Gitiles
Code Review Sign In
review.blissroms.org / platform_external_selinux / refs/heads/r / . / libselinux / utils / matchpathcon.c
blob: eb39a18810663e81dc84bb16c2f00ffc99ea437a [file] [log] [blame]
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]1#include <unistd.h>
2#include <stdio.h>
3#include <stdlib.h>
4#include <getopt.h>
5#include <errno.h>
6#include <string.h>
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]7#include <limits.h>
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]8#include <sys/types.h>
9#include <sys/stat.h>
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]10#include <selinux/selinux.h>
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]11#include <limits.h>
12#include <stdlib.h>
13
William Robertse4f2bcc2016-11-01 14:23:10 -0700[diff] [blame]14static __attribute__ ((__noreturn__)) void usage(const char *progname)
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]15{
16 fprintf(stderr,
Petr Lautrbachfdb242e2019-01-31 20:48:24 +0100[diff] [blame]17 "usage: %s [-V] [-N] [-n] [-m type] [-f file_contexts_file] [-p prefix] [-P policy_root_path] filepath...\n",
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]18 progname);
19 exit(1);
20}
21
Daniel P. Berrange5f8ce372012-01-23 15:41:19 +0000[diff] [blame]22static int printmatchpathcon(const char *path, int header, int mode)
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]23{
24 char *buf;
25 int rc = matchpathcon(path, mode, &buf);
26 if (rc < 0) {
Daniel J Walsh00f0d552009-09-24 15:01:53 -0400[diff] [blame]27 if (errno == ENOENT) {
Unto Stencd1ef4d2019-05-10 19:47:07 +0300[diff] [blame]28 buf = strdup("<<none>>");
Daniel J Walsh00f0d552009-09-24 15:01:53 -0400[diff] [blame]29 } else {
30 fprintf(stderr, "matchpathcon(%s) failed: %s\n", path,
31 strerror(errno));
32 return 1;
33 }
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]34 }
35 if (header)
36 printf("%s\t%s\n", path, buf);
37 else
38 printf("%s\n", buf);
39
40 freecon(buf);
41 return 0;
42}
43
Eric Paris1db01642012-09-12 14:18:50 -0400[diff] [blame]44static mode_t string_to_mode(char *s)
45{
46 switch (s[0]) {
47 case 'b':
48 return S_IFBLK;
49 case 'c':
50 return S_IFCHR;
51 case 'd':
52 return S_IFDIR;
53 case 'p':
54 return S_IFIFO;
55 case 'l':
56 return S_IFLNK;
57 case 's':
58 return S_IFSOCK;
59 case 'f':
60 return S_IFREG;
61 default:
62 return -1;
63 };
64 return -1;
65}
66
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]67int main(int argc, char **argv)
68{
Eric Paris1db01642012-09-12 14:18:50 -0400[diff] [blame]69 int i, init = 0, force_mode = 0;
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]70 int header = 1, opt;
71 int verify = 0;
72 int notrans = 0;
73 int error = 0;
74 int quiet = 0;
75
76 if (argc < 2)
77 usage(argv[0]);
78
Dan Walsh7fe60362013-10-09 14:46:05 -0400[diff] [blame]79 while ((opt = getopt(argc, argv, "m:Nnf:P:p:Vq")) > 0) {
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]80 switch (opt) {
81 case 'n':
82 header = 0;
83 break;
Eric Paris1db01642012-09-12 14:18:50 -0400[diff] [blame]84 case 'm':
85 force_mode = string_to_mode(optarg);
86 if (force_mode < 0) {
87 fprintf(stderr, "%s: mode %s is invalid\n", argv[0], optarg);
88 exit(1);
89 }
90 break;
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]91 case 'V':
92 verify = 1;
93 break;
94 case 'N':
95 notrans = 1;
96 set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
97 break;
98 case 'f':
99 if (init) {
100 fprintf(stderr,
101 "%s: -f and -p are exclusive\n",
102 argv[0]);
103 exit(1);
104 }
105 init = 1;
106 if (matchpathcon_init(optarg)) {
107 fprintf(stderr,
108 "Error while processing %s: %s\n",
109 optarg,
110 errno ? strerror(errno) : "invalid");
111 exit(1);
112 }
113 break;
Dan Walsh7fe60362013-10-09 14:46:05 -0400[diff] [blame]114 case 'P':
115 if (selinux_set_policy_root(optarg) < 0 ) {
116 fprintf(stderr,
117 "Error setting policy root %s: %s\n",
118 optarg,
119 errno ? strerror(errno) : "invalid");
120 exit(1);
121 }
122 break;
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]123 case 'p':
124 if (init) {
125 fprintf(stderr,
126 "%s: -f and -p are exclusive\n",
127 argv[0]);
128 exit(1);
129 }
130 init = 1;
131 if (matchpathcon_init_prefix(NULL, optarg)) {
132 fprintf(stderr,
133 "Error while processing %s: %s\n",
134 optarg,
135 errno ? strerror(errno) : "invalid");
136 exit(1);
137 }
138 break;
139 case 'q':
140 quiet = 1;
141 break;
142 default:
143 usage(argv[0]);
144 }
145 }
146 for (i = optind; i < argc; i++) {
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]147 int rc, mode = 0;
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]148 struct stat buf;
Eric Paris7df397d2011-08-17 11:24:25 -0400[diff] [blame]149 char *path = argv[i];
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]150 int len = strlen(path);
151 if (len > 1 && path[len - 1 ] == '/')
152 path[len - 1 ] = '\0';
Daniel J Walsh93a68022009-04-10 11:33:23 -0400[diff] [blame]153
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]154 if (lstat(path, &buf) == 0)
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]155 mode = buf.st_mode;
Eric Paris1db01642012-09-12 14:18:50 -0400[diff] [blame]156 if (force_mode)
157 mode = force_mode;
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]158
159 if (verify) {
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]160 rc = selinux_file_context_verify(path, mode);
161
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]162 if (quiet) {
Richard Hainesbc1a8e22011-03-09 16:34:08 +0000[diff] [blame]163 if (rc == 1)
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]164 continue;
165 else
166 exit(1);
167 }
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]168
Richard Hainesbc1a8e22011-03-09 16:34:08 +0000[diff] [blame]169 if (rc == -1) {
170 printf("%s error: %s\n", path, strerror(errno));
171 exit(1);
172 } else if (rc == 1) {
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]173 printf("%s verified.\n", path);
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]174 } else {
Stephen Smalley9eb9c932014-02-19 09:16:17 -0500[diff] [blame]175 char * con;
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]176 error = 1;
177 if (notrans)
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]178 rc = lgetfilecon_raw(path, &con);
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]179 else
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]180 rc = lgetfilecon(path, &con);
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]181
182 if (rc >= 0) {
183 printf("%s has context %s, should be ",
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]184 path, con);
185 printmatchpathcon(path, 0, mode);
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]186 freecon(con);
187 } else {
188 printf
189 ("actual context unknown: %s, should be ",
190 strerror(errno));
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]191 printmatchpathcon(path, 0, mode);
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]192 }
193 }
194 } else {
Eric Paris4ad18962011-06-29 00:11:17 -0400[diff] [blame]195 error |= printmatchpathcon(path, header, mode);
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]196 }
197 }
198 matchpathcon_fini();
199 return error;
200}