#!/bin/sh

kysec_tmp=/etc/kysec/tmp
kysec_whlist_db=/etc/kysec/db/whlist.db
kysec_init=/usr/sbin/kysec-init
kysec_dinit=/usr/sbin/kysec-dinit

relabel_flag=$(sqlite3 $kysec_whlist_db "select * from relabel_status;")

relabel_system_for_whlist()
{
	if [ ! -z "$(find $kysec_tmp -name "scan_*")" ];	then
		task_count=$(nproc)
		task_count=$(($task_count - 2))
		[ $task_count -le 0 ] && task_count=1

		echo "正在分析扫描结果..."
		ls $kysec_tmp/scan_* | xargs -i -P $task_count ${kysec_init} -o $kysec_tmp --scan {}

		echo "正在初始化白名单..."
		cat $kysec_tmp/list_* > $kysec_tmp/list_all
		if [ "x$relabel_flag" = "x0" ]; then
			sqlite3 "$kysec_whlist_db" 'delete from objects_list';
			${kysec_init} --init-whlist $kysec_tmp/list_all 2>/dev/null
		elif [ "x$relabel_flag" = "x2" ]; then
			sqlite3 "$kysec_whlist_db" 'delete from exectl_whlist';
			${kysec_init} --relabel-exectl --init-whlist $kysec_tmp/list_all 2>/dev/null
		fi
		rm -rf $kysec_tmp/*
		rm -rf /.exectl
		sync
		echo "白名单初始化完成"
	fi

	echo "正在初始化外设管控列表..."
	cat /sys/kernel/security/kysec/device_info
        ${kysec_dinit} --init-devctl
        echo "外设管控列表初始化完成"

}

if [ "x$relabel_flag" = "x0" -o "x$relabel_flag" = "x2" ]; then
	relabel_system_for_whlist
fi
