#!/bin/bash set -e # Generate the amend policy in cil format. echo "(type foo)" > test_sepolicy.cil echo "(typeattribute bar)" >> test_sepolicy.cil echo "(typeattributeset bar (foo))" >> test_sepolicy.cil echo "(allow foo bar (file (read)))" >> test_sepolicy.cil # Generate the definitions file containing (re)definitions of existing types/classes/attributes, and # of preliminary symbols. This file is needed by seamendc to successfully parse the CIL policy. echo "(sid test)" > definitions.cil echo "(sidorder (test))" >> definitions.cil echo "(class file (read))" >> definitions.cil echo "(classorder (file))" >> definitions.cil # Compile binary and amend policies using secilc. ./secilc -m -M true -G -N -c 30 \ -o sepolicy+test-secilc.binary \ plat_sepolicy.cil \ plat_pub_versioned.cil \ system_ext_sepolicy.cil \ product_sepolicy.cil \ vendor_sepolicy.cil \ odm_sepolicy.cil \ test_sepolicy.cil # Compile binary policy and use seamendc to amend the binary file. ./secilc -m -M true -G -N -c 30 \ -o sepolicy.binary \ plat_sepolicy.cil \ plat_pub_versioned.cil \ system_ext_sepolicy.cil \ product_sepolicy.cil \ vendor_sepolicy.cil \ odm_sepolicy.cil ./seamendc -vv \ -o sepolicy+test-seamendc.binary \ -b sepolicy.binary \ test_sepolicy.cil definitions.cil # Diff the generated binary policies. ./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-secilc.binary \ -s foo > secilc.diff ./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-seamendc.binary \ -s foo > seamendc.diff diff secilc.diff seamendc.diff ./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-secilc.binary \ -t foo > secilc.diff ./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-seamendc.binary \ -t foo > seamendc.diff diff secilc.diff seamendc.diff