diff options
| -rwxr-xr-x | policychecker/check.in | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/policychecker/check.in b/policychecker/check.in index 63f37fd..fd3af57 100755 --- a/policychecker/check.in +++ b/policychecker/check.in @@ -11,6 +11,7 @@ schema_file="$checker_dir/rules.xsl" system_privileges_file="$tmpdir/privileges_system" conf_privileges_file="$tmpdir/privileges_conf" +cynara_db="/var/cynara/db" cleanup() { rm -rf $tmpdir @@ -29,14 +30,29 @@ if [ ! -f $config_file ]; then exit 1 fi -if [ ! -d /var/cynara/db ]; then +if [ ! -d $cynara_db ]; then echo "Cynara database not found" exit 1 fi +# Cynara privilege formats can be various. +# For example, +# SR: http://tizen.org/privilege/${privilege_name} +# DA: http://samsung.com/tizen/privilege/${privilege_name} +# IM: http://developer.samsung.com/tizen/privilege/${privilege_name} +# VD: http://developer.samsung.com/privilege/${privilege_name} +PRIVILEGES=" +http://tizen.org/privilege +http://samsung.com/tizen/privilege +http://developer.samsung.com/tizen/privilege +http://developer.samsung.com/privilege +" + # TEST 1/3: check cynara privileges existence (there are too many to perform this check using xsltproc) -grep "http://tizen.org/privilege" /var/cynara/db/* | sed -e "s/;[^;]*;$//g" -e "s/.*http/http/g" | uniq > $system_privileges_file -$xslt_processor $checker_dir/extract_privilege.xsl $config_file | uniq > $conf_privileges_file +for p in $PRIVILEGES; do + grep $p $cynara_db/* | cut -d\; -f3 | sort -u >> $system_privileges_file +done +$xslt_processor $checker_dir/extract_privilege.xsl $config_file | sort -u > $conf_privileges_file grep -Fxv -f $system_privileges_file $conf_privileges_file | while read line ; do echo "FAILED(cynara) no privilege in cynara db: $line" ; exit 1; done # TEST 2/3: check allow/deny duplicates (impossible to do directly with xpath 1.0, I don't know how to embed it into schematron config) |