1#!/bin/bash 2set -e 3 4# Generate the amend policy in cil format. 5echo "(type foo)" > test_sepolicy.cil 6echo "(typeattribute bar)" >> test_sepolicy.cil 7echo "(typeattributeset bar (foo))" >> test_sepolicy.cil 8echo "(allow foo bar (file (read)))" >> test_sepolicy.cil 9 10# Generate the definitions file containing (re)definitions of existing types/classes/attributes, and 11# of preliminary symbols. This file is needed by seamendc to successfully parse the CIL policy. 12echo "(sid test)" > definitions.cil 13echo "(sidorder (test))" >> definitions.cil 14echo "(class file (read))" >> definitions.cil 15echo "(classorder (file))" >> definitions.cil 16 17# Compile binary and amend policies using secilc. 18./secilc -m -M true -G -N -c 30 \ 19 -o sepolicy+test-secilc.binary \ 20 plat_sepolicy.cil \ 21 plat_pub_versioned.cil \ 22 system_ext_sepolicy.cil \ 23 product_sepolicy.cil \ 24 vendor_sepolicy.cil \ 25 odm_sepolicy.cil \ 26 test_sepolicy.cil 27 28# Compile binary policy and use seamendc to amend the binary file. 29./secilc -m -M true -G -N -c 30 \ 30 -o sepolicy.binary \ 31 plat_sepolicy.cil \ 32 plat_pub_versioned.cil \ 33 system_ext_sepolicy.cil \ 34 product_sepolicy.cil \ 35 vendor_sepolicy.cil \ 36 odm_sepolicy.cil 37 38./seamendc -vv \ 39 -o sepolicy+test-seamendc.binary \ 40 -b sepolicy.binary \ 41 test_sepolicy.cil definitions.cil 42 43# Diff the generated binary policies. 44./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-secilc.binary \ 45 -s foo > secilc.diff 46./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-seamendc.binary \ 47 -s foo > seamendc.diff 48diff secilc.diff seamendc.diff 49 50./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-secilc.binary \ 51 -t foo > secilc.diff 52./searchpolicy --allow --libpath libsepolwrap.so sepolicy+test-seamendc.binary \ 53 -t foo > seamendc.diff 54diff secilc.diff seamendc.diff 55