Re: How to check a neverallow for a single allow rule?

On Fri, May 19, 2017 at 6:09 AM, Stephen Smalley wrote: > On Fri, 2017-05-19 at 16:52 +0900, HAN wrote: >> Dear All, >> >> I'm doing a SEAndroid in my company and have one question. >> Our developers add SEAndroid policies for their own function oftenly. >> >> However, they

Re: How to check a neverallow for a single allow rule?

On Fri, 2017-05-19 at 16:52 +0900, HAN wrote: > Dear All, > > I'm doing a SEAndroid in my company and have one question. > Our developers add SEAndroid policies for their own function oftenly. > > However, they don't know whether the policies are violated neverallow > or not. > Since our

Re: How to check a neverallow for a single allow rule?

Hi Han, if I understand your question correctly, you can solve your problem by using the "user_neverallows" plugin of our SELint tool [0]. Specifically you should write your neverallow rules in the plugins/config/user_neverallows.py file, and then run the tool: $ selint -c your-config.py -w

How to check a neverallow for a single allow rule?

Dear All, I'm doing a SEAndroid in my company and have one question. Our developers add SEAndroid policies for their own function oftenly. However, they don't know whether the policies are violated neverallow or not. Since our environment is slows to build kernel, I want to suggest a check