113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <unistd.h> 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/types.h> 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio.h> 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <errno.h> 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <selinux/selinux.h> 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint main(int argc, char **argv) 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct av_decision avd; 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle security_class_t tclass; 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int ret; 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (argc != 4) { 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "usage: %s scontext tcontext tclass\n", 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle argv[0]); 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tclass = string_to_security_class(argv[3]); 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!tclass) { 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(2); 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd); 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret < 0) { 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "%s: security_compute_av failed\n", argv[0]); 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(3); 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("allowed="); 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle print_access_vector(tclass, avd.allowed); 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\n"); 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avd.decided != ~0U) { 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("decided="); 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle print_access_vector(tclass, avd.decided); 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\n"); 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avd.auditallow) { 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("auditallow="); 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle print_access_vector(tclass, avd.auditallow); 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\n"); 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avd.auditdeny != ~0U) { 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("auditdeny"); 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle print_access_vector(tclass, avd.auditdeny); 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle printf("\n"); 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(0); 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 56