#! /bin/sh

if [ "$1" = "--version" ]
then
cat << EOF
ccs-loadpolicy 1.8.0

Copyright (C) 2005-2010 NTT DATA CORPORATION.

This program is free software; you may redistribute it under the terms of
the GNU General Public License. This program has absolutely no warranty.
EOF
elif [ "$1" = "--help" ]
then
cat << EOF
Usage: ccs-loadpolicy {-e|-ef|-d|-df|-m|-p|-s} [remote_ip:remote_port]

This program loads TOMOYO Linux's policy from standard input into kernel.

-e  : Append to /proc/ccs/exception_policy .

-ef : Overwrite /proc/ccs/exception_policy .

-d  : Append to /proc/ccs/domain_policy .

-df : Overwrite /proc/ccs/domain_policy .

-m  : Append to /proc/ccs/manager .

-p  : Append to /proc/ccs/profile .

-s  : Append to /proc/ccs/stat .

remote_ip:remote_port : Write to ccs-editpolicy-agent listening at remote_ip:remote_port rather than /proc/ccs/ directory.

Examples:

# echo "acl_group 0 file read /proc/meminfo" | ccs-loadpolicy -e
 Add "file read /proc/meminfo" to acl_group 0.

# echo "delete acl_group 0 file read /proc/meminfo" | ccs-loadpolicy -e
 Remove "file read /proc/meminfo" from acl_group 0.

# ( echo "<kernel>"; echo "file execute /sbin/init" ) | ccs-loadpolicy -d
 Add "file execute /sbin/init" to "<kernel>" domain.

# ccs-loadpolicy -df < /etc/ccs/domain_policy.conf
 Replace currently loaded domain policy with /etc/ccs/domain_policy.conf .

# ccs-loadpolicy -d < /etc/ccs/domain_policy.conf
 Append /etc/ccs/domain_policy.conf into currently loaded domain policy.

# ccs-loadpolicy -d 192.168.1.1:10000 < /etc/ccs/192.168.1.1/domain_policy.conf
 Append /etc/ccs/192.168.1.1/domain_policy.conf to 192.168.11.1:10000 .

# echo "delete /usr/sbin/ccs-queryd" | ccs-loadpolicy -m
 Remove "/usr/sbin/ccs-queryd" from /proc/ccs/manager

EOF
else
cat << EOF | help2man -i - -N -s 8 -n "Load TOMOYO Linux's policy manually" $0 | gzip -9 > man8/ccs-loadpolicy.8.gz
[SEE ALSO]

 ccs-init (8)
 ccs-editpolicy-agent (8)

[NOTES]

 You need to register either path to this program ( /usr/sbin/ccs-loadpolicy ) or a domain for this program in /proc/ccs/manager before invoking this program.

[AUTHORS]

 penguin-kernel _at_ I-love.SAKURA.ne.jp

EOF
fi
exit 0
