| #!/bin/bash |
| set -e |
| |
| # Generate the amend policy in cil format. |
| echo "(type foo)" > test_sepolicy.cil |
| echo "(typeattribute bar)" >> test_sepolicy.cil |
| echo "(typeattributeset bar (foo))" >> test_sepolicy.cil |
| echo "(allow foo bar (file (read)))" >> test_sepolicy.cil |
| |
| # Generate the definitions file containing (re)definitions of existing types/classes/attributes, and |
| # of preliminary symbols. This file is needed by seamendc to successfully parse the CIL policy. |
| echo "(sid test)" > definitions.cil |
| echo "(sidorder (test))" >> definitions.cil |
| echo "(class file (read))" >> definitions.cil |
| echo "(classorder (file))" >> definitions.cil |
| |
| # Compile binary and amend policies using secilc. |
| ./secilc -m -M true -G -N -c 30 \ |
| -o sepolicy+test-secilc.binary \ |
| plat_sepolicy.cil \ |
| plat_pub_versioned.cil \ |
| system_ext_sepolicy.cil \ |
| product_sepolicy.cil \ |
| vendor_sepolicy.cil \ |
| odm_sepolicy.cil \ |
| test_sepolicy.cil |
| |
| # Compile binary policy and use seamendc to amend the binary file. |
| ./secilc -m -M true -G -N -c 30 \ |
| -o sepolicy.binary \ |
| plat_sepolicy.cil \ |
| plat_pub_versioned.cil \ |
| system_ext_sepolicy.cil \ |
| product_sepolicy.cil \ |
| vendor_sepolicy.cil \ |
| odm_sepolicy.cil |
| |
| ./seamendc -vv \ |
| -o sepolicy+test-seamendc.binary \ |
| -b sepolicy.binary \ |
| test_sepolicy.cil definitions.cil |
| |
| # Diff the generated binary policies. |
| ./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-secilc.binary \ |
| -s foo > secilc.diff |
| ./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-seamendc.binary \ |
| -s foo > seamendc.diff |
| diff secilc.diff seamendc.diff |
| |
| ./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-secilc.binary \ |
| -t foo > secilc.diff |
| ./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-seamendc.binary \ |
| -t foo > seamendc.diff |
| diff secilc.diff seamendc.diff |