diff options
author | sanghyeok.oh <sanghyeok.oh@samsung.com> | 2019-10-23 20:13:34 +0900 |
---|---|---|
committer | sanghyeok.oh <sanghyeok.oh@samsung.com> | 2019-10-25 14:51:13 +0900 |
commit | 67948aa62f61d458f7bedae5a2201c1859b62567 (patch) | |
tree | 3c075cfdcb3352967ea1b70e03b97947eed63eaf | |
parent | 2f6d6ba8ca8c7453be598bf45c5dae79ae2cf87b (diff) | |
download | dbus-tools-tizen_8.0.tar.gz dbus-tools-tizen_8.0.tar.bz2 dbus-tools-tizen_8.0.zip |
policychecker: print error related informationtizen_9.0_m2_releasetizen_8.0_m2_releasetizen_7.0_m2_releasetizen_6.5.m2_releasetizen_6.0.m2_releasesubmit/tizen_6.5/20211028.162501submit/tizen_6.0_hotfix/20201103.114804submit/tizen_6.0_hotfix/20201102.192504submit/tizen_6.0/20201029.205104submit/tizen/20191031.025611accepted/tizen/unified/20191101.042154accepted/tizen/9.0/unified/20241031.000014accepted/tizen/8.0/unified/20231005.093735accepted/tizen/7.0/unified/hotfix/20221116.105702accepted/tizen/7.0/unified/20221110.063450accepted/tizen/6.5/unified/20211028.114312accepted/tizen/6.0/unified/hotfix/20201103.003704accepted/tizen/6.0/unified/20201030.115416tizen_9.0tizen_8.0tizen_7.0_hotfixtizen_7.0tizen_6.0_hotfixtizen_6.0accepted/tizen_unifiedaccepted/tizen_9.0_unifiedaccepted/tizen_8.0_unifiedaccepted/tizen_7.0_unified_hotfixaccepted/tizen_7.0_unifiedaccepted/tizen_6.5_unifiedaccepted/tizen_6.0_unified_hotfixaccepted/tizen_6.0_unified
Change-Id: I07dbeffd02cf67f98ec0363b7b4aaa55e8f34e02
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
-rwxr-xr-x | policychecker/check.in | 158 |
1 files changed, 152 insertions, 6 deletions
diff --git a/policychecker/check.in b/policychecker/check.in index 393785a..d451840 100755 --- a/policychecker/check.in +++ b/policychecker/check.in @@ -12,6 +12,7 @@ sub_conf_path=("system.d" "session.d") bus_type=-1 config_file=-1 checker_include_all=0 +verbose_mode=0 schema_file="$checker_dir/rules.xsl" system_privileges_file="$tmpdir/privileges_system" @@ -31,13 +32,14 @@ usage() { echo -e "\tfilename dbus policy configuration file" echo -e "\t-s system bus" echo -e "\t-u session bus" + echo -e "\t-d enable verbose mode" echo -e "\t-v include every iso xsls" echo -e "\t-p enable profile mode" } # use "checker opt + config-file" # getopts doesn't support - "checker config-file + opt" -while getopts :suvp opt +while getopts :sudvp opt do case "$opt" in s) if [ $bus_type -eq -1 ]; then bus_type=0 @@ -49,8 +51,11 @@ do case "$opt" in echo "check session bus" fi ;; - v) checker_include_all=1 - echo "use iso_dsdl_include.xsl" + d) echo "enable verbose mode" + verbose_mode=1 + ;; + v) echo "include every xsl. iso_dsdl_include.xsl" + checker_include_all=1 ;; p) echo "enable profile mode" xslt_processor="$xslt_processor --profile" @@ -141,23 +146,164 @@ function check_policy_file(){ echo } +# print_matched_xml (str filename, int policyindex, str allow/deny, int allowindex) +# print_matched_xml "$filename" $policy "" 0 +function print_matched_xml(){ + local cnt_policy=0 + local cnt_allow=0 + local cnt_deny=0 + local filename="$1" + local policy_index=$2 + local allowdeny="$3" + local allow_index=$4 + local found_policy_tag=0 + local print_to_end=0 + local line_cnt=0 + local is_comment=0 + local reg1="^[[:blank:]]*<!--.*$" + local reg2="^[[:blank:]]*<!--.*-->[[:blank:]]*$" + local reg3="^.*-->[[:blank:]]*$" + local reg_start_allow="^[[:blank:]]*<$allowdeny.*$" + local reg_end_tag=".*/>[[:blank:]]*$" + local reg_start_policy="^[[:blank:]]*<policy.*$" + local reg_end_policy="^.*</policy[[:blank:]]*>[[:blank:]]*$" + + #echo "printline: $filename $policy_index $allowdeny $allow_index" + while IFS= read -r line + do + line_cnt=$((line_cnt+1)) + + # ignore comment + if [ $is_comment -eq 1 ]; then + if [[ $line =~ $reg3 ]]; then + is_comment=0 + fi + continue + fi + # ignore comment + if [[ $line =~ $reg1 ]]; then + if [[ ! $line =~ $reg2 ]]; then + is_comment=1 + fi + continue + fi + + # print multiple line + if [ $print_to_end -eq 1 ]; then + echo "$filename:$line_cnt: $line" + if [[ "$line" =~ $reg_end_tag ]]; then + print_to_end=0 + fi + continue + fi + + # end of policy + if [ -z "$allowdeny" ] && [ $found_policy_tag -eq 1 ]; then + echo "$filename:$line_cnt: $line" + if [[ "$line" =~ $reg_end_policy ]]; then + break + fi + continue + fi + + # is matched policy ? + if [[ "$line" =~ $reg_start_policy ]]; then + cnt_policy=$((cnt_policy+1)) + cnt_allow=0 + cnt_deny=0 + found_policy_tag=0 + if [ $cnt_policy -eq $policy_index ]; then + echo "$filename:$line_cnt: $line" + found_policy_tag=1 + fi + continue + fi + + if [ $found_policy_tag -eq 0 ]; then + continue + fi + + # find matched allow or deny + if [[ "$line" =~ $reg_start_allow ]]; then + cnt_allow=$((cnt_allow+1)) + if [ $allow_index -eq 0 ] || [ $cnt_allow -eq $allow_index ]; then + echo "$filename:$line_cnt: $line" + if [[ ! "$line" =~ $reg_end_tag ]]; then + print_to_end=1 + continue + fi + fi + fi + done < "$filename" +} + +# print_err_info (str filename, str line) +function print_err_info(){ + local filename=$1 + local line=$2 + local ipolicy=0 + local allowdeny=0 + local iallowdeny=0 + + # line contain a word 'policy' ? "FAILED(assert) at /busconfig/policy[1]/allow[1] ..." + if [[ "$line" =~ ^(FAILED).*/policy(\[([0-9]{1,2})\])?(/(allow|deny)(\[([0-9]{1,2})\])?)?[[:blank:]]+.*$ ]]; then + ipolicy=${BASH_REMATCH[3]} + allowdeny=${BASH_REMATCH[5]} + if [ ! -z ${BASH_REMATCH[7]} ]; then + iallowdeny=${BASH_REMATCH[7]} + fi + + print_matched_xml "$filename" $ipolicy "$allowdeny" $iallowdeny + echo "" + return + fi + + echo "$line" +} + +function verbose_mode(){ + local filename=$1 + local result=$2 + + IFS=$'\n' + lines=($result) + IFS=' ' + for line in "${lines[@]}"; do + echo $line + if [[ "$line" =~ ^(FAILED).*$ ]]; then + print_err_info "$filename" "$line" + fi + done +} + function check_policy_dir() { for d in "${conf_path[@]}"; do echo "$d/${sub_conf_path[$bus_type]}" target_path="$d/${sub_conf_path[$bus_type]}/*.conf" - for f in $target_path; do if [ -f $f ]; then - check_policy_file "$f" + result=$(check_policy_file "$f") + if [ $verbose_mode -eq 1 ]; then + verbose_mode "$f" "$result" + else + echo "$result" + fi fi done done } if [ $bus_type -eq -1 ]; then - check_policy_file "$config_file" + #check_policy_file "$config_file" + result=$(check_policy_file "$config_file") + if [ $verbose_mode -eq 1 ]; then + verbose_mode "$config_file" "$result" + else + echo "$result" + fi else check_policy_dir fi exit 0 + |