|
 |
036f509 |
#include <stdio.h>
|
|
|
036f509 |
#include <stdlib.h>
|
|
|
036f509 |
#include <string.h>
|
|
|
036f509 |
#include <stdint.h>
|
|
|
036f509 |
#include <errno.h>
|
|
|
036f509 |
#include <selinux/selinux.h>
|
|
|
036f509 |
#include <selinux/label.h>
|
|
|
036f509 |
|
|
|
036f509 |
int main (int argc, char **argv)
|
|
|
036f509 |
{
|
|
|
036f509 |
struct selabel_handle *hnd = NULL;
|
|
|
036f509 |
unsigned int backend = 0;
|
|
|
036f509 |
|
|
|
036f509 |
struct selinux_opt selabel_option [] = {
|
|
|
036f509 |
{ SELABEL_OPT_PATH, NULL },
|
|
|
036f509 |
{ SELABEL_OPT_SUBSET, NULL },
|
|
|
036f509 |
{ SELABEL_OPT_VALIDATE, (char *) 1 },
|
|
|
036f509 |
{ SELABEL_OPT_BASEONLY, (char *) 1 }
|
|
|
036f509 |
};
|
|
|
036f509 |
|
|
|
036f509 |
if (argc < 8) {
|
|
|
036f509 |
fprintf(stderr, "Invalid number of arguments\n");
|
|
|
036f509 |
return 255;
|
|
|
036f509 |
}
|
|
|
036f509 |
|
|
|
036f509 |
// set backend
|
|
|
036f509 |
if (strcmp(argv[1], "CTX_FILE") == 0)
|
|
|
036f509 |
backend = SELABEL_CTX_FILE;
|
|
|
036f509 |
else if (strcmp(argv[1], "CTX_MEDIA") == 0)
|
|
|
036f509 |
backend = SELABEL_CTX_MEDIA;
|
|
|
036f509 |
else if (strcmp(argv[1], "CTX_X") == 0)
|
|
|
036f509 |
backend = SELABEL_CTX_X;
|
|
|
036f509 |
else if (strcmp(argv[1], "CTX_DB") == 0)
|
|
|
036f509 |
backend = SELABEL_CTX_DB;
|
|
|
036f509 |
#ifndef RHEL6
|
|
|
036f509 |
else if (strcmp(argv[1], "CTX_ANDROID_PROP") == 0)
|
|
|
036f509 |
backend = SELABEL_CTX_ANDROID_PROP;
|
|
|
036f509 |
#endif
|
|
|
036f509 |
else
|
|
|
036f509 |
backend = strtoul(argv[1], NULL, 10);
|
|
|
036f509 |
|
|
|
036f509 |
if ((argc == 9) && (strcmp(argv[8], "nohandle") == 0)) {
|
|
|
036f509 |
hnd = NULL;
|
|
|
036f509 |
}
|
|
|
036f509 |
else {
|
|
|
036f509 |
// set file contexts path
|
|
|
036f509 |
if (strcmp(argv[2], "NULL") == 0) {
|
|
|
036f509 |
selabel_option[0].value = NULL;
|
|
|
036f509 |
}
|
|
|
036f509 |
else {
|
|
|
036f509 |
selabel_option[0].value = argv[2];
|
|
|
036f509 |
}
|
|
|
036f509 |
|
|
|
036f509 |
// set subset
|
|
|
036f509 |
if (strcmp(argv[3], "NULL") == 0) {
|
|
|
036f509 |
selabel_option[1].value = NULL;
|
|
|
036f509 |
}
|
|
|
036f509 |
else {
|
|
|
036f509 |
selabel_option[1].value = argv[3];
|
|
|
036f509 |
}
|
|
|
036f509 |
|
|
|
036f509 |
// set validate
|
|
|
036f509 |
if (strcmp(argv[4], "0") == 0) {
|
|
|
036f509 |
selabel_option[2].value = NULL;
|
|
|
036f509 |
}
|
|
|
036f509 |
else {
|
|
|
036f509 |
selabel_option[2].value = (char *) 1;
|
|
|
036f509 |
}
|
|
|
036f509 |
|
|
|
036f509 |
// set baseonly
|
|
|
036f509 |
if (strcmp(argv[5], "0") == 0) {
|
|
|
036f509 |
selabel_option[3].value = NULL;
|
|
|
036f509 |
}
|
|
|
036f509 |
else {
|
|
|
036f509 |
selabel_option[3].value = (char *) 1;
|
|
|
036f509 |
}
|
|
|
036f509 |
|
|
|
036f509 |
printf("selabel_options: ");
|
|
|
036f509 |
printf("SELABEL_OPT_PATH = %s, ", selabel_option[0].value);
|
|
|
036f509 |
printf("SELABEL_OPT_SUBSET = %s, ", selabel_option[1].value);
|
|
|
036f509 |
printf("SELABEL_OPT_VALIDATE = %ld, ", (long int)(intptr_t) selabel_option[2].value);
|
|
|
036f509 |
printf("SELABEL_OPT_BASEONLY = %ld\n", (long int)(intptr_t) selabel_option[3].value);
|
|
|
036f509 |
|
|
|
036f509 |
printf("Executing: selabel_open(SELABEL_%s, &selabel_option, 4)\n", argv[1]);
|
|
|
036f509 |
|
|
|
036f509 |
errno = 0;
|
|
|
036f509 |
|
|
|
036f509 |
if ((hnd = selabel_open(backend, selabel_option, 4)) == NULL) {
|
|
|
036f509 |
perror("selabel_open - ERROR");
|
|
|
036f509 |
return 255;
|
|
|
036f509 |
}
|
|
|
036f509 |
}
|
|
|
036f509 |
|
|
|
036f509 |
int result;
|
|
|
036f509 |
security_context_t selabel_context;
|
|
|
036f509 |
char *path;
|
|
|
036f509 |
|
|
|
036f509 |
if (strcmp(argv[6], "NULL") == 0) {
|
|
|
036f509 |
path = NULL;
|
|
|
036f509 |
}
|
|
|
036f509 |
else {
|
|
|
036f509 |
path = argv[6];
|
|
|
036f509 |
}
|
|
|
036f509 |
|
|
|
036f509 |
// notice the base 8
|
|
|
036f509 |
int mode = strtol(argv[7], NULL, 8);
|
|
|
036f509 |
|
|
|
036f509 |
int alias_cnt = argc-8;
|
|
|
036f509 |
const char **aliases = malloc((alias_cnt + 1)*sizeof(const char *));
|
|
|
036f509 |
|
|
|
036f509 |
if (aliases == NULL)
|
|
|
036f509 |
return 255;
|
|
|
036f509 |
|
|
|
036f509 |
printf("aliases:");
|
|
|
036f509 |
|
|
|
036f509 |
for (int i = 0; i < alias_cnt; i++) {
|
|
|
036f509 |
aliases[i] = argv[8 + i];
|
|
|
036f509 |
printf(" %s", argv[8 + i]);
|
|
|
036f509 |
}
|
|
|
036f509 |
|
|
|
036f509 |
printf("\n");
|
|
|
036f509 |
|
|
|
036f509 |
aliases[alias_cnt] = NULL;
|
|
|
036f509 |
|
|
|
036f509 |
printf("Executing: selabel_lookup_best_match(hnd, &selabel_context, %s, aliases, %d)\n", path, mode);
|
|
|
036f509 |
|
|
|
036f509 |
errno = 0;
|
|
|
036f509 |
int e1 = 0, e2 = 0;
|
|
|
036f509 |
|
|
|
036f509 |
if ((result = selabel_lookup_best_match(hnd, &selabel_context, path, aliases, mode)) == -1) {
|
|
|
036f509 |
e1 = errno;
|
|
|
036f509 |
perror("selabel_lookup_best_match - ERROR");
|
|
|
036f509 |
}
|
|
|
036f509 |
else {
|
|
|
036f509 |
printf("selabel_lookup_best_match context: %s\n", selabel_context);
|
|
|
036f509 |
freecon(selabel_context);
|
|
|
036f509 |
}
|
|
|
036f509 |
|
|
|
036f509 |
printf("Executing: selabel_lookup_best_match_raw(hnd, &selabel_context, %s, aliases, %d)\n", path, mode);
|
|
|
036f509 |
|
|
|
036f509 |
errno = 0;
|
|
|
036f509 |
|
|
|
036f509 |
if ((result = selabel_lookup_best_match_raw(hnd, &selabel_context, path, aliases, mode)) == -1) {
|
|
|
036f509 |
e2 = errno;
|
|
|
036f509 |
perror("selabel_lookup_best_match_raw - ERROR");
|
|
|
036f509 |
}
|
|
|
036f509 |
else {
|
|
|
036f509 |
printf("selabel_lookup_best_match_raw context: %s\n", selabel_context);
|
|
|
036f509 |
freecon(selabel_context);
|
|
|
036f509 |
}
|
|
|
036f509 |
|
|
|
036f509 |
if (hnd != NULL)
|
|
|
036f509 |
selabel_close(hnd);
|
|
|
036f509 |
|
|
|
036f509 |
if (e1 == e2)
|
|
|
036f509 |
return e1;
|
|
|
036f509 |
else
|
|
|
036f509 |
return 255;
|
|
|
036f509 |
}
|