From 2178c5e746fa931655b868a732d01c648a113b77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=B5=B5=E6=B0=91=E5=8B=87?= <zhaominyong@kylinos.cn>
Date: Thu, 29 Sep 2022 17:35:27 +0800
Subject: [PATCH 1/2] changelog

---
 debian/changelog | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f7d8d28..0777aaa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+yhkylin-backup-tools (4.1.0.0-0k14) v101; urgency=medium
+
+  * BUG 号：138686 【KVE-2022-0805】银河麒麟桌面操作系统V10_com.kylin.backup Dbus服务删除任意文件夹
+  * 需求号: 无
+  * 需求号：无
+  * 其它改动: 无
+  * git commit：ddb38750f603a1f15d910f95cb4be8753b4b5723
+
+ -- zhaominyong <zhaominyong@kylinos.cn>  Thu, 29 Sep 2022 16:22:45 +0800
+
 yhkylin-backup-tools (4.1.0.0-0k13.2) v101; urgency=medium
 
   * BUG 号：无

From c598c069d0ef9f1785f3f8c2ffa0ee3059f053aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=B5=B5=E6=B0=91=E5=8B=87?= <zhaominyong@kylinos.cn>
Date: Fri, 30 Sep 2022 15:13:40 +0800
Subject: [PATCH 2/2] =?UTF-8?q?141716=20=E3=80=90=E6=B1=9F=E8=A5=BF?=
 =?UTF-8?q?=E9=93=B6=E8=A1=8C=E3=80=91=E3=80=90grub=E8=BF=98=E5=8E=9F?=
 =?UTF-8?q?=E3=80=91=E5=9C=A8grub=E7=95=8C=E9=9D=A2=E9=80=89=E6=8B=A9resto?=
 =?UTF-8?q?re-retain-userdata=20mod=E6=A8=A1=E5=BC=8F=E8=BF=98=E5=8E=9F?=
 =?UTF-8?q?=EF=BC=8C=E8=BF=98=E5=8E=9F=E4=B9=8B=E5=90=8E=E7=B3=BB=E7=BB=9F?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E5=8F=98=E4=B8=BAOEM?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backup-daemon/data/backup-auto-efi | 68 ++++++++++++++++++++----------
 1 file changed, 45 insertions(+), 23 deletions(-)

diff --git a/backup-daemon/data/backup-auto-efi b/backup-daemon/data/backup-auto-efi
index b04c007..55dbcdb 100755
--- a/backup-daemon/data/backup-auto-efi
+++ b/backup-daemon/data/backup-auto-efi
@@ -594,17 +594,17 @@ generateExcludeFile() {
     #echo "/data/*" >>$EXCLUDEFILE   #用户可以把数据放到该分区或者目录
 
     #是否覆盖备份还原工具自身，因为grub备份还原使用的工具是initrd.img里面的东西，故不存在时可以还原备份还原工具本身(例如工具被删除的场景)
-    if [ $backupOrRestore -eq 1 ]; then
-      bFileExists "/usr/bin/backup-daemon"
-      bFileExists "/usr/bin/kybackup"
-      bFileExists "/usr/bin/backup-auto"
-      bFileExists "/usr/bin/mount_fstab_efi"
-      bFileExists "/usr/bin/backup-auto-efi"
-      bFileExists "/usr/bin/rsync"
-      bFileExists "/usr/share/rsync"
-      bFileExists "/usr/share/initramfs-tools/hooks/kybackup-hooks"
-      bFileExists "/usr/share/initramfs-tools/scripts/local-bottom/kybackup"
-    fi
+    #if [ $backupOrRestore -eq 1 ]; then
+    #  bFileExists "/usr/bin/backup-daemon"
+    #  bFileExists "/usr/bin/kybackup"
+    #  bFileExists "/usr/bin/backup-auto"
+    #  bFileExists "/usr/bin/mount_fstab_efi"
+    #  bFileExists "/usr/bin/backup-auto-efi"
+    #  bFileExists "/usr/bin/rsync"
+    #  bFileExists "/usr/share/rsync"
+    #  bFileExists "/usr/share/initramfs-tools/hooks/kybackup-hooks"
+    #  bFileExists "/usr/share/initramfs-tools/scripts/local-bottom/kybackup"
+    #fi
 
     # 安全模块会将文件/usr/share/kysec-utils/data/readonly_list中的文件列表限制只读，无法修改、备份（包含扩展属性时）、删除等
     # 现在里面仅有/etc/uid_list，先暂时排除掉；等后续安全模块有其它保护方案后再进一步修改
@@ -1050,7 +1050,7 @@ restoreAuto() { #还原
     fi
 
     #0:backup 1:restore
-    generateExcludeFile 1
+    #generateExcludeFile 1
     echo "Begin to restore efi directory..." >>$PLOGFILE
     echo "Begin to restore efi directory..."
     #额外排除目录或文件
@@ -1076,13 +1076,27 @@ restoreAuto() { #还原
     #保留用户数据还原
     if [[ x${m_isRetainUserData} = x"true" ]]; then
        # 用户数据目录或文件
-       bFileExists "/var/lib/biometric-auth"
-       bFileExists "/data/sec_storage_data"
-       bFileExists "/etc/passwd"
-       bFileExists "/etc/shadow"
-       bFileExists "/etc/group"
-       bFileExists "/etc/gshadow"
-       bFileExists "/etc/sudoers"
+       if [ -e "${rootpath}/var/lib/biometric-auth" ]; then
+	   excludes="${excludes} --exclude=/var/lib/biometric-auth"
+       fi
+       if [ -e "${rootpath}/data/sec_storage_data" ]; then
+           excludes="${excludes} --exclude=/data/sec_storage_data"
+       fi
+       if [ -e "${rootpath}/etc/passwd" ]; then
+           excludes="${excludes} --exclude=/etc/passwd"
+       fi
+       if [ -e "${rootpath}/etc/shadow" ]; then
+           excludes="${excludes} --exclude=/etc/shadow"
+       fi
+       if [ -e "${rootpath}/etc/group" ]; then
+           excludes="${excludes} --exclude=/etc/group"
+       fi
+       if [ -e "${rootpath}/etc/gshadow" ]; then
+           excludes="${excludes} --exclude=/etc/gshadow"
+       fi
+       if [ -e "${rootpath}/etc/sudoers" ]; then
+           excludes="${excludes} --exclude=/etc/sudoers"
+       fi
        excludes="${excludes} --exclude=/home --exclude=/root --exclude=/data/home --exclude=/data/root --exclude=/var/lib/AccountsService"
 
        #如果是990，排除/data；否则，排除/data/usershare
@@ -1093,10 +1107,18 @@ restoreAuto() { #还原
        fi
        #如果是出厂备份的还原，还需要保留语言和时区配置
        if [[ ${uuid} = "{${factory_uuid}}" && x${is_990_9a0} != x"true" ]]; then
-	   bFileExists "/etc/localtime"
-	   bFileExists "/usr/share/zoneinfo"
-	   bFileExists "/etc/default/locale"
-	   bFileExists "/usr/share/i18n"
+	   if [ -e "${rootpath}/etc/localtime" ]; then
+               excludes="${excludes} --exclude=/etc/localtime"
+           fi
+	   if [ -e "${rootpath}/usr/share/zoneinfo" ]; then
+               excludes="${excludes} --exclude=/usr/share/zoneinfo"
+           fi
+           if [ -e "${rootpath}/etc/default/locale" ]; then
+               excludes="${excludes} --exclude=/etc/default/locale"
+           fi
+           if [ -e "${rootpath}/usr/share/i18n" ]; then
+               excludes="${excludes} --exclude=/usr/share/i18n"
+           fi
        fi
     fi
     # 兼容以前的老备份数据，后面可以尝试去掉此条件的逻辑