diff options
| author | Hyotaek Shim <hyotaek.shim@samsung.com> | 2019-01-18 10:30:46 +0900 |
|---|---|---|
| committer | Hyotaek Shim <hyotaek.shim@samsung.com> | 2019-01-18 10:31:13 +0900 |
| commit | 36f3d3141e6ce6ebe158fea1a017f18532609714 (patch) | |
| tree | 8391fc11240b89a37d3bd02de434f126d1df6428 | |
| parent | 8a319b954da462d88ecb9ede814c34f0087c639b (diff) | |
| parent | ad3c7e33fd56d6ec8e07099392aad9ea02524a0c (diff) | |
| download | dbus-tools-accepted/tizen_5.0_unified.tar.gz dbus-tools-accepted/tizen_5.0_unified.tar.bz2 dbus-tools-accepted/tizen_5.0_unified.zip | |
Merge branch 'tizen' into tizen_5.0submit/tizen_5.0/20190118.024626submit/tizen_5.0/20190118.014615accepted/tizen/5.0/unified/20190123.074212accepted/tizen_5.0_unified
Change-Id: Iabc81eb66c676fd0f257c750aa35e1d635ca3824
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
| -rwxr-xr-x | policychecker/check.in | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/policychecker/check.in b/policychecker/check.in index 63f37fd..fd3af57 100755 --- a/policychecker/check.in +++ b/policychecker/check.in @@ -11,6 +11,7 @@ schema_file="$checker_dir/rules.xsl" system_privileges_file="$tmpdir/privileges_system" conf_privileges_file="$tmpdir/privileges_conf" +cynara_db="/var/cynara/db" cleanup() { rm -rf $tmpdir @@ -29,14 +30,29 @@ if [ ! -f $config_file ]; then exit 1 fi -if [ ! -d /var/cynara/db ]; then +if [ ! -d $cynara_db ]; then echo "Cynara database not found" exit 1 fi +# Cynara privilege formats can be various. +# For example, +# SR: http://tizen.org/privilege/${privilege_name} +# DA: http://samsung.com/tizen/privilege/${privilege_name} +# IM: http://developer.samsung.com/tizen/privilege/${privilege_name} +# VD: http://developer.samsung.com/privilege/${privilege_name} +PRIVILEGES=" +http://tizen.org/privilege +http://samsung.com/tizen/privilege +http://developer.samsung.com/tizen/privilege +http://developer.samsung.com/privilege +" + # TEST 1/3: check cynara privileges existence (there are too many to perform this check using xsltproc) -grep "http://tizen.org/privilege" /var/cynara/db/* | sed -e "s/;[^;]*;$//g" -e "s/.*http/http/g" | uniq > $system_privileges_file -$xslt_processor $checker_dir/extract_privilege.xsl $config_file | uniq > $conf_privileges_file +for p in $PRIVILEGES; do + grep $p $cynara_db/* | cut -d\; -f3 | sort -u >> $system_privileges_file +done +$xslt_processor $checker_dir/extract_privilege.xsl $config_file | sort -u > $conf_privileges_file grep -Fxv -f $system_privileges_file $conf_privileges_file | while read line ; do echo "FAILED(cynara) no privilege in cynara db: $line" ; exit 1; done # TEST 2/3: check allow/deny duplicates (impossible to do directly with xpath 1.0, I don't know how to embed it into schematron config) |