packaging, integrating with Tizensubmit/tizen/20180705.081312accepted/tizen/unified/20180705.172727

Also, some improvements in shell scripts.

Change-Id: I10a06b8b30f45722746361b7ce27364baaebc957

7 files changed, 113 insertions, 104 deletions

diff --git a/policychecker/Makefile.in b/policychecker/Makefile.in
new file mode 100644
index 0000000..6d4a1a9
--- /dev/null
+++ b/policychecker/Makefile.in
@@ -0,0 +1,11 @@
+INSTALL_DIR=$(DESTDIR)/@datadir@/dbus-tools/policychecker
+BIN_DIR=$(DESTDIR)/@bindir@
+
+install:
+	mkdir -p $(INSTALL_DIR)
+	install -m 0644 *.xsl README $(INSTALL_DIR)
+	install -m 0755 check get_privileges $(INSTALL_DIR)
+	mkdir -p $(INSTALL_DIR)/xslt
+	install -m 0644 xslt/* $(INSTALL_DIR)/xslt
+	mkdir -p $(BIN_DIR)
+	ln -s @datadir@/dbus-tools/policychecker/check $(BIN_DIR)/dbus-policychecker
diff --git a/policychecker/README b/policychecker/README
index 72ad67c..57e7020 100644
--- a/policychecker/README
+++ b/policychecker/README
@@ -1,4 +1,10 @@
 
-./check ./test-policy.conf
+This is the policy checker for D-Bus. Run it with a D-Bus policy file as an argument:
 
-for i in /etc/dbus-1/system.d/*.conf; do ./check "$i" | wc -l ; done
+dbus-policycheck ./test-policy.conf
+
+It shows found violations checked with rules defined in rules.xsl.
+
+To count all violations in system policy config files, run
+
+for i in /etc/dbus-1/system.d/*.conf; do dbus-policycheck "$i" | wc -l ; done
diff --git a/policychecker/check b/policychecker/check
deleted file mode 100755
index ce3f4ad..0000000
--- a/policychecker/check
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/bin/bash
-
-xslt_processor="xsltproc --nonet --novalid --maxdepth 20000"
-tmpdir="./tmp/"
-
-function exit_with_code() {
-	rm -rf $tmpdir
-	exit $1
-}
-
-
-if [ "$#" -ne 1 ]; then
-	echo "Usage: $0 config-file"
-	exit 1
-fi
-
-config_file=$1
-schema_file="./rules.xsl"
-
-if [ ! -f $config_file ]; then
-	echo "config file does not exist"
-	exit 1
-fi
-
-if [ -d "$tmpdir" ]; then
-	rm -rf "$tmpdir"
-fi
-
-rm -rf error*.log
-mkdir $tmpdir
-
-
-# TEST 1/3: check cynara privileges existence (there are too many to perform this check using xsltproc)
-system_privileges_file="$tmpdir/privileges_system"
-conf_privileges_file="$tmpdir/privileges_conf"
-grep "http://tizen.org/privilege" /var/cynara/db/* | sed "s/;[^;]*;$//g" | sed "s/.*http/http/g" | uniq > $system_privileges_file
-$xslt_processor ./extract_privilege.xsl $config_file | uniq > $conf_privileges_file
-grep -Fxv -f $system_privileges_file $conf_privileges_file | while read line ; do echo "FAILED(cynara) no privilege in cynara db: $line" ; done
-
-# TEST 2/3: check allow/deny duplicates (impossible to do directly with xpath 1.0, I don't know how to embed it into schematron config)
-$xslt_processor ./same.xsl $config_file
-
-
-# TEST 3/3: apply schematron rules
-
-# build a test (@user = x or @user = y or ...) at runtime
-users_test=$(cat /etc/passwd | sed "s/:.*//g" | sort | paste -sd "," | sed "s/,/' or @user = '/g" | sed "s/^/@user = '/" | sed "s/$/'/")
-groups_test=$(cat /etc/group | sed "s/:.*//g" | sort | paste -sd "," | sed "s/,/' or @group = '/g" | sed "s/^/@group = '/" | sed "s/$/'/")
-
-tmpname="$tmpdir$(basename $schema_file)"
-
-cat $schema_file | sed "s/USERS_TEST/$users_test/g" | sed "s/GROUPS_TEST/$groups_test/g" > $tmpname.0  2> error.0.log
-if [ $? != 0 ]; then
-	echo "XSL Phase 0 failed, error log saved to error.0.log"
-	exit_with_code 1
-fi
-
-$xslt_processor xslt/iso_dsdl_include.xsl $tmpname.0 > $tmpname.1 2> error.1.log
-if [ $? != 0 ]; then
-	echo "XSL Phase 1 failed, error log saved to error.1.log"
-	exit_with_code 1
-fi
-
-$xslt_processor xslt/iso_abstract_expand.xsl $tmpname.1 > $tmpname.2 2> error.2.log
-if [ ! $? == 0 ]; then
-	echo "XSL Phase 2 failed, error log saved to error.2.log"
-	exit 1
-fi
-
-$xslt_processor xslt/iso_svrl_for_xslt1.xsl $tmpname.2 > $tmpname.3 2> error.3.log
-if [ $? != 0 ]; then
-	echo "XSL Phase 3 failed, error log saved to error.3.log"
-	exit_with_code 1
-fi
-
-$xslt_processor $tmpname.3 $config_file > $tmpname.4 2> error.4.log
-if [ $? != 0 ]; then
-	echo "Schematron test failed, error log saved to error.4.log"
-	exit_with_code 1
-fi
-
-$xslt_processor report.xsl $tmpname.4 2> error.5.log
-if [ $? != 0 ]; then
-	echo "Formatting test results failed, error log saved to error.5.log"
-	exit_with_code 1
-fi
-
-exit_with_code 0
diff --git a/policychecker/check.in b/policychecker/check.in
new file mode 100755
index 0000000..da5b3ad
--- /dev/null
+++ b/policychecker/check.in
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+set -e
+
+xslt_processor="xsltproc --nonet --novalid --maxdepth 20000"
+tmpdir=`mktemp -d`
+checker_dir="@datadir@/dbus-tools/policychecker"
+schematron_dir="@datadir@/dbus-tools/policychecker/xslt"
+config_file=$1
+schema_file="$checker_dir/rules.xsl"
+
+system_privileges_file="$tmpdir/privileges_system"
+conf_privileges_file="$tmpdir/privileges_conf"
+
+cleanup() {
+	rm -rf $tmpdir
+	exit $1
+}
+
+trap cleanup 0
+
+if [ "$#" -ne 1 ]; then
+	echo "Usage: $0 config-file"
+	exit 1
+fi
+
+if [ ! -f $config_file ]; then
+	echo "config file does not exist"
+	exit 1
+fi
+
+if [ ! -d /var/cynara/db ]; then
+	echo "Cynara database not found"
+	exit 1
+fi
+
+# TEST 1/3: check cynara privileges existence (there are too many to perform this check using xsltproc)
+grep "http://tizen.org/privilege" /var/cynara/db/* | sed -e "s/;[^;]*;$//g" -e "s/.*http/http/g" | uniq > $system_privileges_file
+$xslt_processor $checker_dir/extract_privilege.xsl $config_file | uniq > $conf_privileges_file
+grep -Fxv -f $system_privileges_file $conf_privileges_file | while read line ; do echo "FAILED(cynara) no privilege in cynara db: $line" ; exit 1; done
+
+# TEST 2/3: check allow/deny duplicates (impossible to do directly with xpath 1.0, I don't know how to embed it into schematron config)
+$xslt_processor $checker_dir/same.xsl $config_file
+
+# TEST 3/3: apply schematron rules
+
+# build a test (@user = x or @user = y or ...) at runtime
+prepare_test() {
+	echo $(getent $1 | sort -r | awk -F: '{entries[n++] = $1} END { while (n>0) {printf "@'"$2"' = '\''%s'\''%s", entries[n-1], (n > 1 ? " or " : ""); n--} }')
+}
+
+users_test=$(prepare_test passwd user)
+groups_test=$(prepare_test group group)
+
+tmpname="$tmpdir/$(basename $schema_file)"
+
+cat $schema_file | sed -e "s/USERS_TEST/$users_test/g" -e "s/GROUPS_TEST/$groups_test/g" > $tmpname.0
+
+$xslt_processor $schematron_dir/iso_dsdl_include.xsl $tmpname.0 > $tmpname.1
+$xslt_processor $schematron_dir/iso_abstract_expand.xsl $tmpname.1 > $tmpname.2
+$xslt_processor $schematron_dir/iso_svrl_for_xslt1.xsl $tmpname.2 > $tmpname.3
+$xslt_processor $tmpname.3 $config_file > $tmpname.4
+$xslt_processor $checker_dir/report.xsl $tmpname.4
+
+# end-of-output, a new line for pretty printing
+echo
+
+exit 0
diff --git a/policychecker/configure.ac b/policychecker/configure.ac
new file mode 100644
index 0000000..17b88c2
--- /dev/null
+++ b/policychecker/configure.ac
@@ -0,0 +1,11 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ(2.61)
+AC_INIT([dbus-policychecker], [0.1])
+
+AC_SUBST([bindir])
+AC_SUBST([datadir])
+AC_CONFIG_FILES([Makefile check get_privileges])
+
+AC_OUTPUT
diff --git a/policychecker/get_privileges b/policychecker/get_privileges
deleted file mode 100755
index 753b460..0000000
--- a/policychecker/get_privileges
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-cmd="xsltproc --nonet --novalid "
-
-privileges=""
-
-for i in `ls ./*.conf`; do
-	new="$($cmd extract_privilege.xsl $i)"
-	privileges="$privileges \
-	       	$new"
-done
-
-echo "$privileges" | uniq -u
-exit 0
diff --git a/policychecker/get_privileges.in b/policychecker/get_privileges.in
new file mode 100755
index 0000000..e7f69e2
--- /dev/null
+++ b/policychecker/get_privileges.in
@@ -0,0 +1,15 @@
+#!/bin/sh
+# This script extracts and lists privileges from all D-Bus conf files in current directory
+
+cmd="xsltproc --nonet --novalid "
+
+privileges=""
+
+for i in *.conf
+do
+	new="$($cmd @datadir@/dbus-tools/policychecker/extract_privilege.xsl $i)"
+	privileges="$privileges\n$new"
+done
+
+echo -e "$privileges" | sort | uniq
+exit 0