tools/selinux/src/gen_SELinux_CTS.py - platform/cts - Git at Google

 #!/usr/bin/python
 # genCheckAccessCTS.py - takes an input SELinux policy.conf file and generates
 # an XML file based on the allow and neverallow rules.  The file contains rules,
 # which are created by expanding the SELinux rule notation into the individual
 # components which a checkAccess() check, that a policy manager would have to
 # perform, needs.
 #
 # This test does not work with all valid SELinux policy.conf files.  It is meant
 # to simply use a given AOSP generated policy.conf file to create sets
 # representing the policy's types, attributes, classes and permissions, which
 # are used to expand the allow and neverallow rules found.  For a full parser
 # and compiler of SELinux, see external/checkpolicy.
 # @dcashman

 import pdb
 import re
 import sys
 from xml.etree.ElementTree import Element, SubElement, tostring
 from xml.dom import minidom

 import SELinux_CTS
 from SELinux_CTS import SELinuxPolicy

 usage = "Usage: ./gen_SELinux_CTS.py input_policy_file output_xml_avc_rules_file neverallow_only=[t/f]"

 if __name__ == "__main__":
     # check usage
     if len(sys.argv) != 4:
         print usage
         exit()
     input_file = sys.argv[1]
     output_file = sys.argv[2]
     neverallow_only = (sys.argv[3] == "neverallow_only=t")
     policy = SELinuxPolicy()
     policy.from_file_name(input_file) #load data from file

     # expand rules into 4-tuples for SELinux.h checkAccess() check
     xml_root = Element('SELinux_AVC_Rules')
     if not neverallow_only:
         count = 1
         for a in policy.allow_rules:
             expanded_xml = SELinux_CTS.expand_avc_rule_to_xml(policy, a, str(count), 'allow')
             if len(expanded_xml):
                 xml_root.append(expanded_xml)
                 count += 1
     count = 1
     for n in policy.neverallow_rules:
         expanded_xml = SELinux_CTS.expand_avc_rule_to_xml(policy, n, str(count), 'neverallow')
         if len(expanded_xml):
             xml_root.append(expanded_xml)
             count += 1

     #print out the xml file
     s = tostring(xml_root)
     s_parsed = minidom.parseString(s)
     output = s_parsed.toprettyxml(indent="    ")
     with open(output_file, 'w') as out_file:
         out_file.write(output)
	#!/usr/bin/python
	# genCheckAccessCTS.py - takes an input SELinux policy.conf file and generates
	# an XML file based on the allow and neverallow rules. The file contains rules,
	# which are created by expanding the SELinux rule notation into the individual
	# components which a checkAccess() check, that a policy manager would have to
	# perform, needs.
	#
	# This test does not work with all valid SELinux policy.conf files. It is meant
	# to simply use a given AOSP generated policy.conf file to create sets
	# representing the policy's types, attributes, classes and permissions, which
	# are used to expand the allow and neverallow rules found. For a full parser
	# and compiler of SELinux, see external/checkpolicy.
	# @dcashman

	import pdb
	import re
	import sys
	from xml.etree.ElementTree import Element, SubElement, tostring
	from xml.dom import minidom

	import SELinux_CTS
	from SELinux_CTS import SELinuxPolicy

	usage = "Usage: ./gen_SELinux_CTS.py input_policy_file output_xml_avc_rules_file neverallow_only=[t/f]"

	if __name__ == "__main__":
	# check usage
	if len(sys.argv) != 4:
	print usage
	exit()
	input_file = sys.argv[1]
	output_file = sys.argv[2]
	neverallow_only = (sys.argv[3] == "neverallow_only=t")
	policy = SELinuxPolicy()
	policy.from_file_name(input_file) #load data from file

	# expand rules into 4-tuples for SELinux.h checkAccess() check
	xml_root = Element('SELinux_AVC_Rules')
	if not neverallow_only:
	count = 1
	for a in policy.allow_rules:
	expanded_xml = SELinux_CTS.expand_avc_rule_to_xml(policy, a, str(count), 'allow')
	if len(expanded_xml):
	xml_root.append(expanded_xml)
	count += 1
	count = 1
	for n in policy.neverallow_rules:
	expanded_xml = SELinux_CTS.expand_avc_rule_to_xml(policy, n, str(count), 'neverallow')
	if len(expanded_xml):
	xml_root.append(expanded_xml)
	count += 1

	#print out the xml file
	s = tostring(xml_root)
	s_parsed = minidom.parseString(s)
	output = s_parsed.toprettyxml(indent=" ")
	with open(output_file, 'w') as out_file:
	out_file.write(output)