2019-12-03 16:29:12 +00:00
#!/usr/bin/env python3
2019-08-30 13:22:54 +01:00
#
# Copyright (C) 2012-2019 Red Hat, Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
import re
import sys
objects = [
" CONNECT " , " DOMAIN " , " INTERFACE " , " NETWORK_PORT " ,
" NETWORK " , " NODE_DEVICE " , " NWFILTER_BINDING " ,
" NWFILTER " , " SECRET " , " STORAGE_POOL " , " STORAGE_VOL " ,
]
objectstr = " | " . join ( objects )
# Data we're going to be generating looks like this
#
# <policyconfig>
# <action id="org.libvirt.unix.monitor">
# <description>Monitor local virtualized systems</description>
# <message>System policy prevents monitoring of
# local virtualized systems</message>
# <defaults>
# <allow_any>yes</allow_any>
# <allow_inactive>yes</allow_inactive>
# <allow_active>yes</allow_active>
# </defaults>
# </action>
# ...more <action> rules...
# </policyconfig>
opts = { }
in_opts = False
perms = { }
aclfile = sys . argv [ 1 ]
with open ( aclfile , " r " ) as fh :
for line in fh :
if in_opts :
2019-11-20 20:10:13 +01:00
if " */ " in line :
2019-08-30 13:22:54 +01:00
in_opts = False
else :
m = re . search ( r ''' \ * \ s* \ @( \ w+): \ s*(.*?) \ s*$ ''' , line )
if m is not None :
opts [ m . group ( 1 ) ] = m . group ( 2 )
2019-11-20 20:10:13 +01:00
elif " ** " in line :
2019-08-30 13:22:54 +01:00
in_opts = True
else :
m = re . search ( r ''' VIR_ACCESS_PERM_( %s )_((?: \ w|_)+), ''' %
objectstr , line )
if m is not None :
obj = m . group ( 1 ) . lower ( )
perm = m . group ( 2 ) . lower ( )
if perm == " last " :
continue
obj = obj . replace ( " _ " , " - " )
perm = perm . replace ( " _ " , " - " )
if obj not in perms :
perms [ obj ] = { }
perms [ obj ] [ perm ] = {
" desc " : opts . get ( " desc " , None ) ,
" message " : opts . get ( " message " , None ) ,
" anonymous " : opts . get ( " anonymous " , None ) ,
}
opts = { }
print ( ' <?xml version= " 1.0 " encoding= " UTF-8 " ?> ' )
print ( ' <!DOCTYPE policyconfig PUBLIC ' +
' " -//freedesktop//DTD polkit Policy Configuration 1.0//EN " ' )
print ( ' " http://www.freedesktop.org/software/polkit/policyconfig-1.dtd " > ' )
print ( ' <policyconfig> ' )
print ( ' <vendor>Libvirt Project</vendor> ' )
print ( ' <vendor_url>https://libvirt.org</vendor_url> ' )
for obj in sorted ( perms . keys ( ) ) :
for perm in sorted ( perms [ obj ] . keys ( ) ) :
description = perms [ obj ] [ perm ] [ " desc " ]
message = perms [ obj ] [ perm ] [ " message " ]
anonymous = perms [ obj ] [ perm ] [ " anonymous " ]
if description is None :
raise Exception ( " missing description for %s . %s " % ( obj , perm ) )
if message is None :
raise Exception ( " missing message for %s . %s " % ( obj , perm ) )
allow_any = " no "
if anonymous :
allow_any = " yes "
allow_inactive = allow_any
allow_active = allow_any
print ( ' <action id= " org.libvirt.api. %s . %s " > ' % ( obj , perm ) )
print ( ' <description> %s </description> ' % description )
print ( ' <message> %s </message> ' % message )
print ( ' <defaults> ' )
print ( ' <allow_any> %s </allow_any> ' % allow_any )
print ( ' <allow_inactive> %s </allow_inactive> ' % allow_inactive )
print ( ' <allow_active> %s </allow_active> ' % allow_active )
print ( ' </defaults> ' )
print ( ' </action> ' )
print ( ' </policyconfig> ' )