From ad3c7e33fd56d6ec8e07099392aad9ea02524a0c Mon Sep 17 00:00:00 2001 From: Adrian Szyndela Date: Thu, 4 Oct 2018 10:44:17 +0200 Subject: [PATCH] policychecker: simplified field selection Privilege field selection was selected using two seds, but it is sufficient to use one cut, as it is suited precisely for such tasks. Additionally, minor improvements: - removed array in favor of space separated string to avoid bash dependency; - added call to sort for uniq to work properly; - introduced a variable for cynara database path. Change-Id: Ica9455cc14f714a2fe0acbea7fe019d067cbf9eb --- policychecker/check.in | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/policychecker/check.in b/policychecker/check.in index 325572f..acb559b 100755 --- a/policychecker/check.in +++ b/policychecker/check.in @@ -11,6 +11,7 @@ schema_file="$checker_dir/rules.xsl" system_privileges_file="$tmpdir/privileges_system" conf_privileges_file="$tmpdir/privileges_conf" +cynara_db="/var/cynara/db" cleanup() { rm -rf $tmpdir @@ -29,7 +30,7 @@ if [ ! -f $config_file ]; then exit 1 fi -if [ ! -d /var/cynara/db ]; then +if [ ! -d $cynara_db ]; then echo "Cynara database not found" exit 1 fi @@ -40,16 +41,18 @@ fi # DA: http://samsung.com/tizen/privilege/${privilege_name} # IM: http://developer.samsung.com/tizen/privilege/${privilege_name} # VD: http://developer.samsung.com/privilege/${privilege_name} -PRIVILEGES=("http://tizen.org/privilege" - "http://samsung.com/tizen/privilege" - "http://developer.samsung.com/tizen/privilege" - "http://developer.samsung.com/privilege") +PRIVILEGES=" +http://tizen.org/privilege +http://samsung.com/tizen/privilege +http://developer.samsung.com/tizen/privilege +http://developer.samsung.com/privilege +" # TEST 1/3: check cynara privileges existence (there are too many to perform this check using xsltproc) -for p in ${PRIVILEGES[@]}; do - grep $p /var/cynara/db/* | sed -e "s/;[^;]*;$//g" -e "s/.*http/http/g" | uniq >> $system_privileges_file +for p in $PRIVILEGES; do + grep $p $cynara_db/* | cut -d\; -f3 | sort -u >> $system_privileges_file done -$xslt_processor $checker_dir/extract_privilege.xsl $config_file | uniq > $conf_privileges_file +$xslt_processor $checker_dir/extract_privilege.xsl $config_file | sort -u > $conf_privileges_file grep -Fxv -f $system_privileges_file $conf_privileges_file | while read line ; do echo "FAILED(cynara) no privilege in cynara db: $line" ; exit 1; done # TEST 2/3: check allow/deny duplicates (impossible to do directly with xpath 1.0, I don't know how to embed it into schematron config) -- 2.34.1