55 lines
1.8 KiB
Bash
55 lines
1.8 KiB
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
# Generate the amend policy in cil format.
|
|
echo "(type foo)" > test_sepolicy.cil
|
|
echo "(typeattribute bar)" >> test_sepolicy.cil
|
|
echo "(typeattributeset bar (foo))" >> test_sepolicy.cil
|
|
echo "(allow foo bar (file (read)))" >> test_sepolicy.cil
|
|
|
|
# Generate the definitions file containing (re)definitions of existing types/classes/attributes, and
|
|
# of preliminary symbols. This file is needed by seamendc to successfully parse the CIL policy.
|
|
echo "(sid test)" > definitions.cil
|
|
echo "(sidorder (test))" >> definitions.cil
|
|
echo "(class file (read))" >> definitions.cil
|
|
echo "(classorder (file))" >> definitions.cil
|
|
|
|
# Compile binary and amend policies using secilc.
|
|
./secilc -m -M true -G -N -c 30 \
|
|
-o sepolicy+test-secilc.binary \
|
|
plat_sepolicy.cil \
|
|
plat_pub_versioned.cil \
|
|
system_ext_sepolicy.cil \
|
|
product_sepolicy.cil \
|
|
vendor_sepolicy.cil \
|
|
odm_sepolicy.cil \
|
|
test_sepolicy.cil
|
|
|
|
# Compile binary policy and use seamendc to amend the binary file.
|
|
./secilc -m -M true -G -N -c 30 \
|
|
-o sepolicy.binary \
|
|
plat_sepolicy.cil \
|
|
plat_pub_versioned.cil \
|
|
system_ext_sepolicy.cil \
|
|
product_sepolicy.cil \
|
|
vendor_sepolicy.cil \
|
|
odm_sepolicy.cil
|
|
|
|
./seamendc -vv \
|
|
-o sepolicy+test-seamendc.binary \
|
|
-b sepolicy.binary \
|
|
test_sepolicy.cil definitions.cil
|
|
|
|
# Diff the generated binary policies.
|
|
./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-secilc.binary \
|
|
-s foo > secilc.diff
|
|
./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-seamendc.binary \
|
|
-s foo > seamendc.diff
|
|
diff secilc.diff seamendc.diff
|
|
|
|
./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-secilc.binary \
|
|
-t foo > secilc.diff
|
|
./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-seamendc.binary \
|
|
-t foo > seamendc.diff
|
|
diff secilc.diff seamendc.diff
|