Merge "system_server: neverallow blk_file read/write"
diff --git a/tools/sepolicy-analyze/Android.mk b/tools/sepolicy-analyze/Android.mk
index 2667d56..3f95702 100644
--- a/tools/sepolicy-analyze/Android.mk
+++ b/tools/sepolicy-analyze/Android.mk
@@ -7,7 +7,7 @@
LOCAL_MODULE_TAGS := optional
LOCAL_C_INCLUDES := external/libsepol/include
LOCAL_CFLAGS := -Wall -Werror
-LOCAL_SRC_FILES := sepolicy-analyze.c dups.c neverallow.c perm.c typecmp.c utils.c
+LOCAL_SRC_FILES := sepolicy-analyze.c dups.c neverallow.c perm.c typecmp.c booleans.c utils.c
LOCAL_STATIC_LIBRARIES := libsepol
include $(BUILD_HOST_EXECUTABLE)
diff --git a/tools/sepolicy-analyze/README b/tools/sepolicy-analyze/README
index f78eb66..6e3f83b 100644
--- a/tools/sepolicy-analyze/README
+++ b/tools/sepolicy-analyze/README
@@ -53,6 +53,13 @@
permissive domains can be helpful during development, they
should not be present in a final -user build.
+ BOOLEANS (booleans)
+ sepolicy-analyze out/target/product/<board>/root/sepolicy booleans
+
+ Displays the number of booleans defined in the policy. Policy
+ booleans are forbidden in Android policy, so if the output is
+ non-zero, the policy will fail CTS.
+
NEVERALLOW CHECKING (neverallow)
sepolicy-analyze out/target/product/<board>/root/sepolicy neverallow \
[-w] [-d] [-f neverallows.conf] | [-n "neverallow string"]
diff --git a/tools/sepolicy-analyze/booleans.c b/tools/sepolicy-analyze/booleans.c
new file mode 100644
index 0000000..6533b89
--- /dev/null
+++ b/tools/sepolicy-analyze/booleans.c
@@ -0,0 +1,21 @@
+#include "booleans.h"
+#include <sepol/booleans.h>
+
+void booleans_usage() {
+ fprintf(stderr, "\tbooleans\n");
+}
+
+int booleans_func (int argc, __attribute__ ((unused)) char **argv, policydb_t *policydb) {
+ int rc;
+ unsigned int count;
+ if (argc != 1) {
+ USAGE_ERROR = true;
+ return -1;
+ }
+ rc = sepol_bool_count(NULL, (const struct sepol_policydb *) policydb,
+ &count);
+ if (rc)
+ return rc;
+ printf("%u\n", count);
+ return 0;
+}
diff --git a/tools/sepolicy-analyze/booleans.h b/tools/sepolicy-analyze/booleans.h
new file mode 100644
index 0000000..bfbe0e1
--- /dev/null
+++ b/tools/sepolicy-analyze/booleans.h
@@ -0,0 +1,11 @@
+#ifndef BOOLEANS_H
+#define BOOLEANS_H
+
+#include <sepol/policydb/policydb.h>
+
+#include "utils.h"
+
+void booleans_usage(void);
+int booleans_func(int argc, char **argv, policydb_t *policydb);
+
+#endif /* BOOLEANS_H */
diff --git a/tools/sepolicy-analyze/sepolicy-analyze.c b/tools/sepolicy-analyze/sepolicy-analyze.c
index 8c0c423..a6fa200 100644
--- a/tools/sepolicy-analyze/sepolicy-analyze.c
+++ b/tools/sepolicy-analyze/sepolicy-analyze.c
@@ -6,6 +6,7 @@
#include "neverallow.h"
#include "perm.h"
#include "typecmp.h"
+#include "booleans.h"
#include "utils.h"
#define NUM_COMPONENTS (int) (sizeof(analyze_components)/sizeof(analyze_components[0]))
@@ -20,7 +21,8 @@
COMP(dups),
COMP(neverallow),
COMP(permissive),
- COMP(typecmp)
+ COMP(typecmp),
+ COMP(booleans)
};
void usage(char *arg0)