#!/usr/bin/bash
#
# This test works by reading in each bz* file and then looping through
# line by line. The assumption is that bz* is a list of type=AVC audit
# messages.
#
# The other assumption is that you have the openstack-selinux policies
# loaded.
#

export LANG=C

TMP=$(mktemp /tmp/openstack-selinux-test.XXXXXX)
rm -f $TMP
mkdir -p $TMP

PWD=$(pwd)
cd "$(dirname $0)"

TEST_FILES=$(/bin/ls -1 bz* lp* osprh*)
TEST_INPUT=$TMP/input
TEST_OUTPUT=$TMP/output
TEST_FAIL=$TMP/failed_tests
TEST_FAIL_INFO=$TMP/failed_info

passed=0
failed=0

rm -f $TEST_INPUT
touch $TEST_INPUT
for f in $TEST_FILES; do
	grep '^type=\(USER_\)\?AVC' $f >> $TEST_INPUT
done

totalAVC=$(wc -l $TEST_INPUT)
audit2why -i $TEST_INPUT > $TEST_OUTPUT

cat > $TMP/check.awk << EOT
BEGIN {
	working = 0
	last_line = ""
}

/^type=AVC/ {
	if (working == 1) {
		print last_line
		last_line = ""
		working = 0
	}
	working = 1
	last_line=\$0
}

/Unknown -/ {
	working = 0
	last_line = ""
}

END {
	if (working == 1) {
		working = 0
		print last_line
	}
}
EOT

awk -f $TMP/check.awk $TEST_OUTPUT > $TEST_FAIL

while read; do
	((failed++))
	grep -n "$REPLY" $TEST_FILES
	# echo "$REPLY" | audit2why | grep -v '$REPLY'
done < $TEST_FAIL

if [ $failed -ne 0 ]; then
	audit2why -i $TEST_FAIL > $TEST_FAIL_INFO
fi

cd "$PWD"

echo Results: ${totalAVC/ */} total, $failed failed
echo -n "Overall result: "
if [ $failed -ne 0 ]; then
	echo FAIL
	echo Check $TEST_FAIL_INFO for more information
	exit 1
fi

rm -rf $TMP

echo PASS
exit 0
