#!/usr/bin/env python3
# -*- coding: utf-8 -*-

#
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

import sys
import argparse
import json
import os


class ValidateError(Exception):
    def __init__(self, msg):
        super().__init__(msg)


def parse_cfg_file(file_name: str):
    """
    Load the cfg file in JSON format
    """
    services_name = set()
    with open(file_name) as fp:
        data = json.load(fp)
        if "services" not in data:
            return services_name
        for field in data['services']:
            services_name.add(field['name'])
            if "path" in field and len(field['path']) == 2 and field['path'][0] == "/system/bin/sa_main":
                if field['path'][1].endswith('.xml'):
                    raise ValidateError('cfg error,please use json file replace xml process name: ' + field['name'])
    return services_name


def collect_cfg_services_name(cfg_dir: str):
    services_name = set()
    if not os.path.exists(cfg_dir):
        return services_name
    for file in os.listdir(cfg_dir):
        if file.endswith(".cfg"):
            services_name |= parse_cfg_file("{}/{}".format(cfg_dir, file))
    return services_name


def collect_seccomp_services_name(lib_dir: str):
    services_name = set()
    name_allow_list = [
        'system',
        'app',
        'nwebspawn',
        'imf_secure_mode',
        'app_privilege',
        'app_atomic',
        'app_custom',
        'app_allow_iouring',
        'app_normal'
    ]
    if not os.path.exists(lib_dir):
        return services_name
    for file in os.listdir(lib_dir):
        if not file.startswith('lib') or not file.endswith('_filter.z.so'):
            raise ValidateError('seccomp directory has other shared library except seccomp policy library')

        front_pos = file.find('lib') + 3
        rear_pos = file.find('_filter.z.so')
        name = file[front_pos : rear_pos]
        if not name.startswith('com.') and name not in name_allow_list:
            services_name.add(name)

    return services_name


def check_seccomp_services_name(servces_name: str, seccomp_services_name: str):
    for name in seccomp_services_name:
        if name not in servces_name:
            raise ValidateError('service name  {} not in cfg, please check the name used for seccomp'.format(name))
    return


def main():
    parser = argparse.ArgumentParser(
      description='check whehter name is legal used for the seccomp policy shared library')
    parser.add_argument('--vendor-cfg-path', type=str,
                        help=('input vendor cfg path\n'))

    parser.add_argument('--vendor-seccomp-lib-path', type=str,
                        help=('input vendor seccomp cfg path\n'))

    parser.add_argument('--system-cfg-path', type=str,
                        help=('input system cfg path\n'))

    parser.add_argument('--system-seccomp-lib-path', type=str,
                        help='input system seccomp cfg path\n')

    args = parser.parse_args()
    vendor_services_name = collect_cfg_services_name(args.vendor_cfg_path)
    vendor_seccomp_services_name = collect_seccomp_services_name(args.vendor_seccomp_lib_path)
    check_seccomp_services_name(vendor_services_name, vendor_seccomp_services_name)

    system_services_name = collect_cfg_services_name(args.system_cfg_path)
    system_seccomp_services_name = collect_seccomp_services_name(args.system_seccomp_lib_path)
    check_seccomp_services_name(system_services_name, system_seccomp_services_name)


if __name__ == '__main__':
    sys.exit(main())