1c1ed15f1Sopenharmony_ci#!/usr/bin/env python 2c1ed15f1Sopenharmony_ci# coding: utf-8 3c1ed15f1Sopenharmony_ci 4c1ed15f1Sopenharmony_ci""" 5c1ed15f1Sopenharmony_ciCopyright (c) 2023 Huawei Device Co., Ltd. 6c1ed15f1Sopenharmony_ciLicensed under the Apache License, Version 2.0 (the "License"); 7c1ed15f1Sopenharmony_ciyou may not use this file except in compliance with the License. 8c1ed15f1Sopenharmony_ciYou may obtain a copy of the License at 9c1ed15f1Sopenharmony_ci 10c1ed15f1Sopenharmony_ci http://www.apache.org/licenses/LICENSE-2.0 11c1ed15f1Sopenharmony_ci 12c1ed15f1Sopenharmony_ciUnless required by applicable law or agreed to in writing, software 13c1ed15f1Sopenharmony_cidistributed under the License is distributed on an "AS IS" BASIS, 14c1ed15f1Sopenharmony_ciWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15c1ed15f1Sopenharmony_ciSee the License for the specific language governing permissions and 16c1ed15f1Sopenharmony_cilimitations under the License. 17c1ed15f1Sopenharmony_ci 18c1ed15f1Sopenharmony_ci""" 19c1ed15f1Sopenharmony_ci 20c1ed15f1Sopenharmony_ciimport argparse 21c1ed15f1Sopenharmony_ciimport os 22c1ed15f1Sopenharmony_cifrom check_common import read_json_file, run_command 23c1ed15f1Sopenharmony_ci 24c1ed15f1Sopenharmony_ci 25c1ed15f1Sopenharmony_cidef get_request_args(args, request): 26c1ed15f1Sopenharmony_ci arg_list = request.split() 27c1ed15f1Sopenharmony_ci request_args = [] 28c1ed15f1Sopenharmony_ci for arg in arg_list: 29c1ed15f1Sopenharmony_ci if arg == "--file_contexts": 30c1ed15f1Sopenharmony_ci request_args.append(arg) 31c1ed15f1Sopenharmony_ci request_args.append(os.path.join(args.output_path, "file_contexts")) 32c1ed15f1Sopenharmony_ci if arg == "--cil_file": 33c1ed15f1Sopenharmony_ci request_args.append(arg) 34c1ed15f1Sopenharmony_ci request_args.append(os.path.join(args.output_path, "all.cil")) 35c1ed15f1Sopenharmony_ci request_args.append("--developer_cil_file") 36c1ed15f1Sopenharmony_ci request_args.append(os.path.join(args.output_path, "developer/all.cil")) 37c1ed15f1Sopenharmony_ci return request_args 38c1ed15f1Sopenharmony_ci 39c1ed15f1Sopenharmony_ci 40c1ed15f1Sopenharmony_cidef build_cil(args): 41c1ed15f1Sopenharmony_ci check_policy_cmd = [os.path.join(args.tool_path, "checkpolicy"), 42c1ed15f1Sopenharmony_ci "-b", args.user_policy, 43c1ed15f1Sopenharmony_ci "-M", "-C", "-S", "-O", 44c1ed15f1Sopenharmony_ci "-o", os.path.join(args.output_path, "all.cil")] 45c1ed15f1Sopenharmony_ci run_command(check_policy_cmd) 46c1ed15f1Sopenharmony_ci check_policy_cmd = [os.path.join(args.tool_path, "checkpolicy"), 47c1ed15f1Sopenharmony_ci "-b", args.developer_policy, 48c1ed15f1Sopenharmony_ci "-M", "-C", "-S", "-O", 49c1ed15f1Sopenharmony_ci "-o", os.path.join(args.output_path, "developer/all.cil")] 50c1ed15f1Sopenharmony_ci run_command(check_policy_cmd) 51c1ed15f1Sopenharmony_ci 52c1ed15f1Sopenharmony_ci 53c1ed15f1Sopenharmony_cidef get_policy_dir_list(args): 54c1ed15f1Sopenharmony_ci path_list = ["base/security/selinux_adapter/sepolicy"] 55c1ed15f1Sopenharmony_ci path_list += args.policy_dir_list.split(":") 56c1ed15f1Sopenharmony_ci 57c1ed15f1Sopenharmony_ci build_dir_list = [] 58c1ed15f1Sopenharmony_ci for i in path_list: 59c1ed15f1Sopenharmony_ci if i == "" or i == "default": 60c1ed15f1Sopenharmony_ci continue 61c1ed15f1Sopenharmony_ci path = os.path.join(args.source_root_dir, i) 62c1ed15f1Sopenharmony_ci if (os.path.exists(path)): 63c1ed15f1Sopenharmony_ci build_dir_list.append(path) 64c1ed15f1Sopenharmony_ci else: 65c1ed15f1Sopenharmony_ci print("following path not exists {}".format(path)) 66c1ed15f1Sopenharmony_ci raise Exception(-1) 67c1ed15f1Sopenharmony_ci 68c1ed15f1Sopenharmony_ci return build_dir_list 69c1ed15f1Sopenharmony_ci 70c1ed15f1Sopenharmony_ci 71c1ed15f1Sopenharmony_cidef parse_args(): 72c1ed15f1Sopenharmony_ci parser = argparse.ArgumentParser() 73c1ed15f1Sopenharmony_ci parser.add_argument('--output-path', help='the selinux compile output path', required=True) 74c1ed15f1Sopenharmony_ci parser.add_argument('--source-root-dir', help='the project root path', required=True) 75c1ed15f1Sopenharmony_ci parser.add_argument('--selinux-check-config', help='the selinux check config file path', required=True) 76c1ed15f1Sopenharmony_ci parser.add_argument('--user-policy', help='the user policy file', required=True) 77c1ed15f1Sopenharmony_ci parser.add_argument('--developer-policy', help='the developer policy file', required=True) 78c1ed15f1Sopenharmony_ci parser.add_argument('--tool-path', help='the policy tool bin path', required=True) 79c1ed15f1Sopenharmony_ci parser.add_argument('--policy-dir-list', help='policy dirs need to be included', required=True) 80c1ed15f1Sopenharmony_ci return parser.parse_args() 81c1ed15f1Sopenharmony_ci 82c1ed15f1Sopenharmony_ci 83c1ed15f1Sopenharmony_ciif __name__ == "__main__": 84c1ed15f1Sopenharmony_ci input_args = parse_args() 85c1ed15f1Sopenharmony_ci build_cil(input_args) 86c1ed15f1Sopenharmony_ci policy_dir_list = get_policy_dir_list(input_args) 87c1ed15f1Sopenharmony_ci check_config = read_json_file(os.path.join(input_args.source_root_dir, input_args.selinux_check_config)) 88c1ed15f1Sopenharmony_ci check_list = check_config.get("selinux_check") 89c1ed15f1Sopenharmony_ci for check in check_list: 90c1ed15f1Sopenharmony_ci script = os.path.join(input_args.source_root_dir, check.get("script")) 91c1ed15f1Sopenharmony_ci cmd = ["python", script] 92c1ed15f1Sopenharmony_ci cmd.extend(get_request_args(input_args, check.get("args"))) 93c1ed15f1Sopenharmony_ci extra_args = check.get("extra_args").split() 94c1ed15f1Sopenharmony_ci if len(extra_args): 95c1ed15f1Sopenharmony_ci cmd.extend(extra_args) 96c1ed15f1Sopenharmony_ci cmd.extend(["--policy-dir-list", ":".join(policy_dir_list)]) 97c1ed15f1Sopenharmony_ci run_command(cmd) 98