source-git / libselinux

Clone
Source Code
GIT

Files

  1.   3feee02724dd32c496b8ed47782cce3fb03ad8e2
  2.   utils
  3.   selabel_lookup.c
Blob Blame History Raw 
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <getopt.h>
#include <errno.h>
#include <selinux/selinux.h>
#include <selinux/label.h>

static __attribute__ ((__noreturn__)) void usage(const char *progname)
{
	fprintf(stderr,
		"usage: %s -b backend [-v] [-r] -k key [-t type] [-f file]\n\n"
		"Where:\n\t"
		"-b  The backend - \"file\", \"media\", \"x\", \"db\" or "
			"\"prop\"\n\t"
		"-v  Validate entries against loaded policy.\n\t"
		"-r  Use \"raw\" function.\n\t"
		"-k  Lookup key - Depends on backend.\n\t"
		"-t  Lookup type - Optional as depends on backend.\n\t"
		"-f  Optional file containing the specs (defaults to\n\t"
		"    those used by loaded policy).\n\n"
		"Examples:\n\t"
		"%s -v -b file -k /run -t 0\n\t"
		"   lookup with validation against the loaded policy, the\n\t"
		"   \"file\" backend for path \"/run\" with mode = 0\n\t"
		"%s -r -b x -t 4 -k X11:ButtonPress\n\t"
		"   lookup_raw the \"X\" backend for type SELABEL_X_EVENT\n\t"
		"   using key \"X11:ButtonPress\"\n\n",
		progname, progname, progname);
	exit(1);
}

int main(int argc, char **argv)
{
	int raw = 0, type = 0, backend = 0, rc, opt;
	char *validate = NULL, *key = NULL, *context = NULL, *file = NULL;

	struct selabel_handle *hnd;
	struct selinux_opt selabel_option[] = {
		{ SELABEL_OPT_PATH, file },
		{ SELABEL_OPT_VALIDATE, validate }
	};

	if (argc < 3)
		usage(argv[0]);

	while ((opt = getopt(argc, argv, "b:f:vrk:t:")) > 0) {
		switch (opt) {
		case 'b':
			if (!strcasecmp(optarg, "file")) {
				backend = SELABEL_CTX_FILE;
			} else if (!strcmp(optarg, "media")) {
				backend = SELABEL_CTX_MEDIA;
			} else if (!strcmp(optarg, "x")) {
				backend = SELABEL_CTX_X;
			} else if (!strcmp(optarg, "db")) {
				backend = SELABEL_CTX_DB;
			} else if (!strcmp(optarg, "prop")) {
				backend = SELABEL_CTX_ANDROID_PROP;
			} else if (!strcmp(optarg, "service")) {
				backend = SELABEL_CTX_ANDROID_SERVICE;
			} else {
				fprintf(stderr, "Unknown backend: %s\n",
								    optarg);
				usage(argv[0]);
			}
			break;
		case 'f':
			file = optarg;
			break;
		case 'v':
			validate = (char *)1;
			break;
		case 'r':
			raw = 1;
			break;
		case 'k':
			key = optarg;
			break;
		case 't':
			type = atoi(optarg);
			break;
		default:
			usage(argv[0]);
		}
	}

	selabel_option[0].value = file;
	selabel_option[1].value = validate;

	hnd = selabel_open(backend, selabel_option, 2);
	if (!hnd) {
		fprintf(stderr, "ERROR: selabel_open - Could not obtain "
							     "handle.\n");
		return -1;
	}

	switch (raw) {
	case 1:
		rc = selabel_lookup_raw(hnd, &context, key, type);
		break;
	default:
		rc = selabel_lookup(hnd, &context, key, type);
	}
	selabel_close(hnd);

	if (rc) {
		switch (errno) {
		case ENOENT:
			fprintf(stderr, "ERROR: selabel_lookup failed to "
					    "find a valid context.\n");
			break;
		case EINVAL:
			fprintf(stderr, "ERROR: selabel_lookup failed to "
				    "validate context, or key / type are "
				    "invalid.\n");
			break;
		default:
			fprintf(stderr, "selabel_lookup ERROR: %s\n",
						    strerror(errno));
		}
	} else {
		printf("Default context: %s\n", context);
		freecon(context);
	}

	return rc;
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation