policy-inliner.sh - device/google/cuttlefish_vmm - Git at Google

 #!/bin/bash

 function is_policy_file() {
   [[ "${1##*.}" == "policy" ]] && return 0
   return 1
 }

 function inline() {
   #
   # assumptions are:
   #  1. policy files may include "/usr/share/policy/crosvm/common_device.policy"
   #  2. we replace the line with the contents of the file
   #
   # this aspect of crosvm may change
   #
   input="$1"
   output="$2"
   contents="$3"

   if ! [[ -f $contents ]]; then
     echo "the contents file in $0 is not a file or does not exist."
     exit 14
   fi

   # clean up the outfile
   cat /dev/null > $output
   while IFS= read -r line
   do
     if echo "$line" | egrep "@include[[:space:]]+/usr/share/policy/crosvm/common_device.policy" > /dev/null; then
       cat $contents | egrep "^[a-zA-Z0-9_-]+:" >> $output
       continue
     fi
     echo $line >> $output
   done < "$input"
 }

 need_help="false"

 #
 # -p for crosvm seccomp policy directory
 # -o for output directory where the processed policies land
 # -c for contents file
 #
 while getopts ":p:o:c:h" op; do
   case "$op" in
     p ) policy_dir=${OPTARG}
         ;;
     o ) output_dir=${OPTARG}
         ;;
     c ) contents_file=${OPTARG}
         ;;
     h ) need_help="true"
         ;;
     ? ) need_help="true"
         ;;
   esac
 done

 if [ $OPTIND -eq 1 ]; then
   need_help="true"
 fi

 function help_n_exit() {
   echo "must provide all the -o, -c, and -p options"
   echo "-p for crosvm seccomp policy directory"
   echo "-o for output directory where the processed policies land"
   echo "-c for contents file"
   exit 10
 }

 function rstrip_slash() {
   if  [[ "${1: -1}" != "/" ]] || [[ $1 == "/" ]]; then
     echo $1
   else
     echo "${1::-1}"
   fi
 }

 stripped_policy_dir=$(rstrip_slash $policy_dir)
 stripped_output_dir=$(rstrip_slash $output_dir)

 if [[ $need_help == "true" ]]; then
   help_n_exit
 fi

 for i in $(ls -1 $policy_dir); do
   if is_policy_file $i; then
     inline $stripped_policy_dir/$i $stripped_output_dir/$i $stripped_policy_dir/common_device.policy
   fi
 done
	#!/bin/bash

	function is_policy_file() {
	[[ "${1##*.}" == "policy" ]] && return 0
	return 1
	}

	function inline() {
	#
	# assumptions are:
	# 1. policy files may include "/usr/share/policy/crosvm/common_device.policy"
	# 2. we replace the line with the contents of the file
	#
	# this aspect of crosvm may change
	#
	input="$1"
	output="$2"
	contents="$3"

	if ! [[ -f $contents ]]; then
	echo "the contents file in $0 is not a file or does not exist."
	exit 14
	fi

	# clean up the outfile
	cat /dev/null > $output
	while IFS= read -r line
	do
	if echo "$line" \| egrep "@include[[:space:]]+/usr/share/policy/crosvm/common_device.policy" > /dev/null; then
	cat $contents \| egrep "^[a-zA-Z0-9_-]+:" >> $output
	continue
	fi
	echo $line >> $output
	done < "$input"
	}

	need_help="false"

	#
	# -p for crosvm seccomp policy directory
	# -o for output directory where the processed policies land
	# -c for contents file
	#
	while getopts ":p:o:c:h" op; do
	case "$op" in
	p ) policy_dir=${OPTARG}
	;;
	o ) output_dir=${OPTARG}
	;;
	c ) contents_file=${OPTARG}
	;;
	h ) need_help="true"
	;;
	? ) need_help="true"
	;;
	esac
	done

	if [ $OPTIND -eq 1 ]; then
	need_help="true"
	fi

	function help_n_exit() {
	echo "must provide all the -o, -c, and -p options"
	echo "-p for crosvm seccomp policy directory"
	echo "-o for output directory where the processed policies land"
	echo "-c for contents file"
	exit 10
	}

	function rstrip_slash() {
	if [[ "${1: -1}" != "/" ]] \|\| [[ $1 == "/" ]]; then
	echo $1
	else
	echo "${1::-1}"
	fi
	}

	stripped_policy_dir=$(rstrip_slash $policy_dir)
	stripped_output_dir=$(rstrip_slash $output_dir)

	if [[ $need_help == "true" ]]; then
	help_n_exit
	fi

	for i in $(ls -1 $policy_dir); do
	if is_policy_file $i; then
	inline $stripped_policy_dir/$i $stripped_output_dir/$i $stripped_policy_dir/common_device.policy
	fi
	done