aba7ab1
#include <stdio.h>
aba7ab1
#include <stdlib.h>
aba7ab1
#include <string.h>
aba7ab1
#include <stdint.h>
aba7ab1
#include <errno.h>
aba7ab1
#include <selinux/selinux.h>
aba7ab1
#include <selinux/avc.h>
aba7ab1
#include <selinux/label.h>
aba7ab1
aba7ab1
int validate_counter = 0;
aba7ab1
aba7ab1
int my_log(int type, const char *fmt, ...) {
aba7ab1
    printf("function my_log, type: %d, fmt: %s\n", type, fmt);
aba7ab1
    return 0;
aba7ab1
}
aba7ab1
aba7ab1
int my_audit(void *auditdata, security_class_t cls, char *msgbuf, size_t msgbufsize) {
aba7ab1
    printf("function my_audit, auditdata: %p, cls: %u, msgbuf: %s, msgbufsize: %lu\n", auditdata, cls, msgbuf, msgbufsize);
aba7ab1
    return 0;
aba7ab1
}
aba7ab1
aba7ab1
int my_validate(char **ctx) {
aba7ab1
    if (validate_counter++ == 0)
aba7ab1
        printf("function my_validate, ctx: %p\n", (void *) ctx);
aba7ab1
aba7ab1
    return 0;
aba7ab1
}
aba7ab1
aba7ab1
int my_setenforce(int enforcing) {
aba7ab1
    printf("function my_setenforce, enforcing: %d\n", enforcing);
aba7ab1
    return 0;
aba7ab1
}
aba7ab1
aba7ab1
int my_policyload(int seqno) {
aba7ab1
    printf("function my_policyload, seqno: %d\n", seqno);
aba7ab1
    return 0;
aba7ab1
}
aba7ab1
aba7ab1
int main (int argc, char **argv) {
aba7ab1
    int exit_code = 0;
aba7ab1
aba7ab1
    // LOG
aba7ab1
    printf("setting LOG callback\n");
aba7ab1
    selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) my_log);
aba7ab1
    
aba7ab1
    if (selinux_get_callback(SELINUX_CB_LOG).func_log != my_log) {
aba7ab1
        printf("ERROR: selinux_get_callback() does not match\n");
aba7ab1
        exit_code = 1;
aba7ab1
    }
aba7ab1
aba7ab1
    // AUDIT
aba7ab1
    printf("setting AUDIT callback\n");
aba7ab1
    selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback) my_audit);
aba7ab1
    
aba7ab1
    if (selinux_get_callback(SELINUX_CB_AUDIT).func_audit != my_audit) {
aba7ab1
        printf("ERROR: selinux_get_callback() does not match\n");
aba7ab1
        exit_code = 1;
aba7ab1
    }
aba7ab1
aba7ab1
    printf("calling avc_audit to call audit and log functions\n");
aba7ab1
    
aba7ab1
    avc_init("", NULL, NULL, NULL, NULL);
aba7ab1
    
aba7ab1
    struct security_id ssid = { "asdf", 5 };
aba7ab1
    struct security_id tsid = { "asdf", 5 };
aba7ab1
    struct av_decision avd = { 1, 0, 1, 0, 0, 0 };
aba7ab1
aba7ab1
    avc_audit(&ssid, &tsid, 0, 1, &avd, 0, NULL);
aba7ab1
aba7ab1
    // VALIDATE
aba7ab1
    printf("setting VALIDATE callback\n");
aba7ab1
    selinux_set_callback(SELINUX_CB_VALIDATE, (union selinux_callback) my_validate);
aba7ab1
    
aba7ab1
    if (selinux_get_callback(SELINUX_CB_VALIDATE).func_validate != my_validate) {
aba7ab1
        printf("ERROR: selinux_get_callback() does not match\n");
aba7ab1
        exit_code = 1;
aba7ab1
    }
aba7ab1
aba7ab1
    struct selabel_handle *hnd = NULL;
aba7ab1
    struct selinux_opt selabel_option [] = {
aba7ab1
        { SELABEL_OPT_VALIDATE, (char *) 1 }
aba7ab1
    };
aba7ab1
aba7ab1
    hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 1);
aba7ab1
    selabel_close(hnd);
aba7ab1
    
aba7ab1
    // SETENFORCE
aba7ab1
    printf("setting SETENFORCE callback\n");
aba7ab1
    selinux_set_callback(SELINUX_CB_SETENFORCE, (union selinux_callback) my_setenforce);
aba7ab1
    
aba7ab1
    if (selinux_get_callback(SELINUX_CB_SETENFORCE).func_setenforce != my_setenforce) {
aba7ab1
        printf("ERROR: selinux_get_callback() does not match\n");
aba7ab1
        exit_code = 1;
aba7ab1
    }
aba7ab1
aba7ab1
    int enforcing = security_getenforce();
aba7ab1
aba7ab1
    printf("calling security_setenforce to call setenforce function\n");
aba7ab1
aba7ab1
    if (enforcing == 1) {
aba7ab1
        security_setenforce(0);
aba7ab1
        security_setenforce(1);
aba7ab1
    }
aba7ab1
    else {
aba7ab1
        security_setenforce(1);
aba7ab1
        security_setenforce(0);
aba7ab1
    }
aba7ab1
aba7ab1
    // triggers callbacks
aba7ab1
    avc_has_perm_noaudit(&ssid, &tsid, 0, 1, NULL, &avd);
aba7ab1
    
aba7ab1
    // POLICYLOAD
aba7ab1
    printf("setting POLICYLOAD callback\n");
aba7ab1
    selinux_set_callback(SELINUX_CB_POLICYLOAD, (union selinux_callback) my_policyload);
aba7ab1
    
aba7ab1
    if (selinux_get_callback(SELINUX_CB_POLICYLOAD).func_policyload != my_policyload) {
aba7ab1
        printf("ERROR: selinux_get_callback() does not match\n");
aba7ab1
        exit_code = 1;
aba7ab1
    }
aba7ab1
aba7ab1
    selinux_mkload_policy(1);
aba7ab1
aba7ab1
    // triggers callbacks
aba7ab1
    avc_has_perm_noaudit(&ssid, &tsid, 0, 1, NULL, &avd);
aba7ab1
aba7ab1
    return exit_code;
aba7ab1
}