools/sepolicy-analyze/README
+++ b/tools/sepolicy-analyze/README
@@ -53,6 +53,13 @@ sepolicy-analyze
    permissive domains can be helpful during development, they
    should not be present in a final -user build.

+    BOOLEANS (booleans)
+    sepolicy-analyze out/target/product/<board>/root/sepolicy booleans
+
+    Displays the number of booleans defined in the policy.  Policy
+    booleans are forbidden in Android policy, so if the output is
+    non-zero, the policy will fail CTS.
+
    NEVERALLOW CHECKING (neverallow)
    sepolicy-analyze out/target/product/<board>/root/sepolicy neverallow \
    [-w] [-d] [-f neverallows.conf] | [-n "neverallow string"]

--- a/tools/sepolicy-analyze/booleans.c
+++ b/tools/sepolicy-analyze/booleans.c
+#include "booleans.h"
+#include <sepol/booleans.h>
+
+void booleans_usage() {
+    fprintf(stderr, "\tbooleans\n");
+}
+
+int booleans_func (int argc, __attribute__ ((unused)) char **argv, policydb_t *policydb) {
+    int rc;
+    unsigned int count;
+    if (argc != 1) {
+        USAGE_ERROR = true;
+        return -1;
+    }
+    rc = sepol_bool_count(NULL, (const struct sepol_policydb *) policydb,
+                          &count);
+    if (rc)
+        return rc;
+    printf("%u\n", count);
+    return 0;
+}
--- a/tools/sepolicy-analyze/booleans.h
+++ b/tools/sepolicy-analyze/booleans.h
+#ifndef BOOLEANS_H
+#define BOOLEANS_H
+
+#include <sepol/policydb/policydb.h>
+
+#include "utils.h"
+
+void booleans_usage(void);
+int booleans_func(int argc, char **argv, policydb_t *policydb);
+
+#endif /* BOOLEANS_H */
--- a/tools/sepolicy-analyze/sepolicy-analyze.c
+++ b/tools/sepolicy-analyze/sepolicy-analyze.c
@@ -6,6 +6,7 @@
 #include "neverallow.h"
 #include "perm.h"
 #include "typecmp.h"
+#include "booleans.h"
 #include "utils.h"

 #define NUM_COMPONENTS (int) (sizeof(analyze_components)/sizeof(analyze_components[0]))
@@ -20,7 +21,8 @@ static struct {
    COMP(dups),
    COMP(neverallow),
    COMP(permissive),
-    COMP(typecmp)
+    COMP(typecmp),
+    COMP(booleans)
 };

 void usage(char *arg0)