1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4 #include <unistd.h>
5 #include <selinux/selinux.h>
6
usage(const char * progname)7 static __attribute__ ((__noreturn__)) void usage(const char *progname)
8 {
9 fprintf(stderr, "usage: %s [-a auditdata] scon tcon class perm\n"
10 "\nWhere:\n\t"
11 "-a Optional information added to audit message.\n",
12 progname);
13 exit(1);
14 }
15
cb_auditinfo(void * auditdata,security_class_t class,char * msgbuf,size_t msgbufsize)16 static int cb_auditinfo(void *auditdata,
17 __attribute__((unused))security_class_t class,
18 char *msgbuf, size_t msgbufsize)
19 {
20 return snprintf(msgbuf, msgbufsize, "%s", (char *)auditdata);
21 }
22
main(int argc,char ** argv)23 int main(int argc, char **argv)
24 {
25 int opt, rc;
26 char *audit_msg = NULL;
27
28 while ((opt = getopt(argc, argv, "a:")) != -1) {
29 switch (opt) {
30 case 'a':
31 audit_msg = optarg;
32 break;
33 default:
34 usage(argv[0]);
35 }
36 }
37
38 if ((argc - optind) != 4)
39 usage(argv[0]);
40
41 if (audit_msg)
42 selinux_set_callback(SELINUX_CB_AUDIT,
43 (union selinux_callback)cb_auditinfo);
44
45 rc = selinux_check_access(argv[optind], argv[optind + 1],
46 argv[optind + 2], argv[optind + 3],
47 audit_msg);
48 if (rc < 0)
49 perror("selinux_check_access");
50
51 return rc;
52 }
53