1 #include <stdio.h> 2 #include <stdlib.h> 3 #include <string.h> 4 #include <getopt.h> 5 #include <errno.h> 6 #include <selinux/selinux.h> 7 #include <selinux/label.h> 8 9 static __attribute__ ((__noreturn__)) void usage(const char *progname) 10 { 11 fprintf(stderr, 12 "usage: %s -b backend [-v] [-r] -k key [-t type] [-f file]\n\n" 13 "Where:\n\t" 14 "-b The backend - \"file\", \"media\", \"x\", \"db\" or " 15 "\"prop\"\n\t" 16 "-v Validate entries against loaded policy.\n\t" 17 "-r Use \"raw\" function.\n\t" 18 "-k Lookup key - Depends on backend.\n\t" 19 "-t Lookup type - Optional as depends on backend.\n\t" 20 "-f Optional file containing the specs (defaults to\n\t" 21 " those used by loaded policy).\n\n" 22 "Examples:\n\t" 23 "%s -v -b file -k /run -t 0\n\t" 24 " lookup with validation against the loaded policy, the\n\t" 25 " \"file\" backend for path \"/run\" with mode = 0\n\t" 26 "%s -r -b x -t 4 -k X11:ButtonPress\n\t" 27 " lookup_raw the \"X\" backend for type SELABEL_X_EVENT\n\t" 28 " using key \"X11:ButtonPress\"\n\n", 29 progname, progname, progname); 30 exit(1); 31 } 32 33 int main(int argc, char **argv) 34 { 35 int raw = 0, type = 0, backend = 0, rc, opt; 36 char *validate = NULL, *key = NULL, *context = NULL, *file = NULL; 37 38 struct selabel_handle *hnd; 39 struct selinux_opt selabel_option[] = { 40 { SELABEL_OPT_PATH, file }, 41 { SELABEL_OPT_VALIDATE, validate } 42 }; 43 44 if (argc < 3) 45 usage(argv[0]); 46 47 while ((opt = getopt(argc, argv, "b:f:vrk:t:")) > 0) { 48 switch (opt) { 49 case 'b': 50 if (!strcasecmp(optarg, "file")) { 51 backend = SELABEL_CTX_FILE; 52 } else if (!strcmp(optarg, "media")) { 53 backend = SELABEL_CTX_MEDIA; 54 } else if (!strcmp(optarg, "x")) { 55 backend = SELABEL_CTX_X; 56 } else if (!strcmp(optarg, "db")) { 57 backend = SELABEL_CTX_DB; 58 } else if (!strcmp(optarg, "prop")) { 59 backend = SELABEL_CTX_ANDROID_PROP; 60 } else if (!strcmp(optarg, "service")) { 61 backend = SELABEL_CTX_ANDROID_SERVICE; 62 } else { 63 fprintf(stderr, "Unknown backend: %s\n", 64 optarg); 65 usage(argv[0]); 66 } 67 break; 68 case 'f': 69 file = optarg; 70 break; 71 case 'v': 72 validate = (char *)1; 73 break; 74 case 'r': 75 raw = 1; 76 break; 77 case 'k': 78 key = optarg; 79 break; 80 case 't': 81 type = atoi(optarg); 82 break; 83 default: 84 usage(argv[0]); 85 } 86 } 87 88 selabel_option[0].value = file; 89 selabel_option[1].value = validate; 90 91 hnd = selabel_open(backend, selabel_option, 2); 92 if (!hnd) { 93 fprintf(stderr, "ERROR: selabel_open - Could not obtain " 94 "handle.\n"); 95 return -1; 96 } 97 98 switch (raw) { 99 case 1: 100 rc = selabel_lookup_raw(hnd, &context, key, type); 101 break; 102 default: 103 rc = selabel_lookup(hnd, &context, key, type); 104 } 105 selabel_close(hnd); 106 107 if (rc) { 108 switch (errno) { 109 case ENOENT: 110 fprintf(stderr, "ERROR: selabel_lookup failed to " 111 "find a valid context.\n"); 112 break; 113 case EINVAL: 114 fprintf(stderr, "ERROR: selabel_lookup failed to " 115 "validate context, or key / type are " 116 "invalid.\n"); 117 break; 118 default: 119 fprintf(stderr, "selabel_lookup ERROR: %s\n", 120 strerror(errno)); 121 } 122 } else { 123 printf("Default context: %s\n", context); 124 freecon(context); 125 } 126 127 return rc; 128 } 129
