Add reverse-attribute mapping to sepolicy-analyze.

sepolicy-analyze allows users to see all types that have a given attribute, but not the reverse case: all attributes of a given type. Add a '--reverse' option which enables this, but keeps the previous interface. Usage: sepolicy-analyze sepolicy attribute -r init Bug: 36508258 Test: Build and run against current policy. (cherry picked from commit d444ebedac021e0468e8a1a3f3a699fbcc34b1f3) Change-Id: I9813ebf61d50fb5abbc8e52be4cf62751979bbd4
author: Dan Cashman 2017-03-30 16:51:51 -0500
committer: Nick Kralevich 2017-04-06 11:46:38 -0500
commit: 3a68bd169bc7e7701df79417f66af08fc7ce8718 (patch)
tree: 947e62b6bb49e8722e1708bb6f4c93089580d88f /tools
parent: 7c3dbfeb69a345f1aaf545a018e6cbf6dc2c3f61 (diff)
download: system-sepolicy-3a68bd169bc7e7701df79417f66af08fc7ce8718.tar.gz
system-sepolicy-3a68bd169bc7e7701df79417f66af08fc7ce8718.tar.xz
system-sepolicy-3a68bd169bc7e7701df79417f66af08fc7ce8718.zip
2 files changed, 62 insertions, 16 deletions
diff --git a/tools/sepolicy-analyze/README b/tools/sepolicy-analyze/README
index d18609a7..fdee588e 100644
--- a/tools/sepolicy-analyze/README
+++ b/tools/sepolicy-analyze/README
@@ -65,6 +65,10 @@ sepolicy-analyze
    Displays the types associated with the specified attribute name.
+    sepolicy-analyze out/target/product/<board>/root/sepolicy attribute -r <name>
+    Displays the attributes associated with the specified type name.
    NEVERALLOW CHECKING (neverallow)
    sepolicy-analyze out/target/product/<board>/root/sepolicy neverallow \
    [-w] [-d] [-f neverallows.conf] | [-n "neverallow string"]
diff --git a/tools/sepolicy-analyze/attribute.c b/tools/sepolicy-analyze/attribute.c
index 474bda2f..ae98aa98 100644
--- a/tools/sepolicy-analyze/attribute.c
+++ b/tools/sepolicy-analyze/attribute.c
@@ -1,39 +1,81 @@
+#include <getopt.h>
 #include "attribute.h"
 void attribute_usage() {
-    fprintf(stderr, "\tattribute <attribute-name>\n");
+    fprintf(stderr, "\tattribute <name> [-r|--reverse]\n");
 }
-static int list_attribute(policydb_t * policydb, char *name)
+static void retrieve_mapping(policydb_t *policydb, struct type_datum *dat, char *name, int reverse) {
-{
-    struct type_datum *attr;
    struct ebitmap_node *n;
    unsigned int bit;
-    attr = hashtab_search(policydb->p_types.table, name);
+    if (reverse) {
-    if (!attr) {
+        ebitmap_for_each_bit(&policydb->type_attr_map[dat->s.value - 1], n, bit) {
-        fprintf(stderr, "%s is not defined in this policy.\n", name);
+            if (!ebitmap_node_get_bit(n, bit))
-        return -1;
+                continue;
+            if (!strcmp(policydb->p_type_val_to_name[bit], name))
+                continue;
+            printf("%s\n", policydb->p_type_val_to_name[bit]);
+        }
+    } else {
+        ebitmap_for_each_bit(&policydb->attr_type_map[dat->s.value - 1], n, bit) {
+            if (!ebitmap_node_get_bit(n, bit))
+                continue;
+            printf("%s\n", policydb->p_type_val_to_name[bit]);
+        }
    }
+}
+static int list_attribute(policydb_t *policydb, char *name, int reverse)
+{
+    struct type_datum *dat;
-    if (attr->flavor != TYPE_ATTRIB) {
+    dat = hashtab_search(policydb->p_types.table, name);
-        fprintf(stderr, "%s is a type not an attribute in this policy.\n", name);
+    if (!dat) {
+        fprintf(stderr, "%s is not defined in this policy.\n", name);
        return -1;
    }
-    ebitmap_for_each_bit(&policydb->attr_type_map[attr->s.value - 1], n, bit) {
+    if (reverse) {
-        if (!ebitmap_node_get_bit(n, bit))
+        if (dat->flavor != TYPE_TYPE) {
-            continue;
+            fprintf(stderr, "%s is an attribute not a type in this policy.\n", name);
-        printf("%s\n", policydb->p_type_val_to_name[bit]);
+            return -1;
+        }
+    } else {
+        if (dat->flavor != TYPE_ATTRIB) {
+            fprintf(stderr, "%s is a type not an attribute in this policy.\n", name);
+            return -1;
+        }
    }
+    retrieve_mapping(policydb, dat, name, reverse);
    return 0;
 }
 int attribute_func (int argc, char **argv, policydb_t *policydb) {
-    if (argc != 2) {
+    int reverse = 0;
+    char ch;
+    struct option attribute_options[] = {
+        {"reverse", no_argument, NULL, 'r'},
+        {NULL, 0, NULL, 0}
+    };
+    while ((ch = getopt_long(argc, argv, "r", attribute_options, NULL)) != -1) {
+        switch (ch) {
+        case 'r':
+            reverse = 1;
+            break;
+        default:
+            USAGE_ERROR = true;
+            return -1;
+        }
+    }
+    if (argc != 2 && !(reverse && argc == 3)) {
        USAGE_ERROR = true;
        return -1;
    }
-    return list_attribute(policydb, argv[1]);
+    return list_attribute(policydb, argv[optind], reverse);
 }
author	Dan Cashman	2017-03-30 16:51:51 -0500
committer	Nick Kralevich	2017-04-06 11:46:38 -0500
commit	3a68bd169bc7e7701df79417f66af08fc7ce8718 (patch)
tree	947e62b6bb49e8722e1708bb6f4c93089580d88f /tools
parent	7c3dbfeb69a345f1aaf545a018e6cbf6dc2c3f61 (diff)
download	system-sepolicy-3a68bd169bc7e7701df79417f66af08fc7ce8718.tar.gz system-sepolicy-3a68bd169bc7e7701df79417f66af08fc7ce8718.tar.xz system-sepolicy-3a68bd169bc7e7701df79417f66af08fc7ce8718.zip

diff --git a/tools/sepolicy-analyze/README b/tools/sepolicy-analyze/README index d18609a7..fdee588e 100644 --- a/tools/sepolicy-analyze/README +++ b/tools/sepolicy-analyze/README
@@ -65,6 +65,10 @@ sepolicy-analyze
65		65
66	Displays the types associated with the specified attribute name.	66	Displays the types associated with the specified attribute name.
67		67
		68	sepolicy-analyze out/target/product/<board>/root/sepolicy attribute -r <name>
		69
		70	Displays the attributes associated with the specified type name.
		71
68	NEVERALLOW CHECKING (neverallow)	72	NEVERALLOW CHECKING (neverallow)
69	sepolicy-analyze out/target/product/<board>/root/sepolicy neverallow \	73	sepolicy-analyze out/target/product/<board>/root/sepolicy neverallow \
70	[-w] [-d] [-f neverallows.conf] \| [-n "neverallow string"]	74	[-w] [-d] [-f neverallows.conf] \| [-n "neverallow string"]


diff --git a/tools/sepolicy-analyze/attribute.c b/tools/sepolicy-analyze/attribute.c index 474bda2f..ae98aa98 100644 --- a/tools/sepolicy-analyze/attribute.c +++ b/tools/sepolicy-analyze/attribute.c
@@ -1,39 +1,81 @@
		1	#include <getopt.h>
		2
1	#include "attribute.h"	3	#include "attribute.h"
2		4
3	void attribute_usage() {	5	void attribute_usage() {
4	fprintf(stderr, "\tattribute <attribute-name>\n");	6	fprintf(stderr, "\tattribute <name> [-r\|--reverse]\n");
5	}	7	}
6		8
7	static int list_attribute(policydb_t * policydb, char *name)	9	static void retrieve_mapping(policydb_t policydb, struct type_datum dat, char *name, int reverse) {
8	{
9	struct type_datum *attr;
10	struct ebitmap_node *n;	10	struct ebitmap_node *n;
11	unsigned int bit;	11	unsigned int bit;
12		12
13	attr = hashtab_search(policydb->p_types.table, name);	13	if (reverse) {
14	if (!attr) {	14	ebitmap_for_each_bit(&policydb->type_attr_map[dat->s.value - 1], n, bit) {
15	fprintf(stderr, "%s is not defined in this policy.\n", name);	15	if (!ebitmap_node_get_bit(n, bit))
16	return -1;	16	continue;
		17	if (!strcmp(policydb->p_type_val_to_name[bit], name))
		18	continue;
		19	printf("%s\n", policydb->p_type_val_to_name[bit]);
		20	}
		21	} else {
		22	ebitmap_for_each_bit(&policydb->attr_type_map[dat->s.value - 1], n, bit) {
		23	if (!ebitmap_node_get_bit(n, bit))
		24	continue;
		25	printf("%s\n", policydb->p_type_val_to_name[bit]);
		26	}
17	}	27	}
		28	}
		29
		30	static int list_attribute(policydb_t policydb, char name, int reverse)
		31	{
		32	struct type_datum *dat;
18		33
19	if (attr->flavor != TYPE_ATTRIB) {	34	dat = hashtab_search(policydb->p_types.table, name);
20	fprintf(stderr, "%s is a type not an attribute in this policy.\n", name);	35	if (!dat) {
		36	fprintf(stderr, "%s is not defined in this policy.\n", name);
21	return -1;	37	return -1;
22	}	38	}
23		39
24	ebitmap_for_each_bit(&policydb->attr_type_map[attr->s.value - 1], n, bit) {	40	if (reverse) {
25	if (!ebitmap_node_get_bit(n, bit))	41	if (dat->flavor != TYPE_TYPE) {
26	continue;	42	fprintf(stderr, "%s is an attribute not a type in this policy.\n", name);
27	printf("%s\n", policydb->p_type_val_to_name[bit]);	43	return -1;
		44	}
		45	} else {
		46	if (dat->flavor != TYPE_ATTRIB) {
		47	fprintf(stderr, "%s is a type not an attribute in this policy.\n", name);
		48	return -1;
		49	}
28	}	50	}
		51	retrieve_mapping(policydb, dat, name, reverse);
29		52
30	return 0;	53	return 0;
31	}	54	}
32		55
33	int attribute_func (int argc, char *argv, policydb_t policydb) {	56	int attribute_func (int argc, char *argv, policydb_t policydb) {
34	if (argc != 2) {	57	int reverse = 0;
		58	char ch;
		59
		60	struct option attribute_options[] = {
		61	{"reverse", no_argument, NULL, 'r'},
		62	{NULL, 0, NULL, 0}
		63	};
		64
		65	while ((ch = getopt_long(argc, argv, "r", attribute_options, NULL)) != -1) {
		66	switch (ch) {
		67	case 'r':
		68	reverse = 1;
		69	break;
		70	default:
		71	USAGE_ERROR = true;
		72	return -1;
		73	}
		74	}
		75
		76	if (argc != 2 && !(reverse && argc == 3)) {
35	USAGE_ERROR = true;	77	USAGE_ERROR = true;
36	return -1;	78	return -1;
37	}	79	}
38	return list_attribute(policydb, argv[1]);	80	return list_attribute(policydb, argv[optind], reverse);
39	}	81	}