1All files and directories will be matched against entries taken from 2/data/local/perm_checker.conf, and any file/directory which fails the ruleset 3will cause an error message along with a corresponding explicit (fully 4specified and minimal) rule for that file/directory to be printed on 5stdout. If only the message "Passed." is printed on stdout, all files are 6correctly matched by perm_checker.conf. 7 8A file or directory will always fail the ruleset unless there is AT LEAST 9one matching rule. If there is an explicit (fully specified) <spec> 10matching the file or directory name, it will fail if and only if that 11explicit <spec> rule fails (i.e., other matching <spec> rules will be 12ignored). Otherwise, it will fail if _any_ matching wildcard or recursive 13<spec> rule fails to hold. 14 15Entries in the perm_checker.conf file are of the following form: 16 17<spec> <min_mode> <max_mode> <min_uid> <max_uid> <min_gid> <max_gid> 18 19Where <spec> is one of the following: 20 21A fully specified path name, which must end in / ex: /dev/ 22A fully specified filename, symlink, device node, etc. ex: /dev/tty0 23 24A recursive path specification, which ends in /... ex: /dev/... 25A wildcard file specification, which ends in * ex: /dev/tty* 26 27By convention /dev/* will include all files directly in /dev/, but not files 28that are in subdirectories of /dev/, such as /dev/input/, unlike a 29recursive path specification. The wildcard notation * will never result in 30a match to a directory name. 31 32NOTE: Symbolic links are treated specially to prevent infinite recursion 33and simplify the ruleset. Symbolic links are ignored unless an explicit 34rule with the same name as the symlink exists, in which case the permissions 35on the rule must match the permissions on the symlink itself, not the target. 36 37<min_mode> is a numeric mode mask, and a mode will match it if and only if 38(min_mode & mode) == min_mode. 39 40<max_mode> is a numeric mode mask, and a mode will match it if and only if 41(max_mode | mode) == max_mode. 42 43<min_uid> may be either a numeric user id, or a user name (which must not 44start with a number). If it is a user name, getpwnam() will be used to 45translate it to a numeric user id. 46 47<max_uid>, <min_gid>, and <max_gid> have similar syntax to <min_uid>. 48 49 50-- Tips -- 51 52I recommend to use 19999 as the maximum uid/gid whenever any valid 53application uid/gid is acceptable. 54 55Once the test is installed, it can be executed via: 56 57adb shell perm_checker 58 59To get a list of all failing rules: 60 61adb shell perm_checker | grep "^# INFO #" | sort | uniq 62 63To get a fully specified set of rules for all failing files: 64 65adb shell perm_checker | grep -v "^#" 66 67NOTE: There may be failing files even if no rules have failed, since a 68file that does not match any rule is a failure. 69