1#!/bin/bash 2 3function is_policy_file() { 4 [[ "${1##*.}" == "policy" ]] && return 0 5 return 1 6} 7 8function inline() { 9 # 10 # assumptions are: 11 # 1. policy files may include "/usr/share/policy/crosvm/common_device.policy" 12 # 2. we replace the line with the contents of the file 13 # 14 # this aspect of crosvm may change 15 # 16 input="$1" 17 output="$2" 18 contents="$3" 19 20 if ! [[ -f $contents ]]; then 21 echo "the contents file in $0 is not a file or does not exist." 22 exit 14 23 fi 24 25 # clean up the outfile 26 cat /dev/null > $output 27 while IFS= read -r line 28 do 29 if echo "$line" | egrep "@include[[:space:]]+/usr/share/policy/crosvm/common_device.policy" > /dev/null; then 30 cat $contents | egrep "^[a-zA-Z0-9_-]+:" >> $output 31 continue 32 fi 33 echo $line >> $output 34 done < "$input" 35} 36 37need_help="false" 38 39# 40# -p for crosvm seccomp policy directory 41# -o for output directory where the processed policies land 42# -c for contents file 43# 44while getopts ":p:o:c:h" op; do 45 case "$op" in 46 p ) policy_dir=${OPTARG} 47 ;; 48 o ) output_dir=${OPTARG} 49 ;; 50 c ) contents_file=${OPTARG} 51 ;; 52 h ) need_help="true" 53 ;; 54 ? ) need_help="true" 55 ;; 56 esac 57done 58 59if [ $OPTIND -eq 1 ]; then 60 need_help="true" 61fi 62 63function help_n_exit() { 64 echo "must provide all the -o, -c, and -p options" 65 echo "-p for crosvm seccomp policy directory" 66 echo "-o for output directory where the processed policies land" 67 echo "-c for contents file" 68 exit 10 69} 70 71function rstrip_slash() { 72 if [[ "${1: -1}" != "/" ]] || [[ $1 == "/" ]]; then 73 echo $1 74 else 75 echo "${1::-1}" 76 fi 77} 78 79stripped_policy_dir=$(rstrip_slash $policy_dir) 80stripped_output_dir=$(rstrip_slash $output_dir) 81 82if [[ $need_help == "true" ]]; then 83 help_n_exit 84fi 85 86for i in $(ls -1 $policy_dir); do 87 if is_policy_file $i; then 88 inline $stripped_policy_dir/$i $stripped_output_dir/$i $stripped_policy_dir/common_device.policy 89 fi 90done 91 92