Dominick Grift wrote: <snip>
The idea is nice, unfortunately its inflexible and it has hard-references to reference policy all-over. It has potential but it is still rough.
Of course, it is an analysis of a refpolicy-based policy. If you want to analyze a different policy (e.g., Android or home-rolled) you will have to change out all of the type sets, etc.
You can't make a magic generic analysis script without knowing how key parts of the system work and what types are associated with those components.
