policychecker: add option(--system --session)

Change-Id: Idf5d2cbbb0173461a609fa7e323b82e31e9618e7
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>

diff --git a/policychecker/check.in b/policychecker/check.in
index 5b64e2b66e590535f09b8376020fc30137156e2a..3e5b6ecf73bd59fa86e2413af975c2da36d2e21f 100755 (executable)
--- a/policychecker/check.in
+++ b/policychecker/check.in
@@ -4,9 +4,13 @@ PATH="/usr/bin:/bin:/usr/sbin:/sbin"
 set -e
 
 xslt_processor="xsltproc --nonet --novalid --maxdepth 25000"
+#xslt_processor="xsltproc --nonet --novalid --maxdepth 25000 --profile"
 tmpdir=`mktemp -d`
 checker_dir="@datadir@/dbus-tools/policychecker"
 schematron_dir="@datadir@/dbus-tools/policychecker/xslt"
+conf_path=("/usr/share/dbus-1" "/etc/dbus-1")
+sub_conf_path=("system.d" "session.d")
+bus_type=-1
 config_file=$1
 schema_file="$checker_dir/rules.xsl"
 
@@ -26,7 +30,11 @@ if [ "$#" -ne 1 ]; then
        exit 1
 fi
 
-if [ ! -f $config_file ]; then
+if [ $config_file == "--system" ]; then
+       bus_type=0
+elif [ $config_file == "--session" ]; then
+       bus_type=1
+elif [ ! -f $config_file ]; then
        echo "config file does not exist"
        exit 1
 fi
@@ -49,37 +57,63 @@ http://developer.samsung.com/tizen/privilege
 http://developer.samsung.com/privilege
 "
 
-# TEST 1/3: check cynara privileges existence (there are too many to perform this check using xsltproc)
 for p in $PRIVILEGES; do
        grep $p $cynara_db/* | cut -d\; -f3 | sort -u >> $system_privileges_file
 done
-$xslt_processor $checker_dir/extract_privilege.xsl $config_file | sort -u > $conf_privileges_file
-grep -Fxv -f $system_privileges_file $conf_privileges_file | while read line ; do echo "FAILED(cynara) no privilege in cynara db: $line" ; exit 1; done
 
-# TEST 2/3: check allow/deny duplicates (impossible to do directly with xpath 1.0, I don't know how to embed it into schematron config)
-$xslt_processor $checker_dir/same.xsl $config_file
+function check_policy_file(){
+       config_file="$1"
 
-# TEST 3/3: apply schematron rules
+       echo "Checking D-Bus policy file: $config_file"
 
-# build a test (@user = x or @user = y or ...) at runtime
-prepare_test() {
-       echo $(getent $1 | sort -r | awk -F: '{entries[n++] = $1} END { while (n>0) {printf "@'"$2"' = '\''%s'\''%s", entries[n-1], (n > 1 ? " or " : ""); n--} }')
-}
+       # TEST 1/3: check cynara privileges existence (there are too many to perform this check using xsltproc)
+       $xslt_processor $checker_dir/extract_privilege.xsl $config_file | sort -u > $conf_privileges_file
+       grep -Fxv -f $system_privileges_file $conf_privileges_file | while read line ; do echo "FAILED(cynara) no privilege in cynara db: $line" ; exit 1; done
+
+       # TEST 2/3: check allow/deny duplicates (impossible to do directly with xpath 1.0, I don't know how to embed it into schematron config)
+       $xslt_processor $checker_dir/same.xsl $config_file
+
+       # TEST 3/3: apply schematron rules
 
-users_test=$(prepare_test passwd user)
-groups_test=$(prepare_test group group)
+       # build a test (@user = x or @user = y or ...) at runtime
+       prepare_test() {
+               echo $(getent $1 | sort -r | awk -F: '{entries[n++] = $1} END { while (n>0) {printf "@'"$2"' = '\''%s'\''%s", entries[n-1], (n > 1 ? " or " : ""); n--} }')
+       }
 
-tmpname="$tmpdir/$(basename $schema_file)"
+       users_test=$(prepare_test passwd user)
+       groups_test=$(prepare_test group group)
 
-cat $schema_file | sed -e "s/USERS_TEST/$users_test/g" -e "s/GROUPS_TEST/$groups_test/g" > $tmpname.0
+       tmpname="$tmpdir/$(basename $schema_file)"
 
-$xslt_processor $schematron_dir/iso_dsdl_include.xsl $tmpname.0 > $tmpname.1
-$xslt_processor $schematron_dir/iso_abstract_expand.xsl $tmpname.1 > $tmpname.2
-$xslt_processor $schematron_dir/iso_svrl_for_xslt1.xsl $tmpname.2 > $tmpname.3
-$xslt_processor $tmpname.3 $config_file > $tmpname.4
-$xslt_processor $checker_dir/report.xsl $tmpname.4
+       cat $schema_file | sed -e "s/USERS_TEST/$users_test/g" -e "s/GROUPS_TEST/$groups_test/g" > $tmpname.0
 
-# end-of-output, a new line for pretty printing
-echo
+       $xslt_processor $schematron_dir/iso_dsdl_include.xsl $tmpname.0 > $tmpname.1
+       $xslt_processor $schematron_dir/iso_abstract_expand.xsl $tmpname.1 > $tmpname.2
+       $xslt_processor $schematron_dir/iso_svrl_for_xslt1.xsl $tmpname.2 > $tmpname.3
+       $xslt_processor $tmpname.3 $config_file > $tmpname.4
+       $xslt_processor $checker_dir/report.xsl $tmpname.4
+
+       # end-of-output, a new line for pretty printing
+       echo
+}
+
+function check_policy_dir() {
+       for d in "${conf_path[@]}"; do
+               echo "$d/${sub_conf_path[$bus_type]}"
+               target_path="$d/${sub_conf_path[$bus_type]}/*.conf"
+
+               for f in $target_path; do
+                       if [ -f $f ]; then
+                               check_policy_file "$f"
+                       fi
+               done
+       done
+}
+
+if [ $bus_type -eq -1 ]; then
+       check_policy_file "$config_file"
+else
+       check_policy_dir
+fi
 
 exit 0