Blame - tests/searchpolicy.py - android_system_sepolicy

blob: ff9318b7f14ebeeb135486dcdb00a9a3db22a5cb [file] [log] [blame]

Dan Cashman	91d398d	2017-09-26 12:58:29 -0700	[diff] [blame]	1	#!/usr/bin/env python
				2
				3	import argparse
				4	import policy
				5
				6	parser = argparse.ArgumentParser(
				7	description="SELinux policy rule search tool. Intended to have a similar "
				8	+ "API as sesearch, but simplified to use only code availabe in AOSP")
				9	parser.add_argument("policy", help="Path to the SELinux policy to search.", nargs="?")
				10	parser.add_argument("--libpath", dest="libpath", help="Path to the libsepolwrap.so", nargs="?")
				11	tertypes = parser.add_argument_group("TE Rule Types")
				12	tertypes.add_argument("--allow", action="append_const",
				13	const="allow", dest="tertypes",
				14	help="Search allow rules.")
				15	expr = parser.add_argument_group("Expressions")
				16	expr.add_argument("-s", "--source",
				17	help="Source type/role of the TE/RBAC rule.")
				18	expr.add_argument("-t", "--target",
				19	help="Target type/role of the TE/RBAC rule.")
				20	expr.add_argument("-c", "--class", dest="tclass",
				21	help="Comma separated list of object classes")
				22	expr.add_argument("-p", "--perms", metavar="PERMS",
				23	help="Comma separated list of permissions.")
				24
				25	args = parser.parse_args()
				26
				27	if not args.tertypes:
				28	parser.error("Must specify \"--allow\"")
				29
				30	if not args.policy:
				31	parser.error("Must include path to policy")
				32	if not args.libpath:
				33	parser.error("Must include path to libsepolwrap library")
				34
				35	if not (args.source or args.target or args.tclass or args.perms):
				36	parser.error("Must something to filter on, e.g. --source, --target, etc.")
				37
				38	pol = policy.Policy(args.policy, None, args.libpath)
				39
				40	if args.source:
				41	scontext = {args.source}
				42	else:
				43	scontext = set()
				44	if args.target:
				45	tcontext = {args.target}
				46	else:
				47	tcontext = set()
				48	if args.tclass:
				49	tclass = set(args.tclass.split(","))
				50	else:
				51	tclass = set()
				52	if args.perms:
				53	perms = set(args.perms.split(","))
				54	else:
				55	perms = set()
				56
				57	TERules = pol.QueryTERule(scontext=scontext,
				58	tcontext=tcontext,
				59	tclass=tclass,
				60	perms=perms)
				61
				62	# format rules for printing
				63	rules = []
				64	for r in TERules:
				65	if len(r.perms) > 1:
				66	rules.append("allow " + r.sctx + " " + r.tctx + ":" + r.tclass + " { " +
				67	" ".join(r.perms) + " };")
				68	else:
				69	rules.append("allow " + r.sctx + " " + r.tctx + ":" + r.tclass + " " +
				70	" ".join(r.perms) + ";")
				71
				72	for r in sorted(rules):
				73	print r