3 USERTYPE_POLICY_PATH=/usr/share/security-manager/policy
5 # Create default buckets
6 while read bucket default_policy
8 # Reuse the primary bucket for PRIVACY_MANAGER bucket
9 [ "$bucket" = "PRIVACY_MANAGER" ] && bucket=""
10 cyad --set-bucket="$bucket" --type="$default_policy"
18 # Link buckets together
19 while read bucket_src bucket_dst
21 # Reuse the main bucket for PRIVACY_MANAGER bucket
22 [ "$bucket_src" = "PRIVACY_MANAGER" ] && bucket_src=""
23 cyad --set-policy --client="*" --user="*" --privilege="*" --type=BUCKET \
24 --bucket="$bucket_src" --metadata="$bucket_dst"
30 # Import user-type policies
31 find "$USERTYPE_POLICY_PATH" -name "usertype-*.profile" |
34 bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\U\1|'`"
36 # Re-create the bucket with empty contents
37 cyad --delete-bucket=$bucket || true
38 cyad --set-bucket=$bucket --type=DENY
40 # Link the bucket to ADMIN bucket
41 cyad --set-policy --client="*" --user="*" --privilege="*" --type=BUCKET \
42 --bucket="$bucket" --metadata="ADMIN"
45 while read app privilege
47 user="*" # Match any user id
48 policy="0xFFFF" # ALLOW (FIXME: cyad should parse policy names, not numeric values)
49 printf '%s;%s;%s;%s;%s;\n' "$bucket" "$user" "$app" "$privilege" "$policy"
51 cyad --set-policy --bulk=-
54 # Non-application programs get access to all privileges
55 for client in User System
57 cyad --set-policy --bucket=MAIN --client="$client" --user="*" --privilege="*" --type=ALLOW