SELinux syntax error问题定位

在修改或新增Android SELinux时偶尔会出现语法错误(syntax error)，如下

device/qcom/sepolicy/msm8952/system_app.te:3 'syntax error' at token 'allow' on line 33320

由于在编译过程中SELinux报的错误有时并不是实际问题出现的位置，因此导致有时SELinux语法错误很难定位。

事实上，在编译过程中，是通过如下命令对SELinux进行检查的：

/bin/bash -c "(out/host/linux-x86/bin/checkpolicy -M -c 30 -o out/target/product/msm8952/obj/ETC/sepolicy_intermediates/sepolicy.tmp out/target/product/msm8952/obj/ETC/sepolicy_intermediates/policy.conf ) && (out/host/linux-x86/bin/checkpolicy -M -c 30 -o out/target/product/msm8952/obj/ETC/sepolicy_intermediates/sepolicy.dontaudit out/target/product/msm8952/obj/ETC/sepolicy_intermediates/policy.conf.dontaudit ) && (out/host/linux-x86/bin/sepolicy-analyze out/target/product/msm8952/obj/ETC/sepolicy_intermediates/sepolicy.tmp permissive > out/target/product/msm8952/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ) && (if [ \"eng\" = \"user\" -a -s out/target/product/msm8952/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains ]; then        echo \"==========\" 1>&2;       echo \"ERROR: permissive domains not allowed in user builds\" 1>&2;         echo \"List of invalid domains:\" 1>&2;         cat out/target/product/msm8952/obj/ETC/sepolicy_intermediates/sepolicy.permissivedomains 1>&2;      exit 1;         fi ) && (mv out/target/product/msm8952/obj/ETC/sepolicy_intermediates/sepolicy.tmp out/target/product/msm8952/obj/ETC/sepolicy_intermediates/sepolicy )"

从上述命令可以看出checkpolicy命令是对out/target/product/msm8952/obj/ETC/sepolicy_intermediates/policy.conf这个文件进行语法检查的，打开policy.conf可以看到所有的SELinux配置最终都汇总到policy.conf中，因此为了解决“syntax error”问题，我们只需要在policy.conf搜索编译过程中报的出错语句（如device/qcom/sepolicy/msm8952/system_app.te:3），并在policy.conf中检查其周围的语句即可定位是哪一个SELinux配置语句导致的syntax error。