On Fri, 2017-05-19 at 16:52 +0900, HAN wrote: > Dear All, > > I'm doing a SEAndroid in my company and have one question. > Our developers add SEAndroid policies for their own function oftenly. > > However, they don't know whether the policies are violated neverallow > or not. > Since our environment is slows to build kernel, I want to suggest a > check their policies before pushing to our repository. > > So I want to apply a system which verifies entered policies and > return the neverallow checking result. > > Is there any tool for this? > > I've checked a "sepolicy-analyze" tool, but looks like it checks a > sepolicy binary > for checking neverallow, not raw allow rules. > > > Any response will be greatly appreciated and hope you have a great > day.
Sorry, I don't follow. All they have to do is test building the policy; any neverallow failures will be caught at build time. mmm -B system/sepolicy