PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
23,444 Commits 17 Branches 0 Tags 42 MiB
1a3ee382ec
Commit Graph

7 Commits

Author SHA1 Message Date
Stephen Hines
5c081803fc Ensure avrule is initialized. 
Bug: http://b/131390872
Test: Builds with -Wconditional-initialize
Change-Id: I14b9316ca392f299745342d61e4fd45ab8e9e307
 2019-05-08 17:14:34 -07:00
George Burgess IV
bf2f927019 Fix memory leaks 
This CL fixes leaks of the policy that we're building up. The analyzer
only caught the leaks on the error path, but I assume that
`check_assertions` does nothing to free the object that it's handed.

Analyzer warnings:

system/sepolicy/tools/sepolicy-analyze/neverallow.c:439:9: warning:
Potential leak of memory pointed to by 'avrule'
[clang-analyzer-unix.Malloc]

system/sepolicy/tools/sepolicy-analyze/neverallow.c:439:9: warning:
Potential leak of memory pointed to by 'neverallows'
[clang-analyzer-unix.Malloc]

Bug: None
Test: Treehugger; reran the analyzer
Change-Id: I79a0c34e8b53d33a1f01497337590eab660ad3ec
 2019-03-19 12:10:51 -07:00
Manoj Gupta
508db351a1 Merge "Fix static analyzer warnings." 
am: 4b547a1516

Change-Id: Id5b85ec29220cdbc15aab72ddf4dfbd2d4ef2fc7
 2017-08-02 02:47:37 +00:00
Manoj Gupta
3cdd4a4b0d Fix static analyzer warnings. 
Fix the following warnings:

system/sepolicy/tools/sepolicy-analyze/neverallow.c:346:9: warning:
Potential leak of memory pointed to by '__s1'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:346:9: warning:
Potential leak of memory pointed to by 'id'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:364:13: warning:
Potential leak of memory pointed to by 'classperms'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:364:13: warning:
Potential leak of memory pointed to by 'node'

Bug: b/27101951
Test:Warnings are gone.
Change-Id: Ib9b2e0b9f19950b4b764d438ee58340e6c022ef5
 2017-08-01 15:46:44 -07:00
Alex Klyubin
c60d3ea164 Do not warn about empty typesets in neverallows 
Empty typeset is not an issue in neverallow rules. The reason is that
it's completly normal for scontext or tcontext of neverallow rules to
evaluate to an empty type set. For example, there are neverallow rules
whose purpose is to test that all types with particular powers are
associated with a particular attribute:
  neverallow {
    untrusted_app_all
    -untrusted_app
    -untrusted_app_25
  } domain:process fork;

Test: sepolicy-analyze neverallow -w -n \
          'neverallow {} {}:binder call;'
      produces empty output instead of "Warning!  Empty type set"
Bug: 37357742
Change-Id: Id61b4fe22fafaf0522d8769dd4e23dfde6cd9f45
 2017-04-25 14:25:04 -07:00
dcashman
0de2b45f63 Adjust sepolicy-analyze to reflect libsepol changes. 
Commit dc0ab516f11d8e2c413315e733e25a41ba468e4f changed the libsepol
structures on which sepolicy-analyze relies so that it could be compiled
as a C++ library.  Reflect this change in sepolicy-analyze.

Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe
 2014-12-22 15:31:38 -08:00
dcashman
ef4fd30672 Accept command-line input for neverallow-check. 
Also, divide each sepolicy-analyze function into its own component for simplified
command-line parsing and potentially eventual modularization.

Bug: 18005561
Change-Id: I45fa07d776cf1bec7d60dba0c03ee05142b86c19
 2014-10-31 11:38:32 -07:00