Hi Han, if I understand your question correctly, you can solve your problem by using the "user_neverallows" plugin of our SELint tool [0].
Specifically you should write your neverallow rules in the plugins/config/user_neverallows.py file, and then run the tool: $ selint -c your-config.py -w user_neverallows You can follow the installation and configuration instructions in our GitHub repo [0]. Regards, Filippo [0] https://github.com/seandroid-analytics/selint On 05/19/2017 10:52 AM, HAN wrote: > > Dear All, > > > I'm doing a SEAndroid in my company and have one question. > > Our developers add SEAndroid policies for their own function oftenly. > > > However, they don't know whether the policies are violated neverallow > or not. > > Since our environment is slows to build kernel, I want to suggest a > check their policies before pushing to our repository. > > > So I want to apply a system which verifies entered policies and return > the neverallow checking result. > > > Is there any tool for this? > > > I've checked a "sepolicy-analyze" tool, but looks like it checks a > sepolicy binary > > for checking neverallow, not raw allow rules. > > > > Any response will be greatly appreciated and hope you have a great day. > > > Thanks. > > HAN >
