PRIVACY_WHITELIST_CSV="$PRIVILEGE_DB_DIR""privacy_whitelist.csv"
PRIVILEGE_GROUP_MAPPING_LIST="$PRIVILEGE_DB_DIR""privilege-group.list"
+SECURITY_MANAGER_DB=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
+
UPDATE_ALL="false"
UPDATE_POLICY="false"
Add new privilege mapping information with update-option m or mapping.
Bulk file
For bulk update, prepare .csv file with following columns:
- package_type,privilege_name,api_version_from,api_version_to,mapped_privilege_name
+ package_type,privilege_name,from_api_version,to_api_version,mapped_privilege_name
All field must be filled.
[*]-f, --file Bulk file path.
[*]-u, --usertype User type. Use '*' to update all usertypes.
exit
}
+function policy_load {
+ find "$SECURITY_MANAGER_POLICY_DIR" -name "usertype-*.profile" |
+ while read file
+ do
+ bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\1|' | tr '[:lower:]' '[:upper:]'`"
+
+ grep -v ^\' $file |
+ while read app privilege
+ do
+ user="*" # Match any user id
+ policy="0xFFFF" # ALLOW (FIXME: cyad should parse policy names, not numeric values)
+ printf '%s;%s;%s;%s;%s;\n' "$bucket" "$user" "$app" "$privilege" "$policy"
+ done |
+ cyad --set-policy --bulk=-
+ done
+
+}
+
+function gid_mapping {
+ (
+ echo "BEGIN;"
+ echo "DELETE FROM privilege_group;"
+ grep -v '^#' "$SECURITY_MANAGER_GROUP_MAPPING_FILE" |
+ while read privilege group
+ do
+ echo "INSERT INTO privilege_group (privilege_name, group_name) VALUES ('$privilege', '$group');"
+ done
+ echo "COMMIT;"
+ ) | sqlite3 "$SECURITY_MANAGER_DB"
+}
+
function add_privilege_info {
local mode bulkfile privilege level level_id display description group group_id packagetype packagetype_id
local privacy="N/A" is_privacy=0 documented="yes"
printUsage "usertype"
fi
done
+ else
+ usertype=$(join , $(ls $SECURITY_MANAGER_POLICY_DIR | grep usertype | cut -d '-' -f2 | cut -d '.' -f1))
fi
elif [ "${input[x]}" == "-p" ] || [ "${input[x]}" == "--privilege" ]
then
checkUpdateResult
- if [ "$usertype" == "*" ]; then
- IFS=$'\r\n ' read -r -a usertypes <<< `ls $SECURITY_MANAGER_POLICY_DIR | grep usertype | cut -d '-' -f2 | cut -d '.' -f1`
- else
- IFS=',' read -r -a usertypes <<< "$usertype"
- fi
+ IFS=',' read -r -a usertypes <<< "$usertype"
+
local userbucket_update=0
for userbucket in "${usertypes[@]}"
do
done
if [ $userbucket_update -gt 0 ]; then
if [ "$UPDATE_ALL" == "false" ]; then
- security-manager-policy-reload
+ policy_load
else
UPDATE_POLICY="true"
fi
checkUpdateResult
- if [ "$2" == "*" ]; then
- IFS=$'\r\n ' read -r -a usertypes <<< `ls $SECURITY_MANAGER_POLICY_DIR | grep usertype | cut -d '-' -f2 | cut -d '.' -f1`
- else
- IFS=',' read -r -a usertypes <<< "$2"
- fi
+ IFS=',' read -r -a usertypes <<< "$2"
local userbucket_update=0
for userbucket in "${usertypes[@]}"
done
if [ $userbucket_update -gt 0 ]; then
if [ "$UPDATE_ALL" == "false" ]; then
- security-manager-policy-reload
+ policy_load
else
UPDATE_POLICY="true"
fi
printUsage
fi
if [ "$UPDATE_ALL" == "false" ]; then
- security-manager-policy-reload
+ gid_mapping
else
UPDATE_POLICY="true"
fi
fi
if [ "$UPDATE_POLICY" == "true" ]
then
- security-manager-policy-reload
+ policy_load
+ gid_mapping
fi
elif [ "$1" == "-h" ] || [ "$1" == "--help" ]
then