Home Explore Help
Register Sign In
drachfly
/
android10
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
android10
/
system
/
sepolicy
/
tests
/
searchpolicy.py

searchpolicy.py 2.3 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. #!/usr/bin/env python
    2. 

  2. 

  3. import argparse
    4. 

  4. import policy
    5. 

  5. 

  6. parser = argparse.ArgumentParser(
    7. 

  7.     description="SELinux policy rule search tool. Intended to have a similar "
    8. 

  8.         + "API as sesearch, but simplified to use only code availabe in AOSP")
    9. 

  9. parser.add_argument("policy", help="Path to the SELinux policy to search.", nargs="?")
    10. 

  10. parser.add_argument("--libpath", dest="libpath", help="Path to the libsepolwrap.so", nargs="?")
    11. 

  11. tertypes = parser.add_argument_group("TE Rule Types")
    12. 

  12. tertypes.add_argument("--allow", action="append_const",
    13. 

  13.                     const="allow", dest="tertypes",
    14. 

  14.                     help="Search allow rules.")
    15. 

  15. expr = parser.add_argument_group("Expressions")
    16. 

  16. expr.add_argument("-s", "--source",
    17. 

  17.                   help="Source type/role of the TE/RBAC rule.")
    18. 

  18. expr.add_argument("-t", "--target",
    19. 

  19.                   help="Target type/role of the TE/RBAC rule.")
    20. 

  20. expr.add_argument("-c", "--class", dest="tclass",
    21. 

  21.                   help="Comma separated list of object classes")
    22. 

  22. expr.add_argument("-p", "--perms", metavar="PERMS",
    23. 

  23.                   help="Comma separated list of permissions.")
    24. 

  24. 

  25. args = parser.parse_args()
    26. 

  26. 

  27. if not args.tertypes:
    28. 

  28.     parser.error("Must specify \"--allow\"")
    29. 

  29. 

  30. if not args.policy:
    31. 

  31.     parser.error("Must include path to policy")
    32. 

  32. if not args.libpath:
    33. 

  33.     parser.error("Must include path to libsepolwrap library")
    34. 

  34. 

  35. if not (args.source or args.target or args.tclass or args.perms):
    36. 

  36.     parser.error("Must something to filter on, e.g. --source, --target, etc.")
    37. 

  37. 

  38. pol = policy.Policy(args.policy, None, args.libpath)
    39. 

  39. 

  40. if args.source:
    41. 

  41.     scontext = {args.source}
    42. 

  42. else:
    43. 

  43.     scontext = set()
    44. 

  44. if args.target:
    45. 

  45.     tcontext = {args.target}
    46. 

  46. else:
    47. 

  47.     tcontext = set()
    48. 

  48. if args.tclass:
    49. 

  49.     tclass = set(args.tclass.split(","))
    50. 

  50. else:
    51. 

  51.     tclass = set()
    52. 

  52. if args.perms:
    53. 

  53.     perms = set(args.perms.split(","))
    54. 

  54. else:
    55. 

  55.     perms = set()
    56. 

  56. 

  57. TERules = pol.QueryTERule(scontext=scontext,
    58. 

  58.                        tcontext=tcontext,
    59. 

  59.                        tclass=tclass,
    60. 

  60.                        perms=perms)
    61. 

  61. 

  62. # format rules for printing
    63. 

  63. rules = []
    64. 

  64. for r in TERules:
    65. 

  65.     if len(r.perms) > 1:
    66. 

  66.         rules.append("allow " + r.sctx + " " + r.tctx + ":" + r.tclass + " { " +
    67. 

  67.                 " ".join(r.perms) + " };")
    68. 

  68.     else:
    69. 

  69.         rules.append("allow " + r.sctx + " " + r.tctx + ":" + r.tclass + " " +
    70. 

  70.                 " ".join(r.perms) + ";")
    71. 

  71. 

  72. for r in sorted(rules):
    73. 

  73.     print r
    74.