1*b7c941bbSAndroid Build Coastguard Worker#!/bin/bash 2*b7c941bbSAndroid Build Coastguard Workerset -e 3*b7c941bbSAndroid Build Coastguard Worker 4*b7c941bbSAndroid Build Coastguard Worker# Generate the amend policy in cil format. 5*b7c941bbSAndroid Build Coastguard Workerecho "(type foo)" > test_sepolicy.cil 6*b7c941bbSAndroid Build Coastguard Workerecho "(typeattribute bar)" >> test_sepolicy.cil 7*b7c941bbSAndroid Build Coastguard Workerecho "(typeattributeset bar (foo))" >> test_sepolicy.cil 8*b7c941bbSAndroid Build Coastguard Workerecho "(allow foo bar (file (read)))" >> test_sepolicy.cil 9*b7c941bbSAndroid Build Coastguard Worker 10*b7c941bbSAndroid Build Coastguard Worker# Generate the definitions file containing (re)definitions of existing types/classes/attributes, and 11*b7c941bbSAndroid Build Coastguard Worker# of preliminary symbols. This file is needed by seamendc to successfully parse the CIL policy. 12*b7c941bbSAndroid Build Coastguard Workerecho "(sid test)" > definitions.cil 13*b7c941bbSAndroid Build Coastguard Workerecho "(sidorder (test))" >> definitions.cil 14*b7c941bbSAndroid Build Coastguard Workerecho "(class file (read))" >> definitions.cil 15*b7c941bbSAndroid Build Coastguard Workerecho "(classorder (file))" >> definitions.cil 16*b7c941bbSAndroid Build Coastguard Worker 17*b7c941bbSAndroid Build Coastguard Worker# Compile binary and amend policies using secilc. 18*b7c941bbSAndroid Build Coastguard Worker./secilc -m -M true -G -N -c 30 \ 19*b7c941bbSAndroid Build Coastguard Worker -o sepolicy+test-secilc.binary \ 20*b7c941bbSAndroid Build Coastguard Worker plat_sepolicy.cil \ 21*b7c941bbSAndroid Build Coastguard Worker plat_pub_versioned.cil \ 22*b7c941bbSAndroid Build Coastguard Worker system_ext_sepolicy.cil \ 23*b7c941bbSAndroid Build Coastguard Worker product_sepolicy.cil \ 24*b7c941bbSAndroid Build Coastguard Worker vendor_sepolicy.cil \ 25*b7c941bbSAndroid Build Coastguard Worker odm_sepolicy.cil \ 26*b7c941bbSAndroid Build Coastguard Worker test_sepolicy.cil 27*b7c941bbSAndroid Build Coastguard Worker 28*b7c941bbSAndroid Build Coastguard Worker# Compile binary policy and use seamendc to amend the binary file. 29*b7c941bbSAndroid Build Coastguard Worker./secilc -m -M true -G -N -c 30 \ 30*b7c941bbSAndroid Build Coastguard Worker -o sepolicy.binary \ 31*b7c941bbSAndroid Build Coastguard Worker plat_sepolicy.cil \ 32*b7c941bbSAndroid Build Coastguard Worker plat_pub_versioned.cil \ 33*b7c941bbSAndroid Build Coastguard Worker system_ext_sepolicy.cil \ 34*b7c941bbSAndroid Build Coastguard Worker product_sepolicy.cil \ 35*b7c941bbSAndroid Build Coastguard Worker vendor_sepolicy.cil \ 36*b7c941bbSAndroid Build Coastguard Worker odm_sepolicy.cil 37*b7c941bbSAndroid Build Coastguard Worker 38*b7c941bbSAndroid Build Coastguard Worker./seamendc -vv \ 39*b7c941bbSAndroid Build Coastguard Worker -o sepolicy+test-seamendc.binary \ 40*b7c941bbSAndroid Build Coastguard Worker -b sepolicy.binary \ 41*b7c941bbSAndroid Build Coastguard Worker test_sepolicy.cil definitions.cil 42*b7c941bbSAndroid Build Coastguard Worker 43*b7c941bbSAndroid Build Coastguard Worker# Diff the generated binary policies. 44*b7c941bbSAndroid Build Coastguard Worker./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-secilc.binary \ 45*b7c941bbSAndroid Build Coastguard Worker -s foo > secilc.diff 46*b7c941bbSAndroid Build Coastguard Worker./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-seamendc.binary \ 47*b7c941bbSAndroid Build Coastguard Worker -s foo > seamendc.diff 48*b7c941bbSAndroid Build Coastguard Workerdiff secilc.diff seamendc.diff 49*b7c941bbSAndroid Build Coastguard Worker 50*b7c941bbSAndroid Build Coastguard Worker./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-secilc.binary \ 51*b7c941bbSAndroid Build Coastguard Worker -t foo > secilc.diff 52*b7c941bbSAndroid Build Coastguard Worker./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-seamendc.binary \ 53*b7c941bbSAndroid Build Coastguard Worker -t foo > seamendc.diff 54*b7c941bbSAndroid Build Coastguard Workerdiff secilc.diff seamendc.diff 55