#!/usr/bin/env python3
# Copyright 2020 Microsoft Corporation
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with SETools.  If not, see <http://www.gnu.org/licenses/>.
#

import setools
import argparse
import sys
import logging
import signal

signal.signal(signal.SIGPIPE, signal.SIG_DFL)

parser = argparse.ArgumentParser(description="SELinux policy checker tool.")
parser.add_argument("--version", action="version", version=setools.__version__)
parser.add_argument("config", help="Path to the checker configuration file.")
parser.add_argument("policy", help="Path to the SELinux policy to check.", nargs="?")
parser.add_argument("-o", "--output_file", help="Path to log output.", required=False)
parser.add_argument("-v", "--verbose", action="store_true",
                    help="Print extra informational messages")
parser.add_argument("--debug", action="store_true", dest="debug", help="Enable debugging.")

args = parser.parse_args()

if args.debug:
    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
elif args.verbose:
    logging.basicConfig(level=logging.INFO, format='%(message)s')
else:
    logging.basicConfig(level=logging.WARNING, format='%(message)s')

try:
    p = setools.SELinuxPolicy(args.policy)
    c = setools.PolicyChecker(p, args.config)

    if args.output_file:
        with open(args.output_file, "w") as fd:
            failures = c.run(output=fd)

    else:
        failures = c.run()

    sys.exit(1 if failures else 0)

except setools.exception.InvalidCheckerConfig as err:
    if args.debug:
        raise
    else:
        print(err)

    sys.exit(2)

except Exception as err:
    if args.debug:
        raise
    else:
        print(err)

    sys.exit(3)