• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/python
2# genCheckAccessCTS.py - takes an input SELinux policy.conf file and generates
3# an XML file based on the allow and neverallow rules.  The file contains rules,
4# which are created by expanding the SELinux rule notation into the individual
5# components which a checkAccess() check, that a policy manager would have to
6# perform, needs.
7#
8# This test does not work with all valid SELinux policy.conf files.  It is meant
9# to simply use a given AOSP generated policy.conf file to create sets
10# representing the policy's types, attributes, classes and permissions, which
11# are used to expand the allow and neverallow rules found.  For a full parser
12# and compiler of SELinux, see external/checkpolicy.
13# @dcashman
14
15import pdb
16import re
17import sys
18from xml.etree.ElementTree import Element, SubElement, tostring
19from xml.dom import minidom
20
21import SELinux_CTS
22from SELinux_CTS import SELinuxPolicy
23
24usage = "Usage: ./gen_SELinux_CTS.py input_policy_file output_xml_avc_rules_file neverallow_only=[t/f]"
25
26if __name__ == "__main__":
27    # check usage
28    if len(sys.argv) != 4:
29        print usage
30        exit()
31    input_file = sys.argv[1]
32    output_file = sys.argv[2]
33    neverallow_only = (sys.argv[3] == "neverallow_only=t")
34    policy = SELinuxPolicy()
35    policy.from_file_name(input_file) #load data from file
36
37    # expand rules into 4-tuples for SELinux.h checkAccess() check
38    xml_root = Element('SELinux_AVC_Rules')
39    if not neverallow_only:
40        count = 1
41        for a in policy.allow_rules:
42            expanded_xml = SELinux_CTS.expand_avc_rule_to_xml(policy, a, str(count), 'allow')
43            if len(expanded_xml):
44                xml_root.append(expanded_xml)
45                count += 1
46    count = 1
47    for n in policy.neverallow_rules:
48        expanded_xml = SELinux_CTS.expand_avc_rule_to_xml(policy, n, str(count), 'neverallow')
49        if len(expanded_xml):
50            xml_root.append(expanded_xml)
51            count += 1
52
53    #print out the xml file
54    s = tostring(xml_root)
55    s_parsed = minidom.parseString(s)
56    output = s_parsed.toprettyxml(indent="    ")
57    with open(output_file, 'w') as out_file:
58        out_file.write(output)
59