Blame - tools/selinux/src/gen_SELinux_CTS.py - platform/cts

blob: 85d49a8cd9f85a67a09d1346b146fba37451dcfe [file] [log] [blame]

Nick Kralevich	c762485	2014-10-01 11:23:51 -0700	[diff] [blame]	1	#!/usr/bin/python
				2	# genCheckAccessCTS.py - takes an input SELinux policy.conf file and generates
				3	# an XML file based on the allow and neverallow rules. The file contains rules,
				4	# which are created by expanding the SELinux rule notation into the individual
				5	# components which a checkAccess() check, that a policy manager would have to
				6	# perform, needs.
				7	#
				8	# This test does not work with all valid SELinux policy.conf files. It is meant
				9	# to simply use a given AOSP generated policy.conf file to create sets
				10	# representing the policy's types, attributes, classes and permissions, which
				11	# are used to expand the allow and neverallow rules found. For a full parser
				12	# and compiler of SELinux, see external/checkpolicy.
				13	# @dcashman
				14
				15	import pdb
				16	import re
				17	import sys
				18	from xml.etree.ElementTree import Element, SubElement, tostring
				19	from xml.dom import minidom
				20
				21	import SELinux_CTS
				22	from SELinux_CTS import SELinuxPolicy
				23
				24	usage = "Usage: ./gen_SELinux_CTS.py input_policy_file output_xml_avc_rules_file neverallow_only=[t/f]"
				25
				26	if __name__ == "__main__":
				27	# check usage
				28	if len(sys.argv) != 4:
				29	print usage
				30	exit()
				31	input_file = sys.argv[1]
				32	output_file = sys.argv[2]
				33	neverallow_only = (sys.argv[3] == "neverallow_only=t")
				34	policy = SELinuxPolicy()
				35	policy.from_file_name(input_file) #load data from file
				36
				37	# expand rules into 4-tuples for SELinux.h checkAccess() check
				38	xml_root = Element('SELinux_AVC_Rules')
				39	if not neverallow_only:
				40	count = 1
				41	for a in policy.allow_rules:
				42	expanded_xml = SELinux_CTS.expand_avc_rule_to_xml(policy, a, str(count), 'allow')
				43	if len(expanded_xml):
				44	xml_root.append(expanded_xml)
				45	count += 1
				46	count = 1
				47	for n in policy.neverallow_rules:
				48	expanded_xml = SELinux_CTS.expand_avc_rule_to_xml(policy, n, str(count), 'neverallow')
				49	if len(expanded_xml):
				50	xml_root.append(expanded_xml)
				51	count += 1
				52
				53	#print out the xml file
				54	s = tostring(xml_root)
				55	s_parsed = minidom.parseString(s)
				56	output = s_parsed.toprettyxml(indent=" ")
				57	with open(output_file, 'w') as out_file:
				58	out_file.write(output)