Introduce "neverallow" rules for seapp_contexts. A neverallow rule is
similar to the existing key-value-pair entries but the line begins
with "neverallow". A neverallow violation is detected when all keys,
both inputs and outputs are matched. The neverallow rules value
parameter (not the key) can contain regular expressions to assist in
matching. Neverallow rules are never output to the generated
seapp_contexts file.

Also, unless -o is specified, checkseapp runs in silent mode and
outputs nothing. Specifying - as an argument to -o outputs to stdout.

Sample Output:
Error: Rule in File "external/sepolicy/seapp_contexts" on line 87: "user=fake domain=system_app type=app_data_file" violates neverallow in File "external/sepolicy/seapp_contexts" on line 57: "user=((?!system).)* domain=system_app"

Change-Id: Ia4dcbf02feb774f2e201bb0c5d4ce385274d8b8d
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Point to external/selinux/libsepol instead of external/libsepol

Change-Id: If6dc1e9261f397d801ba2376ab60c5dc5b5d86e4

Addresses the following error when running CTS on master:
junit.framework.AssertionFailedError: The following errors were encountered when validating the SELinuxneverallow rule:
neverallow { appdomain -bluetooth } self:capability *;
/tmp/SELinuxHostTest5593810182495331783.tmp: error while loading shared libraries: libc++.so: cannot open shared object file: No such file or directory

Also indicate that none of the sepolicy tools need c++ std lib.

(cherry-pick of 0cdb0517be696c0dc6882d289eedd45bf2da918c now made possible by
addition of commit: 28b72eddd54cb1287dd7daae853e8e4b78fa17eb)

Bug: 19617220
Change-Id: I2c5b7ab1ddeb0e02cbaad2b7d5430a0974524a89

This is causing more harm than good. We'll just make these all link
libc++ again and work out the CTS issues if they still exist.

Bug: 19778891

This reverts commit 3812cf58.

Change-Id: Iaea8f6acb147da4275633a760ccb32951db7f8b6

This is causing more harm than good. We'll just make these all link
libc++ again (another revert) and work out the CTS issues if they still
exist.

Bug: 19778891

This reverts commit a5113a15.

Change-Id: I35a4c93dae4abb66e3525451d5ce01e33a540895

Address sanitizer requires using libc++ (apparently). We removed
libc++ from these projects since they were C and the SDK/CTS was not
able to find libc++.

If we're interested in continuing to use ASAN on these tools
(probably), we should turn libc++ back on once we're sure CTS won't
die.

Bug: 19778891
Change-Id: I3c1913171a15396ead73277ec1186fead730f66d

Addresses the following error when running CTS on master:
junit.framework.AssertionFailedError: The following errors were encountered when validating the SELinuxneverallow rule:
neverallow { appdomain -bluetooth } self:capability *;
/tmp/SELinuxHostTest5593810182495331783.tmp: error while loading shared libraries: libc++.so: cannot open shared object file: No such file or directory

Also indicate that none of the sepolicy tools need c++ std lib.

Bug: 19617220

Change-Id: I713b3cbd1220655413d399c7cd2b0b50459a5485

Also, divide each sepolicy-analyze function into its own component for simplified
command-line parsing and potentially eventual modularization.

Bug: 18005561

Cherry-pick of commit: ef4fd306
with commit: 47c14611
squashed in.

Bug: 19191637
Change-Id: Id66cad549b7311a6bbd92fd64b6ec2c60d0433a4

Also, divide each sepolicy-analyze function into its own component for simplified
command-line parsing and potentially eventual modularization.
Bug: 18005561

Cherry-pick from: https://android-review.googlesource.com/#/c/111626/

Change-Id: I751a99feffe820308ec58514fdba4cdef184d964

Also, divide each sepolicy-analyze function into its own component for simplified
command-line parsing and potentially eventual modularization.

Bug: 18005561
Change-Id: I45fa07d776cf1bec7d60dba0c03ee05142b86c19

Also add attribute for a potential unused
function argument when dealing with darwin
SDK builds.

Change-Id: Iefdbecb050cc5fff6036f15413566e10cefa3813

Temporarily revert -Wall -Werror on checkseapp.
This is causing a compiler error on darwin SDK builds.

cc1: warnings being treated as errors
external/sepolicy/tools/check_seapp.c: In function 'rule_map_free':
external/sepolicy/tools/check_seapp.c:439: warning: unused parameter 's'
make: *** [out/host/darwin-x86/obj/EXECUTABLES/checkseapp_intermediates/check_seapp.o] Error 1

Change-Id: I9776777a751f16d5ca0d90e731482c31dac813f9

And also remove the unnecessary references to libselinux for
sepolicy-check, as it has no dependencies on libselinux.
Also enable -Wall -Werror on building all of these tools and
fix up all such errors.

Usage:
$ sepolicy-analyze -e -P out/target/product/<device>/root/sepolicy
or
$ sepolicy-analyze -d -P out/target/product/<device>/root/sepolicy

The first form will display all type pairs that are "equivalent", i.e.
they are identical with respect to allow rules, including indirect allow
rules via attributes and default-enabled conditional rules (i.e. default
boolean values yield a true conditional expression).

Equivalent types are candidates for being coalesced into a single type.
However, there may be legitimate reasons for them to remain separate,
for example:
- the types may differ in a respect not included in the current
analysis, such as default-disabled conditional rules, audit-related
rules (auditallow or dontaudit), default type transitions, or
constraints (e.g. mls), or
- the current policy may be overly permissive with respect to one or the
other of the types and thus the correct action may be to tighten access
to one or the other rather than coalescing them together, or
- the domains that would in fact have different accesses to the types
may not yet be defined or may be unconfined in the policy you are
analyzing (e.g. in AOSP policy).

The second form will display type pairs that differ and the first
difference found between the two types.  This output can be long.

We have plans to explore further enhancements to this tool, including
support for identifying isomorphic types.  That will be required to
identify similar domains since all domains differ in at least their
entrypoint type and in their tmpfs type and thus will never show up as
equivalent even if they are in all other respects identical to each other.

Change-Id: If0ee00188469d2a1e165fdd52f235c705d22cd4e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

This is based on Joshua Brindle's sepolicy-inject.

Change-Id: Ie75bd56a2996481592dcfe7ad302b52f381d5b18

This reverts commit 60d4d71e

This should (finally) be fixed in https://android-review.googlesource.com/#/c/54730/

Change-Id: I3dd358560f7236f28387ffbe247fc2b004e303ea

This reverts commit cd4104e8

This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution.

Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0

This reverts commit 1446e714

Hidden dependency has been resolved.

Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae

This reverts commit 22fc0410

Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee

This reverts commit 22fc0410

Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee

Support the inseretion of the public key from pem
files into the mac_permissions.xml file at build
time.

Change-Id: Ia42b6cba39bf93723ed3fb85236eb8f80a08962a

Change-Id: I57b0dd9f8071eae492020f410c87f465ba820711