diff options
author | Dan Cashman | 2017-03-30 16:51:51 -0500 |
---|---|---|
committer | Nick Kralevich | 2017-04-06 11:46:38 -0500 |
commit | 3a68bd169bc7e7701df79417f66af08fc7ce8718 (patch) | |
tree | 947e62b6bb49e8722e1708bb6f4c93089580d88f /tools | |
parent | 7c3dbfeb69a345f1aaf545a018e6cbf6dc2c3f61 (diff) | |
download | system-sepolicy-3a68bd169bc7e7701df79417f66af08fc7ce8718.tar.gz system-sepolicy-3a68bd169bc7e7701df79417f66af08fc7ce8718.tar.xz system-sepolicy-3a68bd169bc7e7701df79417f66af08fc7ce8718.zip |
Add reverse-attribute mapping to sepolicy-analyze.
sepolicy-analyze allows users to see all types that have a given
attribute, but not the reverse case: all attributes of a given type.
Add a '--reverse' option which enables this, but keeps the previous
interface.
Usage: sepolicy-analyze sepolicy attribute -r init
Bug: 36508258
Test: Build and run against current policy.
(cherry picked from commit d444ebedac021e0468e8a1a3f3a699fbcc34b1f3)
Change-Id: I9813ebf61d50fb5abbc8e52be4cf62751979bbd4
Diffstat (limited to 'tools')
-rw-r--r-- | tools/sepolicy-analyze/README | 4 | ||||
-rw-r--r-- | tools/sepolicy-analyze/attribute.c | 74 |
2 files changed, 62 insertions, 16 deletions
diff --git a/tools/sepolicy-analyze/README b/tools/sepolicy-analyze/README index d18609a7..fdee588e 100644 --- a/tools/sepolicy-analyze/README +++ b/tools/sepolicy-analyze/README | |||
@@ -65,6 +65,10 @@ sepolicy-analyze | |||
65 | 65 | ||
66 | Displays the types associated with the specified attribute name. | 66 | Displays the types associated with the specified attribute name. |
67 | 67 | ||
68 | sepolicy-analyze out/target/product/<board>/root/sepolicy attribute -r <name> | ||
69 | |||
70 | Displays the attributes associated with the specified type name. | ||
71 | |||
68 | NEVERALLOW CHECKING (neverallow) | 72 | NEVERALLOW CHECKING (neverallow) |
69 | sepolicy-analyze out/target/product/<board>/root/sepolicy neverallow \ | 73 | sepolicy-analyze out/target/product/<board>/root/sepolicy neverallow \ |
70 | [-w] [-d] [-f neverallows.conf] | [-n "neverallow string"] | 74 | [-w] [-d] [-f neverallows.conf] | [-n "neverallow string"] |
diff --git a/tools/sepolicy-analyze/attribute.c b/tools/sepolicy-analyze/attribute.c index 474bda2f..ae98aa98 100644 --- a/tools/sepolicy-analyze/attribute.c +++ b/tools/sepolicy-analyze/attribute.c | |||
@@ -1,39 +1,81 @@ | |||
1 | #include <getopt.h> | ||
2 | |||
1 | #include "attribute.h" | 3 | #include "attribute.h" |
2 | 4 | ||
3 | void attribute_usage() { | 5 | void attribute_usage() { |
4 | fprintf(stderr, "\tattribute <attribute-name>\n"); | 6 | fprintf(stderr, "\tattribute <name> [-r|--reverse]\n"); |
5 | } | 7 | } |
6 | 8 | ||
7 | static int list_attribute(policydb_t * policydb, char *name) | 9 | static void retrieve_mapping(policydb_t *policydb, struct type_datum *dat, char *name, int reverse) { |
8 | { | ||
9 | struct type_datum *attr; | ||
10 | struct ebitmap_node *n; | 10 | struct ebitmap_node *n; |
11 | unsigned int bit; | 11 | unsigned int bit; |
12 | 12 | ||
13 | attr = hashtab_search(policydb->p_types.table, name); | 13 | if (reverse) { |
14 | if (!attr) { | 14 | ebitmap_for_each_bit(&policydb->type_attr_map[dat->s.value - 1], n, bit) { |
15 | fprintf(stderr, "%s is not defined in this policy.\n", name); | 15 | if (!ebitmap_node_get_bit(n, bit)) |
16 | return -1; | 16 | continue; |
17 | if (!strcmp(policydb->p_type_val_to_name[bit], name)) | ||
18 | continue; | ||
19 | printf("%s\n", policydb->p_type_val_to_name[bit]); | ||
20 | } | ||
21 | } else { | ||
22 | ebitmap_for_each_bit(&policydb->attr_type_map[dat->s.value - 1], n, bit) { | ||
23 | if (!ebitmap_node_get_bit(n, bit)) | ||
24 | continue; | ||
25 | printf("%s\n", policydb->p_type_val_to_name[bit]); | ||
26 | } | ||
17 | } | 27 | } |
28 | } | ||
29 | |||
30 | static int list_attribute(policydb_t *policydb, char *name, int reverse) | ||
31 | { | ||
32 | struct type_datum *dat; | ||
18 | 33 | ||
19 | if (attr->flavor != TYPE_ATTRIB) { | 34 | dat = hashtab_search(policydb->p_types.table, name); |
20 | fprintf(stderr, "%s is a type not an attribute in this policy.\n", name); | 35 | if (!dat) { |
36 | fprintf(stderr, "%s is not defined in this policy.\n", name); | ||
21 | return -1; | 37 | return -1; |
22 | } | 38 | } |
23 | 39 | ||
24 | ebitmap_for_each_bit(&policydb->attr_type_map[attr->s.value - 1], n, bit) { | 40 | if (reverse) { |
25 | if (!ebitmap_node_get_bit(n, bit)) | 41 | if (dat->flavor != TYPE_TYPE) { |
26 | continue; | 42 | fprintf(stderr, "%s is an attribute not a type in this policy.\n", name); |
27 | printf("%s\n", policydb->p_type_val_to_name[bit]); | 43 | return -1; |
44 | } | ||
45 | } else { | ||
46 | if (dat->flavor != TYPE_ATTRIB) { | ||
47 | fprintf(stderr, "%s is a type not an attribute in this policy.\n", name); | ||
48 | return -1; | ||
49 | } | ||
28 | } | 50 | } |
51 | retrieve_mapping(policydb, dat, name, reverse); | ||
29 | 52 | ||
30 | return 0; | 53 | return 0; |
31 | } | 54 | } |
32 | 55 | ||
33 | int attribute_func (int argc, char **argv, policydb_t *policydb) { | 56 | int attribute_func (int argc, char **argv, policydb_t *policydb) { |
34 | if (argc != 2) { | 57 | int reverse = 0; |
58 | char ch; | ||
59 | |||
60 | struct option attribute_options[] = { | ||
61 | {"reverse", no_argument, NULL, 'r'}, | ||
62 | {NULL, 0, NULL, 0} | ||
63 | }; | ||
64 | |||
65 | while ((ch = getopt_long(argc, argv, "r", attribute_options, NULL)) != -1) { | ||
66 | switch (ch) { | ||
67 | case 'r': | ||
68 | reverse = 1; | ||
69 | break; | ||
70 | default: | ||
71 | USAGE_ERROR = true; | ||
72 | return -1; | ||
73 | } | ||
74 | } | ||
75 | |||
76 | if (argc != 2 && !(reverse && argc == 3)) { | ||
35 | USAGE_ERROR = true; | 77 | USAGE_ERROR = true; |
36 | return -1; | 78 | return -1; |
37 | } | 79 | } |
38 | return list_attribute(policydb, argv[1]); | 80 | return list_attribute(policydb, argv[optind], reverse); |
39 | } | 81 | } |