am d06104d8: Merge "property_contexts checks added to checkfc."
* commit 'd06104d873a4256f8a6fb66ee0f930abbc15f8a1':
property_contexts checks added to checkfc.
diff --git a/Android.mk b/Android.mk
index 9a5ee9d..fee8fd4 100644
--- a/Android.mk
+++ b/Android.mk
@@ -122,7 +122,6 @@
$(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $<
seapp_contexts.tmp :=
-built_sepolicy :=
##################################
include $(CLEAR_VARS)
@@ -133,12 +132,16 @@
include $(BUILD_SYSTEM)/base_rules.mk
-property_contexts := $(intermediates)/property_contexts
-$(property_contexts): $(call build_policy, property_contexts)
+ALL_PC_FILES := $(call build_policy, property_contexts)
+
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): $(ALL_PC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
@mkdir -p $(dir $@)
- $(hide) m4 -s $^ > $@
+ $(hide) m4 -s $(ALL_PC_FILES) > $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
property_contexts :=
+built_sepolicy :=
##################################
##################################
diff --git a/tools/checkfc.c b/tools/checkfc.c
index 4be3216..eb256a3 100644
--- a/tools/checkfc.c
+++ b/tools/checkfc.c
@@ -1,3 +1,4 @@
+#include <getopt.h>
#include <stdio.h>
#include <stdlib.h>
#include <sepol/sepol.h>
@@ -16,43 +17,77 @@
return 0;
}
+static void usage(char *name) {
+ fprintf(stderr, "usage: %s [OPTIONS] sepolicy context_file\n\n", name);
+ fprintf(stderr, "Parses a context file and checks for syntax errors.\n");
+ fprintf(stderr, "The context_file is assumed to be a file_contexts file\n");
+ fprintf(stderr, "unless explicitly switched by an option.\n\n");
+ fprintf(stderr, " OPTIONS:\n");
+ fprintf(stderr, " -p : context file represents a property_context file.\n");
+ fprintf(stderr, "\n");
+ exit(1);
+}
+
int main(int argc, char **argv)
{
struct selinux_opt opts[] = {
{ SELABEL_OPT_VALIDATE, (void*)1 },
{ SELABEL_OPT_PATH, NULL }
};
+
+ // Default backend unless changed by input argument.
+ unsigned int backend = SELABEL_CTX_FILE;
+
FILE *fp;
struct selabel_handle *sehnd;
+ char c;
- if (argc != 3) {
- fprintf(stderr, "usage: %s policy file_contexts\n", argv[0]);
- exit(1);
+ while ((c = getopt(argc, argv, "ph")) != -1) {
+ switch (c) {
+ case 'p':
+ backend = SELABEL_CTX_ANDROID_PROP;
+ break;
+ case 'h':
+ default:
+ usage(argv[0]);
+ break;
+ }
}
- fp = fopen(argv[1], "r");
+ int index = optind;
+ if (argc - optind != 2) {
+ fprintf(stderr, "Expected sepolicy file and context file as arguments.\n");
+ usage(argv[0]);
+ }
+
+ // remaining args are sepolicy file and context file
+ char *sepolicyFile = argv[index];
+ char *contextFile = argv[index + 1];
+
+ fp = fopen(sepolicyFile, "r");
if (!fp) {
- perror(argv[1]);
+ perror(sepolicyFile);
exit(2);
}
if (sepol_set_policydb_from_file(fp) < 0) {
- fprintf(stderr, "Error loading policy from %s\n", argv[1]);
+ fprintf(stderr, "Error loading policy from %s\n", sepolicyFile);
exit(3);
}
selinux_set_callback(SELINUX_CB_VALIDATE,
(union selinux_callback)&validate);
+ opts[1].value = contextFile;
- opts[1].value = argv[2];
- sehnd = selabel_open(SELABEL_CTX_FILE, opts, 2);
+ sehnd = selabel_open(backend, opts, 2);
if (!sehnd) {
- fprintf(stderr, "Error loading file contexts from %s\n", argv[2]);
+ fprintf(stderr, "Error loading context file from %s\n", contextFile);
exit(4);
}
if (nerr) {
- fprintf(stderr, "Invalid file contexts found in %s\n", argv[2]);
+ fprintf(stderr, "Invalid context file found in %s\n", contextFile);
exit(5);
}
+
exit(0);
}
