Alex Klyubin
authored
Empty typeset is not an issue in neverallow rules. The reason is that
it's completly normal for scontext or tcontext of neverallow rules to
evaluate to an empty type set. For example, there are neverallow rules
whose purpose is to test that all types with particular powers are
associated with a particular attribute:
neverallow {
untrusted_app_all
-untrusted_app
-untrusted_app_25
} domain:process fork;
Test: sepolicy-analyze neverallow -w -n \
'neverallow {} {}:binder call;'
produces empty output instead of "Warning! Empty type set"
Bug: 37357742
Change-Id: Id61b4fe22fafaf0522d8769dd4e23dfde6cd9f45| Name | Last commit | Last update |
|---|---|---|
| .. | ||
| fc_sort | ||
| sepolicy-analyze | ||
| Android.mk | ||
| README | ||
| check_seapp.c | ||
| checkfc.c | ||
| insertkeys.py | ||
| post_process_mac_perms | ||
| sepolicy-check.c | ||
| version_policy.c | ||
| whitespace.sh | ||