LXR busybox/selinux/matchpathcon.c

   1/* matchpathcon  -  get the default security context for the specified
   2 *                  path from the file contexts configuration.
   3 *                  based on libselinux-1.32
   4 * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
   5 *
   6 * Licensed under GPLv2, see file LICENSE in this source tree.
   7 */
   8
   9//usage:#define matchpathcon_trivial_usage
  10//usage:       "[-n] [-N] [-f file_contexts_file] [-p prefix] [-V]"
  11//usage:#define matchpathcon_full_usage "\n\n"
  12//usage:       "        -n      Don't display path"
  13//usage:     "\n        -N      Don't use translations"
  14//usage:     "\n        -f      Use alternate file_context file"
  15//usage:     "\n        -p      Use prefix to speed translations"
  16//usage:     "\n        -V      Verify file context on disk matches defaults"
  17
  18#include "libbb.h"
  19
  20static int print_matchpathcon(char *path, int noprint)
  21{
  22        char *buf;
  23        int rc = matchpathcon(path, 0, &buf);
  24        if (rc < 0) {
  25                bb_perror_msg("matchpathcon(%s) failed", path);
  26                return 1;
  27        }
  28        if (!noprint)
  29                printf("%s\t%s\n", path, buf);
  30        else
  31                puts(buf);
  32
  33        freecon(buf);
  34        return 0;
  35}
  36
  37#define OPT_NOT_PRINT   (1<<0)  /* -n */
  38#define OPT_NOT_TRANS   (1<<1)  /* -N */
  39#define OPT_FCONTEXT    (1<<2)  /* -f */
  40#define OPT_PREFIX      (1<<3)  /* -p */
  41#define OPT_VERIFY      (1<<4)  /* -V */
  42
  43int matchpathcon_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  44int matchpathcon_main(int argc UNUSED_PARAM, char **argv)
  45{
  46        int error = 0;
  47        unsigned opts;
  48        char *fcontext, *prefix, *path;
  49
  50        opt_complementary = "-1" /* at least one param reqd */
  51                ":?:f--p:p--f"; /* mutually exclusive */
  52        opts = getopt32(argv, "nNf:p:V", &fcontext, &prefix);
  53        argv += optind;
  54
  55        if (opts & OPT_NOT_TRANS) {
  56                set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
  57        }
  58        if (opts & OPT_FCONTEXT) {
  59                if (matchpathcon_init(fcontext))
  60                        bb_perror_msg_and_die("error while processing %s", fcontext);
  61        }
  62        if (opts & OPT_PREFIX) {
  63                if (matchpathcon_init_prefix(NULL, prefix))
  64                        bb_perror_msg_and_die("error while processing %s", prefix);
  65        }
  66
  67        while ((path = *argv++) != NULL) {
  68                security_context_t con;
  69                int rc;
  70
  71                if (!(opts & OPT_VERIFY)) {
  72                        error += print_matchpathcon(path, opts & OPT_NOT_PRINT);
  73                        continue;
  74                }
  75
  76                if (selinux_file_context_verify(path, 0)) {
  77                        printf("%s verified\n", path);
  78                        continue;
  79                }
  80
  81                if (opts & OPT_NOT_TRANS)
  82                        rc = lgetfilecon_raw(path, &con);
  83                else
  84                        rc = lgetfilecon(path, &con);
  85
  86                if (rc >= 0) {
  87                        printf("%s has context %s, should be ", path, con);
  88                        error += print_matchpathcon(path, 1);
  89                        freecon(con);
  90                        continue;
  91                }
  92                printf("actual context unknown: %s, should be ", strerror(errno));
  93                error += print_matchpathcon(path, 1);
  94        }
  95        matchpathcon_fini();
  96        return error;
  97}
  98