#!/bin/bash
sysmaxlev=3
sysmaxilev=`cat /sys/module/parsec/parameters/max_ilev`
sysmaxcat=0xffffffffffffffff
sysmaxlbl="$sysmaxlev:$sysmaxilev:$sysmaxcat"
confmaxlbl="$sysmaxlev:0:$sysmaxcat"
hexmaxilev=`printf %x $sysmaxilev`
# Analyze command line options
if [ $# -gt 0 ]; then
    while [ -n "$1" ]; do
        case "$1" in
            "--after-test")
            /usr/sbin/pdpl-file "0:0:0:0" /tmp
            /usr/sbin/pdpl-file "$sysmaxlbl:CCNRA" /
            exit 1
            ;;
        esac
        shift
    done
fi
/usr/sbin/pdpl-file "$sysmaxlbl:CCNRA" /
/usr/sbin/pdpl-file "$sysmaxlbl:CCNRA" /dev
/usr/sbin/pdpl-file "$sysmaxlbl"       /dev/sd*
/usr/sbin/pdpl-file "$sysmaxlbl"       /dev/hd* 2>/dev/null
/usr/sbin/pdpl-file "$sysmaxlbl"       /dev/vd* 2>/dev/null
/usr/sbin/pdpl-file "$sysmaxlbl"       /dev/xvd*  2>/dev/null
/usr/sbin/pdpl-file "$sysmaxlbl"       /dev/dm*  2>/dev/null
/usr/sbin/pdpl-file -R "$sysmaxlbl:CCNRA" /dev/mapper
/usr/sbin/pdpl-file "$sysmaxlbl"       /dev/mmc*  2>/dev/null
/usr/sbin/pdpl-file "$sysmaxlbl"       /dev/mtdblock* 2>/dev/null
/usr/sbin/pdpl-file "$sysmaxlbl"       /dev/nvme* 2>/dev/null
/usr/sbin/pdpl-file -R "$sysmaxlbl:CCNRA" /dev/input
/usr/sbin/pdpl-file -R "$sysmaxlbl"       /dev/input

[ -e /dev/vboxuser ] &&
/usr/sbin/pdpl-file "0:0:0:ehole"    /dev/vboxuser
[ -e /dev/vboxguest ] &&
/usr/sbin/pdpl-file "0:0:0:ehole"    /dev/vboxguest

/usr/sbin/pdpl-file "0:0:0:0"          /tmp
/usr/sbin/pdpl-file "$sysmaxlbl:CCNRA" /run/
/usr/sbin/pdpl-file "$confmaxlbl:ccnr" /run/private/
/usr/sbin/pdpl-file "$confmaxlbl:ccnr" /run/private/shm/
/usr/sbin/pdpl-file "$confmaxlbl:ccnr" /run/private/mount/
/usr/sbin/pdpl-file "$confmaxlbl:ccnr" /run/user/
/usr/sbin/pdpl-file "$confmaxlbl:ccnr" /run/user/private/
/usr/sbin/pdpl-file "$confmaxlbl:ccnr" /var/
/usr/sbin/pdpl-file "$confmaxlbl:ccnr" /var/spool/
/usr/sbin/pdpl-file "$confmaxlbl:ccnr" /var/mail/
/usr/sbin/pdpl-file "$confmaxlbl:ccnr" /var/private/
/usr/sbin/pdpl-file "$confmaxlbl:ccnr" /var/private/*
/usr/sbin/pdpl-file ":$sysmaxilev" /sys
/usr/sbin/pdpl-file ":$sysmaxilev" /sys/digsig
/usr/sbin/pdpl-file ":$sysmaxilev" /sys/digsig/keys
/usr/sbin/pdpl-file ":$sysmaxilev" /sys/digsig/xattr_keys

/usr/sbin/pdpl-file "$sysmaxlbl:CCNRA" /home/
/usr/sbin/pdpl-file "$sysmaxlbl:CCNRA" /home/.pdp/
find /dev/dri     -type c -exec /usr/sbin/pdpl-file "0:0:0:ehole" {} \;
find /dev/nvidia* -type c -exec /usr/sbin/pdpl-file "0:0:0:ehole" {} \; 2>/dev/null

mkdir -p /var/run/xauth
pdpl-file 0:8:0:0 /var/run/xauth

mkdir -p /var/run/xrdp
pdpl-file 0:0:0:0 /var/run/xrdp

for admin in `getent group astra-admin | gawk -F: '{print $4}' | gawk '{gsub(","," ")}1'` ; do
	if [ -d /home/${admin} ] && grep -q "^.*:$hexmaxilev$" /etc/parsec/micdb/`id -u $admin` 2>/dev/null ; then
		pdpl-file "0:$sysmaxilev:0:0" /home/${admin}
	fi
done

/usr/sbin/setfaud -Rm o:cyu /etc/digsig
/usr/sbin/setfaud -Rm o:cyu /etc/parsec

/usr/sbin/setfaud -dm o:cyu /etc/digsig
/usr/sbin/setfaud -dm o:cyu /etc/parsec
/usr/sbin/setfaud -dm o:cyu /etc/parsec/auddb
/usr/sbin/setfaud -dm o:cyu /etc/parsec/capdb
/usr/sbin/setfaud -dm o:cyu /etc/parsec/macdb
/usr/sbin/setfaud -dm o:cyu /etc/parsec/micdb
chmod 0400 /proc/sched_debug || true
