Home | History | Annotate | Download | only in sepolicy 
      1 # This file is part of systemd.
      2 #
      3 # Copyright 2012-2013 Dan Walsh
      4 #
      5 # systemd is free software; you can redistribute it and/or modify it
      6 # under the terms of the GNU General Public License as published by
      7 # the Free Software Foundation; either version 2 of the License, or
      8 # (at your option) any later version.
      9 #
     10 # systemd is distributed in the hope that it will be useful, but
     11 # WITHOUT ANY WARRANTY; without even the implied warranty of
     12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
     13 # General Public License for more details.
     14 #
     15 # You should have received a copy of the GNU General Public License
     16 # along with systemd; If not, see <http://www.gnu.org/licenses/>.
     17 
     18 __contains_word () {
     19         local word=$1; shift
     20         for w in $*; do [[ $w = $word ]] && return 0; done
     21         return 1
     22 }
     23 
     24 __get_all_paths () {
     25     dir -1 -F $* | grep '/' | cut -d'/' -f 1
     26 }
     27 __get_all_ftypes () {
     28     echo '-- -d -c -b -s -l -p'
     29 }
     30 __get_all_networks () {
     31     seinfo -u 2> /dev/null | tail -n +3
     32 }
     33 __get_all_booleans () {
     34     getsebool -a 2> /dev/null
     35 }
     36 __get_all_types () {
     37     seinfo -t 2> /dev/null | tail -n +3
     38 }
     39 __get_all_admin_interaces () {
     40     awk '/InterfaceVector.*_admin /{ print $2 }' /var/lib/sepolgen/interface_info | awk -F '_admin' '{ print $1 }'
     41 }
     42 __get_all_user_role_interaces () {
     43     awk '/InterfaceVector.*_role /{ print $2 }' /var/lib/sepolgen/interface_info | awk -F '_role' '{ print $1 }'
     44 }
     45 __get_all_user_domains () {
     46     seinfo -auserdomain -x 2> /dev/null | tail -n +2
     47 }
     48 __get_all_users () {
     49     seinfo -u 2> /dev/null | tail -n +2
     50 }
     51 __get_all_classes () {
     52     seinfo -c 2> /dev/null | tail -n +2
     53 }
     54 __get_all_port_types () {
     55     seinfo -aport_type -x 2> /dev/null | tail -n +2
     56 }
     57 __get_all_domain_types () {
     58     seinfo -adomain -x 2> /dev/null | tail -n +2
     59 }
     60 __get_all_domains () {
     61     seinfo -adomain -x 2>/dev/null | sed 's/_t$//g'
     62 }
     63 _sepolicy () {
     64         local command=${COMP_WORDS[1]}
     65         local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
     66         local verb comps
     67 
     68         local -A VERBS=(
     69                [BOOLEANS]='booleans'
     70                [COMMUNICATE]='communicate'
     71                [GENERATE]='generate'
     72                [GUI]='gui'
     73                [INTERFACE]='interface'
     74                [MANPAGE]='manpage'
     75                [NETWORK]='network'
     76                [TRANSITION]='transition'
     77         )
     78 
     79         COMMONOPTS='-P --policy -h --help'
     80         local -A OPTS=(
     81                [booleans]='-h --help -p --path -a -all -b --boolean'
     82                [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
     83                [generate]='-a --admin --admin_user --application --cgi --confined_admin --customize  -d --domain --dbus --desktop_user -h --help --inetd --init -n --name --newtype -p --path --sandbox -T --test --term_user -u --user -w --writepath --x_user'
     84                [gui]='-h --help'
     85                [interface]='-h --help -a --list_admin -c --compile -i --interface -l --list -u --list_user -u --list_user -v --verbose'
     86                [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web -r --root'
     87                [network]='-h --help -d --domain -l --list -p --port -t --type '
     88                [transition]='-h --help -s --source -t --target'
     89         )
     90 
     91         for ((i=0; $i <= $COMP_CWORD; i++)); do
     92                 if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} &&
     93                  ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG}]}; then
     94                         verb=${COMP_WORDS[i]}
     95                         break
     96                 fi
     97         done
     98 
     99         if   [[ -z $verb ]]; then
    100             if [ "$prev" = "-P" -o "$prev" = "--policy" ]; then
    101                 COMPREPLY=( $( compgen -f -- "$cur") )
    102                 compopt -o filenames
    103                 return 0
    104             else
    105                 comps="${VERBS[*]} ${COMMONOPTS}"
    106             fi
    107         elif [ "$verb" = "booleans" ]; then
    108             if [ "$prev" = "-b" -o "$prev" = "--boolean" ]; then
    109                 COMPREPLY=( $(compgen -W "$( __get_all_booleans ) " -- "$cur") )
    110                 return 0
    111             fi
    112             COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
    113             return 0
    114         elif [ "$verb" = "communicate" ]; then
    115             if [ "$prev" = "-s" -o "$prev" = "--source" -o "$prev" = "-t" -o "$prev" = "--target" ]; then
    116                 COMPREPLY=( $(compgen -W "$( __get_all_domain_types ) " -- "$cur") )
    117                 return 0
    118             elif [ "$prev" = "-c" -o "$prev" = "--class" ]; then
    119                 COMPREPLY=( $(compgen -W "$( __get_all_classes ) " -- "$cur") )
    120                 return 0
    121             fi
    122             COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
    123             return 0
    124         elif [ "$verb" = "generate" ]; then
    125             if [ "$prev" = "--name" -o "$prev" = "-n" ]; then
    126                 return 0
    127             elif test "$prev" = "-p" || test "$prev" = "--path" ; then
    128                 COMPREPLY=( $( compgen -d -- "$cur") )
    129                 compopt -o filenames
    130                 return 0
    131             elif test "$prev" = "-w" || test "$prev" = "--writepath" ; then
    132                 COMPREPLY=( $( compgen -d -- "$cur") )
    133                 compopt -o filenames
    134                 return 0
    135             elif [ "$prev" = "--domain" -o "$prev" = "-d" ]; then
    136                 COMPREPLY=( $(compgen -W "$( __get_all_domain_types ) " -- "$cur") )
    137                 return 0
    138             elif [ "$prev" = "--newtype" ]; then
    139                 COMPREPLY=( $(compgen -W "-n --name -t --type" -- "$cur") )
    140                 return 0
    141             elif [ "$prev" = "--admin" -o "$prev" = "-a" ]; then
    142                 COMPREPLY=( $(compgen -W "$( __get_all_admin_interaces ) " -- "$cur") )
    143                 return 0
    144             elif [ "$prev" = "--user" -o "$prev" = "-u" ]; then
    145                 COMPREPLY=( $(compgen -W "$( __get_all_users )" -- "$cur") )
    146                 return 0
    147             elif [[ "$cur" == "$verb" || "$cur" == "" || "$cur" == -* ]]; then
    148                 COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
    149                 return 0
    150             fi
    151             COMPREPLY=( $( compgen -f -- "$cur") )
    152             compopt -o filenames
    153             return 0
    154         elif [ "$verb" = "interface" ]; then
    155             COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
    156             return 0
    157         elif [ "$verb" = "manpage" ]; then
    158             if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
    159                 COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") )
    160                 return 0
    161             elif test "$prev" = "-r" || test "$prev" = "--root" ; then
    162                 COMPREPLY=( $( compgen -d -- "$cur") )
    163                 compopt -o filenames
    164                 return 0
    165             elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then
    166                 return 0
    167             elif test "$prev" = "-p" || test "$prev" = "--path" ; then
    168                 COMPREPLY=( $( compgen -d -- "$cur") )
    169                 compopt -o filenames
    170                 return 0
    171             fi
    172             COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
    173             return 0
    174         elif [ "$verb" = "network" ]; then
    175             if [ "$prev" = "-t" -o "$prev" = "--type" ]; then
    176                 COMPREPLY=( $(compgen -W "$( __get_all_port_types )" -- "$cur") )
    177                 return 0
    178             fi
    179             if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
    180                 COMPREPLY=( $(compgen -W "$( __get_all_domain_types )" -- "$cur") )
    181                 return 0
    182             fi
    183             COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
    184             return 0
    185         elif [ "$verb" = "transition" ]; then
    186             if [ "$prev" = "-s" -o "$prev" = "--source" -o "$prev" = "-t" -o "$prev" = "--target" ]; then
    187                 COMPREPLY=( $(compgen -W "$( __get_all_domain_types ) " -- "$cur") )
    188                 return 0
    189             fi
    190             COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
    191             return 0
    192         fi
    193         COMPREPLY=( $(compgen -W "$comps" -- "$cur") )
    194         return 0
    195 }
    196 complete -F _sepolicy sepolicy
    197