From 67948aa62f61d458f7bedae5a2201c1859b62567 Mon Sep 17 00:00:00 2001
From: "sanghyeok.oh" <sanghyeok.oh@samsung.com>
Date: Wed, 23 Oct 2019 20:13:34 +0900
Subject: [PATCH] policychecker: print error related information

Change-Id: I07dbeffd02cf67f98ec0363b7b4aaa55e8f34e02
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
---
 policychecker/check.in | 158 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 152 insertions(+), 6 deletions(-)

diff --git a/policychecker/check.in b/policychecker/check.in
index 393785a..d451840 100755
--- a/policychecker/check.in
+++ b/policychecker/check.in
@@ -12,6 +12,7 @@ sub_conf_path=("system.d" "session.d")
 bus_type=-1
 config_file=-1
 checker_include_all=0
+verbose_mode=0
 schema_file="$checker_dir/rules.xsl"
 
 system_privileges_file="$tmpdir/privileges_system"
@@ -31,13 +32,14 @@ usage() {
 	echo -e "\tfilename    dbus policy configuration file"
 	echo -e "\t-s          system bus"
 	echo -e "\t-u          session bus"
+	echo -e "\t-d          enable verbose mode"
 	echo -e "\t-v          include every iso xsls"
 	echo -e "\t-p          enable profile mode"
 }
 
 # use "checker opt + config-file"
 # getopts doesn't support - "checker config-file + opt"
-while getopts :suvp opt
+while getopts :sudvp opt
 do	case "$opt" in
 	s)	if [ $bus_type -eq -1 ]; then
 			bus_type=0
@@ -49,8 +51,11 @@ do	case "$opt" in
 			echo "check session bus"
 		fi
 		;;
-	v)	checker_include_all=1
-		echo "use iso_dsdl_include.xsl"
+	d)	echo "enable verbose mode"
+		verbose_mode=1
+		;;
+	v)	echo "include every xsl. iso_dsdl_include.xsl"
+		checker_include_all=1
 		;;
 	p)	echo "enable profile mode"
 		xslt_processor="$xslt_processor --profile"
@@ -141,23 +146,164 @@ function check_policy_file(){
 	echo
 }
 
+# print_matched_xml (str filename, int policyindex, str allow/deny, int allowindex)
+# print_matched_xml "$filename" $policy "" 0
+function print_matched_xml(){
+	local cnt_policy=0
+	local cnt_allow=0
+	local cnt_deny=0
+	local filename="$1"
+	local policy_index=$2
+	local allowdeny="$3"
+	local allow_index=$4
+	local found_policy_tag=0
+	local print_to_end=0
+	local line_cnt=0
+	local is_comment=0
+	local reg1="^[[:blank:]]*<!--.*$"
+	local reg2="^[[:blank:]]*<!--.*-->[[:blank:]]*$"
+	local reg3="^.*-->[[:blank:]]*$"
+	local reg_start_allow="^[[:blank:]]*<$allowdeny.*$"
+	local reg_end_tag=".*/>[[:blank:]]*$"
+	local reg_start_policy="^[[:blank:]]*<policy.*$"
+	local reg_end_policy="^.*</policy[[:blank:]]*>[[:blank:]]*$"
+
+	#echo "printline: $filename $policy_index $allowdeny $allow_index"
+	while IFS= read -r line
+	do
+		line_cnt=$((line_cnt+1))
+
+		# ignore comment
+		if [ $is_comment -eq 1 ]; then
+			if [[ $line =~ $reg3 ]]; then
+				is_comment=0
+			fi
+			continue
+		fi
+		# ignore comment
+		if [[ $line =~ $reg1 ]]; then
+			if [[ ! $line =~ $reg2 ]]; then
+				is_comment=1
+			fi
+			continue
+		fi
+
+		# print multiple line
+		if [ $print_to_end -eq 1 ]; then
+			echo "$filename:$line_cnt: $line"
+			if [[ "$line" =~ $reg_end_tag ]]; then
+				print_to_end=0
+			fi
+			continue
+		fi
+
+		# end of policy
+		if [ -z "$allowdeny" ] && [ $found_policy_tag -eq 1 ]; then
+			echo "$filename:$line_cnt: $line"
+			if [[ "$line" =~ $reg_end_policy ]]; then
+				break
+			fi
+			continue
+		fi
+
+		# is matched policy ?
+		if [[ "$line" =~ $reg_start_policy ]]; then
+			cnt_policy=$((cnt_policy+1))
+			cnt_allow=0
+			cnt_deny=0
+			found_policy_tag=0
+			if [ $cnt_policy -eq $policy_index ]; then
+				echo "$filename:$line_cnt: $line"
+				found_policy_tag=1
+			fi
+			continue
+		fi
+
+		if [ $found_policy_tag -eq 0 ]; then
+			continue
+		fi
+
+		# find matched allow or deny
+		if [[ "$line" =~ $reg_start_allow ]]; then
+			cnt_allow=$((cnt_allow+1))
+			if [ $allow_index -eq 0 ] || [ $cnt_allow -eq $allow_index ]; then
+				echo "$filename:$line_cnt: $line"
+				if [[ ! "$line" =~ $reg_end_tag ]]; then
+					print_to_end=1
+					continue
+				fi
+			fi
+		fi
+	done < "$filename"
+}
+
+# print_err_info (str filename, str line)
+function print_err_info(){
+	local filename=$1
+	local line=$2
+	local ipolicy=0
+	local allowdeny=0
+	local iallowdeny=0
+
+	# line contain a word 'policy' ? "FAILED(assert) at /busconfig/policy[1]/allow[1] ..."
+	if [[ "$line" =~ ^(FAILED).*/policy(\[([0-9]{1,2})\])?(/(allow|deny)(\[([0-9]{1,2})\])?)?[[:blank:]]+.*$ ]]; then
+		ipolicy=${BASH_REMATCH[3]}
+		allowdeny=${BASH_REMATCH[5]}
+		if [ ! -z ${BASH_REMATCH[7]} ]; then
+			iallowdeny=${BASH_REMATCH[7]}
+		fi
+
+		print_matched_xml "$filename" $ipolicy "$allowdeny" $iallowdeny
+		echo ""
+		return
+	fi
+
+	echo "$line"
+}
+
+function verbose_mode(){
+	local filename=$1
+	local result=$2
+
+	IFS=$'\n'
+	lines=($result)
+	IFS=' '
+	for line in "${lines[@]}"; do
+		echo $line
+		if [[ "$line" =~ ^(FAILED).*$ ]]; then
+			print_err_info "$filename" "$line"
+		fi
+	done
+}
+
 function check_policy_dir() {
 	for d in "${conf_path[@]}"; do
 		echo "$d/${sub_conf_path[$bus_type]}"
 		target_path="$d/${sub_conf_path[$bus_type]}/*.conf"
-
 		for f in $target_path; do
 			if [ -f $f ]; then
-				check_policy_file "$f"
+				result=$(check_policy_file "$f")
+				if [ $verbose_mode -eq 1 ]; then
+					verbose_mode "$f" "$result"
+				else
+					echo "$result"
+				fi
 			fi
 		done
 	done
 }
 
 if [ $bus_type -eq -1 ]; then
-	check_policy_file "$config_file"
+	#check_policy_file "$config_file"
+	result=$(check_policy_file "$config_file")
+	if [ $verbose_mode -eq 1 ]; then
+		verbose_mode "$config_file" "$result"
+	else
+		echo "$result"
+	fi
 else
 	check_policy_dir
 fi
 
 exit 0
+
-- 
2.34.1