property_contexts checks added to checkfc.

Change-Id: If361ea93fabd343728196eed2663fd572ecaa70b
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>

Android.mk

@@ -122,7 +122,6 @@ $(LOCAL_BUILT_MODULE) : $(seapp_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECU
 	$(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $<
 
 seapp_contexts.tmp :=
-built_sepolicy :=
 ##################################
 include $(CLEAR_VARS)
 
@@ -133,12 +132,16 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
 
 include $(BUILD_SYSTEM)/base_rules.mk
 
-property_contexts := $(intermediates)/property_contexts
-$(property_contexts): $(call build_policy, property_contexts)
+ALL_PC_FILES := $(call build_policy, property_contexts)
+
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE):  $(ALL_PC_FILES) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
 	@mkdir -p $(dir $@)
-	$(hide) m4 -s $^ > $@
+	$(hide) m4 -s $(ALL_PC_FILES) > $@
+	$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
 
 property_contexts :=
+built_sepolicy :=
 ##################################
 
 ##################################

tools/checkfc.c

@@ -1,3 +1,4 @@
+#include <getopt.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <sepol/sepol.h>
@@ -16,43 +17,77 @@ static int validate(char **contextp)
   return 0;
 }
 
+static void usage(char *name) {
+    fprintf(stderr, "usage:  %s [OPTIONS] sepolicy context_file\n\n", name);
+    fprintf(stderr, "Parses a context file and checks for syntax errors.\n");
+    fprintf(stderr, "The context_file is assumed to be a file_contexts file\n");
+    fprintf(stderr, "unless explicitly switched by an option.\n\n");
+    fprintf(stderr, "    OPTIONS:\n");
+    fprintf(stderr, "     -p : context file represents a property_context file.\n");
+    fprintf(stderr, "\n");
+    exit(1);
+}
+
 int main(int argc, char **argv)
 {
   struct selinux_opt opts[] = {
     { SELABEL_OPT_VALIDATE, (void*)1 },
     { SELABEL_OPT_PATH, NULL }
   };
+
+  // Default backend unless changed by input argument.
+  unsigned int backend = SELABEL_CTX_FILE;
+
   FILE *fp;
   struct selabel_handle *sehnd;
+  char c;
 
-  if (argc != 3) {
-    fprintf(stderr, "usage:  %s policy file_contexts\n", argv[0]);
-    exit(1);
+  while ((c = getopt(argc, argv, "ph")) != -1) {
+    switch (c) {
+      case 'p':
+        backend = SELABEL_CTX_ANDROID_PROP;
+        break;
+      case 'h':
+      default:
+        usage(argv[0]);
+        break;
+    }
   }
 
-  fp = fopen(argv[1], "r");
+  int index = optind;
+  if (argc - optind != 2) {
+    fprintf(stderr, "Expected sepolicy file and context file as arguments.\n");
+    usage(argv[0]);
+  }
+
+  // remaining args are sepolicy file and context file
+  char *sepolicyFile = argv[index];
+  char *contextFile = argv[index + 1];
+
+  fp = fopen(sepolicyFile, "r");
   if (!fp) {
-    perror(argv[1]);
+    perror(sepolicyFile);
     exit(2);
   }
   if (sepol_set_policydb_from_file(fp) < 0) {
-    fprintf(stderr, "Error loading policy from %s\n", argv[1]);
+    fprintf(stderr, "Error loading policy from %s\n", sepolicyFile);
     exit(3);
   }
 
   selinux_set_callback(SELINUX_CB_VALIDATE,
                        (union selinux_callback)&validate);
 
+  opts[1].value = contextFile;
 
-  opts[1].value = argv[2];
-  sehnd = selabel_open(SELABEL_CTX_FILE, opts, 2);
+  sehnd = selabel_open(backend, opts, 2);
   if (!sehnd) {
-    fprintf(stderr, "Error loading file contexts from %s\n", argv[2]);
+    fprintf(stderr, "Error loading context file from %s\n", contextFile);
     exit(4);
   }
   if (nerr) {
-    fprintf(stderr, "Invalid file contexts found in %s\n", argv[2]);
+    fprintf(stderr, "Invalid context file found in %s\n", contextFile);
     exit(5);
   }
+
   exit(0);
 }