#!/bin/sh

PREREQ="3adm_disable"

prereqs()
{
	echo "$PREREQ"
}

case $1 in
	prereqs)
		prereqs
		exit 0
		;;
esac

#. /scripts/functions
#. /scripts/security-functions
#
#clear
#
#kysec_tmp=${rootmnt}/etc/kysec/tmp
#
#if [ -d "$kysec_tmp" ]; then
#	chmod 1777 $kysec_tmp
#else
#	mkdir -p -m 1777 $kysec_tmp
#fi
#
#securityfs_mnt=/sys/kernel/security
#kysec_status_path="$securityfs_mnt/ksaf/status"
#kysec_version_path="$securityfs_mnt/kysec/version"
#kysec_status=0
#
#if [ -e "$kysec_status_path" ]; then
#	kysec_status=$(cat "$kysec_status_path")
#fi
#
#if [ "$kysec_status" -eq 0 ]; then
#	echo "$kysec_status" > $kysec_tmp/.status
#	exit 0
#fi
#
#set_kysec_status()
#{
#	echo $1 > $kysec_status_path
#}
#
#export exectl=
#export relabel_flag=
#
#relabel_file=${rootmnt}/.exectl
#kysec_whlist_db=${rootmnt}/etc/kysec/db/whlist.db
#
## 该文件为一个标志文件,是否将文件记录到kid资源数据库中
## 若该文件不存在,则全局打标的时候(relabel_status =0 )将资源记录到kid资源数据库中,
## 反之,则不记录.
#label_inited=${rootmnt}/etc/kysec/tmp/.label_inited
#
#get_relabel_flag()
#{
#	for x in $(cat /proc/cmdline); do
#		case $x in
#		exectl=*)
#			exectl=${x#exectl=}
#			;;
#		esac
#	done
#
#	if [ -f "$relabel_file" -o "x${exectl}" = "x1" ]; then
#		relabel_flag=$(sqlite3 "$kysec_whlist_db" "select * from relabel_status;")
#	fi
#
#	if [ -f $kysec_tmp/.status ]; then
#		if [ "x$relabel_flag" != "x0" -a $(cat "$kysec_tmp/.status") -eq 0 -a 0 -ne $kysec_status ]; then
#			sqlite3 $kysec_whlist_db 'update relabel_status set relabel=2';
#			relabel_flag=2
#		fi
#	fi
#
#	local support_version="5.0"
#	local current_version=$(cat "$kysec_version_path")
#
#	if [ "x$relabel_flag" != "x0" ]; then
#		if [ ! -e "$kysec_tmp/.version" ]; then
#			[ "$current_version" \> "$support_version" -o "$current_version" = "$support_version" ] && relabel_flag=0
#		else
#			if [ "$(cat "$kysec_tmp/.version")" \> "$support_version" -o "$(cat "$kysec_tmp/.version")" = "$support_version" ]; then
#				[ "$current_version" \< "$support_version" ] && relabel_flag=0
#			elif [ "$(cat "$kysec_tmp/.version")" \< "$support_version" ]; then
#				[ "$current_version" \> "$support_version"  -o "$current_version" = "$support_version" ] && relabel_flag=0
#			fi
#		fi
#		[ "x$relabel_flag" = "x0" ] && sqlite3 $kysec_whlist_db 'update relabel_status set relabel=0';
#	fi
#
#	echo "$current_version" > $kysec_tmp/.version
#}
#
##get_relabel_flag
#
#priv_kid_sql_file="$kysec_tmp/priv_kid.sql"
#
#update_user_priv_kid()
#{
#	echo -n > "$priv_kid_sql_file"
#
#	if [ -d "${rootmnt}/home" ]; then
#		for dir in "${rootmnt}"/home/*
#		do
#			user=$(echo "${rootmnt}" | sed 's#\/#\\\/#g')
#			user=$(echo "$dir" | sed 's/^'${user}'//g')
#			echo "INSERT INTO \"v_kid_res\" (KID, ResourceType, Resource) VALUES (999, 2, "\'$user\'");" >> "$priv_kid_sql_file"
#		done
#	fi
#
#	sqlite3 "$kysec_whlist_db" < "$priv_kid_sql_file"
#	sync
#}
#
#update_skel_priv_kid()
#{
#	echo -n > "$priv_kid_sql_file"
#
#	. "${rootmnt}/etc/adduser.conf"
#
#	for tmp in "${rootmnt}$SKEL"/*
#	do
#		dir_tmp=$(echo "${rootmnt}" | sed 's#\/#\\\/#g')
#		dir=$(echo "$tmp" | sed 's/^'${dir_tmp}'//g')
#		echo "INSERT INTO \"v_kid_res\" (KID, ResourceType, Resource) VALUES (10000+0x1000000, 2, "\'$dir\'");" >> "$priv_kid_sql_file"
#	done
#
#	sqlite3 "$kysec_whlist_db" < "$priv_kid_sql_file"
#	sync
#}
#
#. ${rootmnt}/etc/default/locale
#
## 根据安装系统选择的语言设置，选择要显示的语言
## $1 为简体中文
## $2 为繁体中文
## $3 为藏文
## $4 为蒙古文
## $5 为英文
## 非以上语言环境默认显示简体中文
#translate_message()
#{
#	case "$LANG" in
#		zh_CN.*)
#			echo "$1"
#		;;
#		zh_HK.*)
#			echo "$2"
#		;;
#		bo_CN.*)
#			echo "$3"
#		;;
#		mn_MN.*)
#			echo "$4"
#		;;
#		en_US.*)
#			echo "$5"
#		;;
#		*)
#			echo "$1"
#		;;
#	esac
#}
#
#kysec_init=/usr/sbin/kysec-init
#
#relabel_system_for_whlist()
#{
#	local zh_CN_msg="正在扫描文件系统……"
#	local zh_HK_msg="正在掃描文件系統……"
#	local bo_CN_msg="ཡིག་ཆའི་མ་ལག "
#	local mn_MN_msg="ᠶᠠᠭ ᠹᠠᠶᠢᠯ ᠤᠨ ᠰᠢᠰᠲ᠋ᠡᠮ ᠢ ᠰᠢᠷᠪᠢᠵᠦ ᠪᠠᠶᠢᠨ᠎ᠠ ᠁"
#	local en_CN_msg="Scanning file systems ..."
#	local msg="$(translate_message "$zh_CN_msg" "$zh_HK_msg" "$bo_CN_msg" "$mn_MN_msg" "$en_CN_msg")"
#	show_message "$msg"
#
#	rm -rf $kysec_tmp/*
#
#	find ${rootmnt} -depth -maxdepth 1 \( -path ${rootmnt}/proc -o -path ${rootmnt}/run -o -path ${rootmnt}/sys -o -path ${rootmnt}/dev -o -path ${rootmnt}/tmp -o -path ${rootmnt}/cdrom -o -path ${rootmnt}/media -o -path ${rootmnt}/mnt -o -path ${rootmnt}/box -o -path ${rootmnt}/backup -o -path ${rootmnt}/data -o -path ${rootmnt}/lost+found -o -path ${rootmnt} \) -prune -o -print 1>$kysec_tmp/scanf
#	cat $kysec_tmp/scanf | xargs -i -P $(nproc) find {} \( -type f -o -type l \) -print 1>>$kysec_tmp/scan
#	local new=$(echo ${rootmnt} | sed 's#\/#\\\/#g')
#	sed -i 's/^'${new}'//g' $kysec_tmp/scan
#	split -l 3333 $kysec_tmp/scan -d -a 4 scan_
#	mv scan_* $kysec_tmp
#
#	if [ "x$relabel_flag" = "x0" ]; then
#		zh_CN_msg="正在初始化系统KySec安全标记，请稍候……"
#		zh_HK_msg="正在初始化系統KySec安全標記，請稍候……"
#		bo_CN_msg="ཐོག་མར་འགྱུར་བཞིན་པའི་མ་ལགKySecབདེ་འཇགས་མཚོན་རྟགས།ཅུང་ཙམ་སྒུག་རོགས།"
#		mn_MN_msg="ᠶᠠᠭ ᠰᠢᠰᠲ᠋ᠧᠮ KySec ᠠᠶᠤᠯᠭᠦᠢ ᠲᠡᠮᠳᠡᠭ ᠢ᠋ ᠠᠩᠬᠠᠵᠢᠭᠤᠯᠵᠤ ᠪᠠᠢᠨ᠎ᠠ ᠂ ᠲᠦᠷ ᠬᠦᠯᠢᠶᠡᠭᠡᠷᠡᠢ ᠁"
#		en_CN_msg="Initializing system KySec security labels, please wait ..."
#		msg="$(translate_message "$zh_CN_msg" "$zh_HK_msg" "$bo_CN_msg" "$mn_MN_msg" "$en_CN_msg")"
#		show_message "$msg"
#		cat $kysec_tmp/scanf | xargs -i -P $(nproc) ${kysec_init} --rootmnt ${rootmnt} --with-old --set-xattr {}
#		${kysec_init} --rootmnt ${rootmnt} --with-old --set-special
#		${kysec_init} --rootmnt ${rootmnt} --init-kid-db  # 将scan_*包含的文件内容记录到kid资源表中,默认类别为9999 系统类
#	elif [ "x$relabel_flag" = "x2" ]; then
#		zh_CN_msg="正在初始化系统执行控制安全标记，请稍候……"
#		zh_HK_msg="正在初始化系統執行控制安全標記，請稍候……"
#		bo_CN_msg="ཐོག་མར་ཅན་གྱི་མ་ལག་གིས་བདེ་འཇགས་བརྡ་རྟགས་ལག་བསྟར་བྱེད་བཞིན་ཡོད།ཅུང་ཙམ་སྒུག་རོགས།"
#		mn_MN_msg="ᠶᠠᠭ ᠰᠢᠰᠲ᠋ᠡᠮ ᠤᠨ ᠭᠦᠢᠴᠡᠳᠬᠡᠬᠦ ᠡᠵᠡᠮᠰᠢᠯ ᠤᠨ ᠠᠶᠤᠯᠭᠦᠢ ᠶᠢᠨ ᠲᠡᠮᠳᠡᠭ ᠢ ᠠᠩᠬᠠᠵᠢᠭᠤᠯᠵᠤ ᠪᠠᠶᠢᠨ᠎ᠠ ᠲᠦᠷ ᠬᠦᠯᠢᠶᠡᠭᠡᠷᠡᠢ ᠁"
#		en_CN_msg="Initializing system execution control security labels, please wait ..."
#		msg="$(translate_message "$zh_CN_msg" "$zh_HK_msg" "$bo_CN_msg" "$mn_MN_msg" "$en_CN_msg")"
#		show_message "$msg"
#		cat $kysec_tmp/scanf | xargs -i -P $(nproc) ${kysec_init} --relabel-exectl --set-xattr {}
#		${kysec_init} --rootmnt ${rootmnt} --relabel-exectl --set-special
#	fi
#
#	zh_CN_msg="正在初始化系统完整性控制安全标记，请稍候……"
#	zh_HK_msg="正在初始化系統完整性控制安全標記，請稍候……"
#	bo_CN_msg="ཐོག་མ་ཅན་གྱི་རྒྱུད་ཁོངས་ཆ་ཚང་རང་བཞིན་གྱི་ཚོད་འཛིན་བདེ་འཇགས་རྟགས་མཚན་བྱེད་བཞིན་ཡོད།ཅུང་ཙམ་སྒུག་རོགས།"
#	mn_MN_msg="ᠶᠠᠭ ᠰᠢᠰᠲ᠋ᠡᠮ ᠦᠨ ᠪᠦᠷᠢᠨ ᠪᠦᠲᠦᠨ ᠴᠢᠨᠠᠷ ᠲᠠᠢ ᠠᠮᠤᠷ ᠲᠦᠪᠰᠢᠨ ᠤ ᠲᠡᠮᠳᠡᠭ ᠢ ᠠᠩᠬᠠᠵᠢᠭᠤᠯᠵᠤ ᠪᠠᠶᠢᠨ᠎ᠠ ᠲᠦᠷ ᠬᠦᠯᠢᠶᠡᠭᠡᠷᠡᠢ ᠁"
#	en_CN_msg="Initializing the System Integrity Control security labels, please wait ..."
#	msg="$(translate_message "$zh_CN_msg" "$zh_HK_msg" "$bo_CN_msg" "$mn_MN_msg" "$en_CN_msg")"
#	show_message "$msg"
#
#	update_user_priv_kid
#	update_skel_priv_kid
#	${kysec_init} --rootmnt ${rootmnt} --set-kid --set-netid
#}
#
#do_remount()
#{
#	local old_value=$kysec_status
#
#	mount -o remount,rw ${ROOT} ${rootmnt}
#
#	[ 0 -ne "$kysec_status" ] && set_kysec_status 4
#
#	mount -t proc -o nodev,noexec,nosuid proc "$rootmnt/proc"
#	mount -t sysfs -o nodev,noexec,nosuid sys "$rootmnt/sys"
#	mount -t devtmpfs udev "$rootmnt/dev"
#
#	chroot "${rootmnt}" /bin/mount -a
#
#	if [ "$1" = "all" ]; then
#		relabel_system_for_whlist
#	fi
#
#	[ 0 -ne "$kysec_status" ] && set_kysec_status $old_value
#
#	umount "$rootmnt/dev"
#	umount "$rootmnt/sys"
#	umount "$rootmnt/proc"
#}
#
#do_relabel()
#{
#	# disable kernel messages temporarily
#	local level=`cat /proc/sys/kernel/printk | awk '{print $1}'`
#	local zh_CN_msg="文件系统KySec安全标记需要重新初始化"
#	local zh_HK_msg="文件系統KySec安全標記需要重新初始化"
#	local bo_CN_msg="ཡིག་ཆའི་རྒྱད་ཁོངས་KySecབདེ་འཇགས་རྟགས་མཚན་ཡང་བསྐྱར་ཐོག་མའི་རྣམ་པ་།"
#	local mn_MN_msg="ᠹᠠᠢᠯ ᠤ᠋ᠨ ᠱᠢᠰᠲ᠋ᠧᠮ ᠦ᠋ᠨ KySec ᠠᠶᠤᠯᠭᠦᠢ ᠲᠡᠮᠳᠡᠭ ᠳᠠᠬᠢᠨ ᠠᠩᠬᠠᠵᠢᠭᠤᠯᠬᠤ ᠬᠡᠷᠡᠭᠲᠡᠢ"
#	local en_CN_msg="The file system KySec security labels needs to be reinitialized"
#	local msg="$(translate_message "$zh_CN_msg" "$zh_HK_msg" "$bo_CN_msg" "$mn_MN_msg" "$en_CN_msg")"
#	show_message "$msg"
#	echo 1 > /proc/sys/kernel/printk
#
#	do_remount all
#
#	echo 1 > ${label_inited}
#	# enable kernel messages
#	echo "$level" > /proc/sys/kernel/printk
#	clear_message
#}

# if [ -n "$relabel_flag" ];then
# 	if [ "x$relabel_flag" = "x0" -o "x$relabel_flag" = "x2" ]; then
# 		do_relabel
# 	elif [ "x$relabel_flag" = "x1" ]; then
# 		rm -f $relabel_file
# 	fi
# 	echo "$kysec_status" > $kysec_tmp/.status
# fi


# [ -e ${rootmnt}/etc/console-setup/cached_setup_keyboard.sh ] && \
# 	${kysec_init} --set-exectl ${rootmnt}/etc/console-setup/cached_setup_keyboard.sh

# [ -e ${rootmnt}/usr/bin/mount ] && \
# 	${kysec_init} --set-exectl ${rootmnt}/usr/bin/mount

#clear
