• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4 #include <getopt.h>
5 #include <errno.h>
6 #include <selinux/selinux.h>
7 #include <selinux/label.h>
8 
usage(const char * progname)9 static __attribute__ ((__noreturn__)) void usage(const char *progname)
10 {
11 	fprintf(stderr,
12 		"usage: %s -b backend [-v] [-r] -k key [-t type] [-f file]\n\n"
13 		"Where:\n\t"
14 		"-b  The backend - \"file\", \"media\", \"x\", \"db\" or "
15 			"\"prop\"\n\t"
16 		"-v  Validate entries against loaded policy.\n\t"
17 		"-r  Use \"raw\" function.\n\t"
18 		"-k  Lookup key - Depends on backend.\n\t"
19 		"-t  Lookup type - Optional as depends on backend.\n\t"
20 		"-f  Optional file containing the specs (defaults to\n\t"
21 		"    those used by loaded policy).\n\n"
22 		"Examples:\n\t"
23 		"%s -v -b file -k /run -t 0\n\t"
24 		"   lookup with validation against the loaded policy, the\n\t"
25 		"   \"file\" backend for path \"/run\" with mode = 0\n\t"
26 		"%s -r -b x -t 4 -k X11:ButtonPress\n\t"
27 		"   lookup_raw the \"X\" backend for type SELABEL_X_EVENT\n\t"
28 		"   using key \"X11:ButtonPress\"\n\n",
29 		progname, progname, progname);
30 	exit(1);
31 }
32 
main(int argc,char ** argv)33 int main(int argc, char **argv)
34 {
35 	int raw = 0, type = 0, rc, opt;
36 	unsigned int backend = SELABEL_CTX_FILE;
37 	char *validate = NULL, *key = NULL, *context = NULL, *file = NULL;
38 
39 	struct selabel_handle *hnd;
40 	struct selinux_opt selabel_option[] = {
41 		{ SELABEL_OPT_PATH, file },
42 		{ SELABEL_OPT_VALIDATE, validate }
43 	};
44 
45 	if (argc < 3)
46 		usage(argv[0]);
47 
48 	while ((opt = getopt(argc, argv, "b:f:vrk:t:")) > 0) {
49 		switch (opt) {
50 		case 'b':
51 			if (!strcasecmp(optarg, "file")) {
52 				backend = SELABEL_CTX_FILE;
53 			} else if (!strcmp(optarg, "media")) {
54 				backend = SELABEL_CTX_MEDIA;
55 			} else if (!strcmp(optarg, "x")) {
56 				backend = SELABEL_CTX_X;
57 			} else if (!strcmp(optarg, "db")) {
58 				backend = SELABEL_CTX_DB;
59 			} else if (!strcmp(optarg, "prop")) {
60 				backend = SELABEL_CTX_ANDROID_PROP;
61 			} else if (!strcmp(optarg, "service")) {
62 				backend = SELABEL_CTX_ANDROID_SERVICE;
63 			} else {
64 				fprintf(stderr, "Unknown backend: %s\n",
65 								    optarg);
66 				usage(argv[0]);
67 			}
68 			break;
69 		case 'f':
70 			file = optarg;
71 			break;
72 		case 'v':
73 			validate = (char *)1;
74 			break;
75 		case 'r':
76 			raw = 1;
77 			break;
78 		case 'k':
79 			key = optarg;
80 			break;
81 		case 't':
82 			type = atoi(optarg);
83 			break;
84 		default:
85 			usage(argv[0]);
86 		}
87 	}
88 
89 	selabel_option[0].value = file;
90 	selabel_option[1].value = validate;
91 
92 	hnd = selabel_open(backend, selabel_option, 2);
93 	if (!hnd) {
94 		fprintf(stderr, "ERROR: selabel_open - Could not obtain "
95 							     "handle:  %s\n",
96 							     strerror(errno));
97 		return -1;
98 	}
99 
100 	switch (raw) {
101 	case 1:
102 		rc = selabel_lookup_raw(hnd, &context, key, type);
103 		break;
104 	default:
105 		rc = selabel_lookup(hnd, &context, key, type);
106 	}
107 	selabel_close(hnd);
108 
109 	if (rc) {
110 		switch (errno) {
111 		case ENOENT:
112 			fprintf(stderr, "ERROR: selabel_lookup failed to "
113 					    "find a valid context.\n");
114 			break;
115 		case EINVAL:
116 			fprintf(stderr, "ERROR: selabel_lookup failed to "
117 				    "validate context, or key / type are "
118 				    "invalid.\n");
119 			break;
120 		default:
121 			fprintf(stderr, "selabel_lookup ERROR: %s\n",
122 						    strerror(errno));
123 		}
124 	} else {
125 		printf("Default context: %s\n", context);
126 		freecon(context);
127 	}
128 
129 	return rc;
130 }
131