tools: add policy secret option

Adds the option --secret <handle> to insert a reliance on the
authorization of the object named by <handle> in the policy.  This has
implications for emptyAuth because if the PolicySecret statement
appears in the policy, it must be set (meaning we can no longer
condition this on auth being NULL).

Signed-off-by: James Bottomley <>
8 files changed