Re: master libsepol sepolicy parsing problem

Tue, 10 May 2016 12:58:49 -0700 

Jeffrey Vander Stoep wrote:

The policy binary format changed to make xperms more extensible, but
unfortunately (and irritatingly) not backwards compatible with Android M
which was already under lock down when Paul gave the final OK for upstream
submission. This isn't the first time this issue has been raised:
http://marc.info/?l=seandroid-list&m=143446867511331&w=2

This issue is the reason why policy analysis tools were added to the source
tree. The recommendation is to use tools from the same version of Android
as the policy you're analyzing. Sorry, wish I had a more satisfactory
answer.


*sigh* which are linux only...

Thank you, I totally forgot that M had a forked policy format.




On Tue, May 10, 2016 at 12:14 PM Joshua Brindle<[email protected]>
wrote:


I have the sepolicy file from a GS7 and using aosp 6.0.1_r43 libsepol
it parses fine:

$ ./darwin-x86/bin/checkpolicy sepolicy  -b -d -M
./darwin-x86/bin/checkpolicy:  loading policy configuration from sepolicy
libsepol.policydb_index_others: security:  1 users, 2 roles, 525 types, 0
bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security:  87 classes, 4783 rules, 0 cond
rules
./darwin-x86/bin/checkpolicy:  policy configuration loaded

However, on master it fails in avtab_read. I added a log statement to
print out the key and it is definitely wrong:

$ ~/master/checkpolicy sepolicy -b -d -M
/Users/brindle/setools/checkpolicy:  loading policy configuration from
sepolicy
libsepol.avtab_read_item: more than one specifier
libsepol.avtab_read_item: Entry: 18433 4353 0 35073 has 2 entries

The format of the log was:

ERR(fp->handle, "Entry: %d %d %d %d has %d entries", key.source_type,
key.target_type, key.target_class, key.specified, set);

So that shows specified as 35073 which is definitely wrong.

The only changes I see in avtab.c from 6.0.1 to master look like
changes from xperms to ops (variable changes). Is there something else
that could cause this?
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].





_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to 
[email protected].

Reply via email to