-
Stephen Smalley authored
Usage: sepolicy-analyze -D -P out/target/product/<board>/root/sepolicy Displays duplicate allow rules, i.e. pairs of allow rules that grant the same permissions where one allow rule is written directly in terms of individual types and the other is written in terms of attributes associated with those same types. The rule with individual types is a candidate for removal. The rule with individual types may be directly represented in the source policy or may be a result of expansion of a type negation (e.g. domain -foo -bar is expanded to individual allow rules by the policy compiler). Domains with unconfineddomain will typically have such duplicate rules as a natural side effect and can be ignored. Also add a tools/README with a description of all of the tools. Change-Id: I07838dbd22c5cc8a4a65b57003ccae38129050f5 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>
bec54f42
