#!/usr/bin/perl
#
# $Id: autodep 5579 2005-11-02 18:21:35Z jesse $
#
# ----------------------------------------------------------------------
#    PROPRIETARY DATA of IMMUNIX INC.
#    Copyright (c) 2004, IMMUNIX (All rights reserved)
#
#    This document contains trade secret data which is the property
#    of IMMUNIX Inc.  This document is submitted to recipient in
#    confidence. Information contained herein may not be used, copied
#    or disclosed in whole or in part except as permitted by written
#    agreement signed by an officer of IMMUNIX, Inc.
# ----------------------------------------------------------------------


use strict;
use FindBin;
use Getopt::Long;

use Immunix::SubDomain;

use Data::Dumper;

use Locale::gettext;
use POSIX;

# force $PATH to be sane
$ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin";

# initialize the local poo
setlocale(LC_MESSAGES, "");
textdomain("subdomain-utils");

$UI_Mode = "text";

# options variables
my $help           = '';
my $force          = undef;
  
GetOptions(
  'force'       => \$force,
  'dir|d=s'     => \$profiledir,
  'help|h'      => \$help,
);
  
# tell 'em how to use it...
&usage && exit if $help;

my $sd_mountpoint = check_for_subdomain();

# let's convert it to full path...
$profiledir = get_full_path($profiledir);
  
unless(-d $profiledir) {
  UI_Important(sprintf(gettext('Can\'t find subdomain profiles in %s.'), $profiledir));
  exit 1;
}

# read the settings in /etc/logprof.conf
readconfig();

# what are we profiling?
my @profiling = @ARGV;

unless(@profiling) {
  @profiling = ( UI_GetString(gettext("Please enter the program to create a profile for: "), "") );
}

for my $profiling (@profiling) {

  next unless $profiling;

  my $fqdbin;
  if(-e $profiling) {
    $fqdbin = get_full_path($profiling);
    chomp($fqdbin);
  } else {
    if($profiling !~ /\//) {
      my $which = which($profiling);
      if($which) {
        $fqdbin = get_full_path($which);
      }
    }
  }

  # make sure that the app they're requesting to profile is not marked as
  # not allowed to have it's own profile
  if($qualifiers{$fqdbin}) {
    unless($qualifiers{$fqdbin} =~ /p/) {
      UI_Info(sprintf(gettext('%s is currently marked as a program that should not have it\'s own profile.  Usually, programs are marked this way if creating a profile for them is likely to break the rest of the system.  If you know what you\'re doing and are certain you want to create a profile for this program, edit the corresponding entry in the [qualifiers] section in /etc/apparmor/logprof.conf.'), $fqdbin));
      exit 1;
    }
  }

  unless(profile_is_authorized($fqdbin)) {
    fatal_error(gettext("The version of AppArmor that you are running does not allow the\ncreation of this profile.  Please contact Novell sales for\nupgrade options for AppArmor."));
  }

  if(-e $fqdbin) {
    if(-e getprofilefilename($fqdbin) && !$force) {
      UI_Info(sprintf(gettext('Profile for %s already exists - skipping.'), $fqdbin));
    } else {
      autodep($fqdbin);
      reload($fqdbin) if $sd_mountpoint;
    }
  } else {
    if($profiling =~ /^[^\/]+$/) {
      UI_Info(sprintf(gettext('Can\'t find %s in the system path list.  If the name of the application is correct, please run \'which %s\' as a user with the correct PATH environment set up in order to find the fully-qualified path.'), $profiling, $profiling));
      exit 1;
    } else {
      UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'). $profiling));
      exit 1;
    }
  }
}

exit 0;

sub usage {
  UI_Info("usage: $0 [ --force ] [ -d /path/to/profiles ]");
  exit 0;
}

