secon.c revision 13cd4c8960688af11ad23b4c946149015c80d54
113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio.h> 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <assert.h> 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <string.h> 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define xstreq(x, y) !strcmp(x, y) 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <err.h> 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <getopt.h> 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/types.h> 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <unistd.h> 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <selinux/selinux.h> 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <selinux/context.h> 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define TRUE 1 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define FALSE 0 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define SECON_CONF_PROG_NAME "secon" /* default program name */ 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define SECON_OPTS_SM "hVurtscmPRfLp" /* small options available, print */ 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define SECON_OPTS_GO "hVurtlscmPRf:L:p:" /* small options available, getopt */ 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_ARG 0 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_FILE 1 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_LINK 2 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_STDIN 3 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_CUR 4 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_CUREXE 5 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_CURFS 6 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_CURKEY 7 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_PROC 8 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_PROCEXE 9 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_PROCFS 10 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define OPTS_FROM_PROCKEY 11 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestruct { 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int disp_user:1; 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int disp_role:1; 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int disp_type:1; 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int disp_sen:1; 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int disp_clr:1; 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int disp_mlsr:1; 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int disp_raw:1; 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int disp_prompt:1; /* no return, use : to sep */ 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int from_type:8; /* 16 bits, uses 4 bits */ 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle union { 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pid_t pid; 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const char *file; 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const char *link; 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const char *arg; 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } f; 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} opts[1] = { { 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FALSE, FALSE, OPTS_FROM_ARG, { 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle0}}}; 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void usage(const char *name, int exit_code) 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(exit_code ? stderr : stdout, 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Usage: %s [-%s] [ context | - ]\n" 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --help -h Show this message.\n" 6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --version -V Show the version.\n" 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --prompt -P Output in a format good for a prompt.\n" 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --user -u Show the user of the context.\n" 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --role -r Show the role of the context.\n" 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --type -t Show the type of the context.\n" 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --sensitivity -s Show the sensitivity level of the context.\n" 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --clearance -c Show the clearance level of the context.\n" 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --mls-range -m Show the sensitivity to clearance range of \n" 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " the context.\n" 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --raw -R Show the context in \"raw\" format.\n" 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --current Get the context for the current process.\n" 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --self Get the context for the current process.\n" 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --self-exec Get the exec context for the current process.\n" 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --self-fs Get the fs context for the current process.\n" 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --self-key Get the key context for the current process.\n" 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --parent Get the context for the parent process.\n" 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --parent-exec Get the exec context for the parent process.\n" 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --parent-fs Get the fs context for the parent process.\n" 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --parent-key Get the key context for the parent process.\n" 8713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --pid -p <arg> Use the context from the specified pid.\n" 8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --pid-exec <arg> Use the exec context from the specified pid.\n" 8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --pid-fs <arg> Use the fs context from the specified pid.\n" 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --pid-key <arg> Use the key context from the specified pid.\n" 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --file -f <arg> Use the context from the specified file.\n" 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " --link -L <arg> Use the context from the specified link.\n", 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle name, SECON_OPTS_SM); 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(exit_code); 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic const char *opt_program_name(const char *argv0, const char *def) 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (argv0) { 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((def = strrchr(argv0, '/'))) 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ++def; 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def = argv0; 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* hack for libtool */ 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((strlen(def) > strlen("lt-")) 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && !memcmp("lt-", def, strlen("lt-"))) 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def += 3; 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (def); 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int disp_num(void) 11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int num = 0; 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num += opts->disp_user; 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num += opts->disp_role; 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num += opts->disp_type; 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num += opts->disp_sen; 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num += opts->disp_clr; 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num += opts->disp_mlsr; 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (num); 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int disp_none(void) 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (!disp_num()); 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int disp_multi(void) 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (disp_num() > 1); 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void cmd_line(int argc, char *argv[]) 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int optchar = 0; 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const char *program_name = NULL; 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct option long_options[] = { 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"help", no_argument, NULL, 'h'}, 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"version", no_argument, NULL, 'V'}, 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"prompt", no_argument, NULL, 'P'}, 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"user", no_argument, NULL, 'u'}, 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"role", no_argument, NULL, 'r'}, 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"type", no_argument, NULL, 't'}, 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"level", no_argument, NULL, 'l'}, /* compat. */ 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"sensitivity", no_argument, NULL, 's'}, 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"range", no_argument, NULL, 'm'}, 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"clearance", no_argument, NULL, 'c'}, 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"mls-range", no_argument, NULL, 'm'}, 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"raw", no_argument, NULL, 'R'}, 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"current", no_argument, NULL, 1}, 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"self", no_argument, NULL, 1}, 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"current-exec", no_argument, NULL, 2}, 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"self-exec", no_argument, NULL, 2}, 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"current-fs", no_argument, NULL, 3}, 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"self-fs", no_argument, NULL, 3}, 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"current-key", no_argument, NULL, 4}, 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"self-key", no_argument, NULL, 4}, 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"parent", no_argument, NULL, 5}, 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"parent-exec", no_argument, NULL, 6}, 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"parent-fs", no_argument, NULL, 7}, 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"parent-key", no_argument, NULL, 8}, 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"file", required_argument, NULL, 'f'}, 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"link", required_argument, NULL, 'L'}, 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"pid", required_argument, NULL, 'p'}, 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"pid-exec", required_argument, NULL, 9}, 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"pid-fs", required_argument, NULL, 10}, 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {"pid-key", required_argument, NULL, 11}, 18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {NULL, 0, NULL, 0} 18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }; 18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int done = FALSE; 18413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle program_name = opt_program_name(argv[0], SECON_CONF_PROG_NAME); 18613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while ((optchar = getopt_long(argc, argv, SECON_OPTS_GO, 18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle long_options, NULL)) != -1) { 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle switch (optchar) { 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case '?': 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle usage(program_name, EXIT_FAILURE); 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'h': 19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle usage(program_name, EXIT_SUCCESS); 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'V': 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stdout, 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " %s version %s.\n", program_name, VERSION); 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(EXIT_SUCCESS); 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'u': 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle done = TRUE; 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_user = !opts->disp_user; 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'r': 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle done = TRUE; 20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_role = !opts->disp_role; 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 't': 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle done = TRUE; 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_type = !opts->disp_type; 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'l': 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle done = TRUE; 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_sen = !opts->disp_sen; 21413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 's': 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle done = TRUE; 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_sen = !opts->disp_sen; 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'c': 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle done = TRUE; 22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_clr = !opts->disp_clr; 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'm': 22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle done = TRUE; 22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_mlsr = !opts->disp_mlsr; 22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'P': 22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_prompt = !opts->disp_prompt; 23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'R': 23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_raw = !opts->disp_raw; 23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 1: 23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_CUR; 23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 2: 23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_CUREXE; 24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 3: 24213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_CURFS; 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 4: 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_CURKEY; 24613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 5: 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_PROC; 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.pid = getppid(); 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 6: 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_PROCEXE; 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.pid = getppid(); 25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 7: 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_PROCFS; 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.pid = getppid(); 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 26013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 8: 26113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_PROCKEY; 26213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.pid = getppid(); 26313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 26413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'f': 26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_FILE; 26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.file = optarg; 26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 26913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'L': 27013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_LINK; 27113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.link = optarg; 27213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 27313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 'p': 27413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_PROC; 27513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.pid = atoi(optarg); 27613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 27713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 9: 27813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_PROCEXE; 27913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.pid = atoi(optarg); 28013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 28113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 10: 28213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_PROCFS; 28313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.pid = atoi(optarg); 28413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 28513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case 11: 28613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_PROCKEY; 28713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.pid = atoi(optarg); 28813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 28913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 29013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle default: 29113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle assert(FALSE); 29213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 29313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 29413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 29513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!done) { /* defualt, if nothing specified */ 29613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_user = TRUE; 29713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_role = TRUE; 29813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_type = TRUE; 29913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!opts->disp_prompt) { /* when displaying prompt, just output "normal" by default */ 30013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_sen = TRUE; 30113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_clr = TRUE; 30213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 30313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->disp_mlsr = TRUE; 30413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 30513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 30613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (disp_none()) 30713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, " Nothing to display"); 30813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 30913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle argc -= optind; 31013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle argv += optind; 31113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 31213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!argc && (opts->from_type == OPTS_FROM_ARG) 31313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && !isatty(STDIN_FILENO)) 31413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_STDIN; 31513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!argc && (opts->from_type == OPTS_FROM_ARG)) 31613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_CUR; 31713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 31813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->from_type == OPTS_FROM_ARG) { 31913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.arg = argv[0]; 32013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 32113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (xstreq(argv[0], "-")) 32213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_STDIN; 32313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (!is_selinux_enabled()) 32413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errx(EXIT_FAILURE, "SELinux is not enabled"); 32513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 32613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 32713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int my_getXcon_raw(pid_t pid, security_context_t * con, const char *val) 32813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 32913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char buf[4096]; 33013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *fp = NULL; 33113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const char *ptr = NULL; 33213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle snprintf(buf, sizeof(buf), "%s/%ld/attr/%s", "/proc", (long int)pid, 33413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle val); 33513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!(fp = fopen(buf, "rb"))) 33713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (-1); 33813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ptr = fgets(buf, sizeof(buf), fp); 34013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fclose(fp); 34213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *con = NULL; 34413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ptr) { /* return *con = NULL, when proc file is empty */ 34513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *tmp = strchr(ptr, '\n'); 34613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (tmp) 34813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *tmp = 0; 34913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 35013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (*ptr && !(*con = strdup(ptr))) 35113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (-1); 35213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 35313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 35413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (0); 35513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 35613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 35713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int my_getpidexeccon_raw(pid_t pid, security_context_t * con) 35813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 35913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (my_getXcon_raw(pid, con, "exec")); 36013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 36113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int my_getpidfscreatecon_raw(pid_t pid, security_context_t * con) 36213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 36313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (my_getXcon_raw(pid, con, "fscreate")); 36413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 36513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int my_getpidkeycreatecon_raw(pid_t pid, security_context_t * con) 36613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 36713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (my_getXcon_raw(pid, con, "keycreate")); 36813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 36913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 37013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic security_context_t get_scon(void) 37113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 37213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle static char dummy_NIL[1] = ""; 37313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle security_context_t con = NULL; 37413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int ret = -1; 37513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int raw = TRUE; 37613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 37713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle switch (opts->from_type) { 37813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_ARG: 37913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!(con = strdup(opts->f.arg))) 38013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 38113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't allocate security context"); 38213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle raw = !opts->disp_raw; /* always do conversion */ 38313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 38413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 38513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_STDIN: 38613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 38713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char buf[4096] = ""; 38813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *ptr = buf; 38913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 39013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (!*ptr) { 39113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!(ptr = fgets(buf, sizeof(buf), stdin))) 39213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 39313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't read security context"); 39413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 39513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ptr += strspn(ptr, " \n\t"); 39613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ptr[strcspn(ptr, " \n\t")] = 0; 39713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 39813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 39913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!(con = strdup(ptr))) 40013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 40113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't allocate security context"); 40213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 40313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle raw = !opts->disp_raw; /* always do conversion */ 40413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 40513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 40613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 40713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_CUR: 40813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = getcon_raw(&con); 40913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 41113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 41213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't get current security context"); 41313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 41413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_CUREXE: 41513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = getexeccon_raw(&con); 41613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 41813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 41913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't get current exec security context"); 42013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 42113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!con) 42213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle con = strdup(dummy_NIL); 42313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 42413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_CURFS: 42513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = getfscreatecon_raw(&con); 42613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 42713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 42813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 42913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't get current fs security context"); 43013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 43113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!con) 43213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle con = strdup(dummy_NIL); 43313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 43413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_CURKEY: 43513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = getkeycreatecon_raw(&con); 43613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 43713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 43813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 43913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't get current key security context"); 44013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 44113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!con) 44213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle con = strdup(dummy_NIL); 44313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 44413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 44513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_PROC: 44613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = getpidcon_raw(opts->f.pid, &con); 44713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 44813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 44913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 45013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't get security context for pid %lu", 45113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (unsigned long)opts->f.pid); 45213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 45313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_PROCEXE: 45413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = my_getpidexeccon_raw(opts->f.pid, &con); 45513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 45613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 45713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 45813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't get security context for pid %lu", 45913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (unsigned long)opts->f.pid); 46013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 46113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!con) 46213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle con = strdup(dummy_NIL); 46313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 46413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_PROCFS: 46513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = my_getpidfscreatecon_raw(opts->f.pid, &con); 46613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 46713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 46813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 46913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't get security context for pid %lu", 47013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (unsigned long)opts->f.pid); 47113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 47213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!con) 47313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle con = strdup(dummy_NIL); 47413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* disabled -- override with normal context ... 47513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 47613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->from_type = OPTS_FROM_PROC; 47713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (get_scon()); 47813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } */ 47913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 48013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_PROCKEY: 48113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = my_getpidkeycreatecon_raw(opts->f.pid, &con); 48213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 48313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 48413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 48513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't get security context for pid %lu", 48613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (unsigned long)opts->f.pid); 48713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 48813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!con) 48913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle con = strdup(dummy_NIL); 49013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 49113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 49213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_FILE: 49313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = getfilecon_raw(opts->f.file, &con); 49413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 49513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 49613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 49713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't get security context for file %s", 49813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.file); 49913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 50013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 50113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OPTS_FROM_LINK: 50213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = lgetfilecon_raw(opts->f.link, &con); 50313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 50413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ret == -1) 50513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err(EXIT_FAILURE, 50613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle " Couldn't get security context for symlink %s", 50713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle opts->f.link); 50813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 50913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 51013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle default: 51113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle assert(FALSE); 51213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 51313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 51413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_raw != raw) { 51513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle security_context_t ncon = NULL; 51613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 51713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_raw) 51813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle selinux_trans_to_raw_context(con, &ncon); 51913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 52013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle selinux_raw_to_trans_context(con, &ncon); 52113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 52213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle freecon(con); 52313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle con = ncon; 52413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 52513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 52613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (con); 52713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 52813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 52913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void disp__con_val(const char *name, const char *val) 53013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 53113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle static int done = FALSE; 53213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 53313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle assert(name); 53413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 53513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!val) 53613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle val = ""; /* targeted has no "level" etc., 53713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle any errors should happen at context_new() time */ 53813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 53913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_prompt) { 54013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (xstreq("mls-range", name) && !*val) 54113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; /* skip, mls-range if it's empty */ 54213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 54313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stdout, "%s%s", done ? ":" : "", val); 54413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (disp_multi()) 54513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stdout, "%s: %s\n", name, val); 54613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 54713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stdout, "%s\n", val); 54813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 54913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle done = TRUE; 55013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 55113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 55213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void disp_con(security_context_t scon) 55313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 55413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle context_t con = NULL; 55513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 55613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!*scon) { /* --self-exec and --self-fs etc. */ 55713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_user) 55813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("user", NULL); 55913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_role) 56013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("role", NULL); 56113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_type) 56213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("type", NULL); 56313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_sen) 56413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("sensitivity", NULL); 56513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_clr) 56613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("clearance", NULL); 56713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_mlsr) 56813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("mls-range", NULL); 56913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 57013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 57113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!(con = context_new(scon))) 57313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errx(EXIT_FAILURE, "Couldn't create context from: %s", scon); 57413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_user) 57613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("user", context_user_get(con)); 57713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_role) 57813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("role", context_role_get(con)); 57913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_type) 58013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("type", context_type_get(con)); 58113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_sen) { 58213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const char *val = NULL; 58313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *tmp = NULL; 58413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 58513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle val = context_range_get(con); 58613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!val) 58713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle val = ""; /* targeted has no "level" etc., 58813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle any errors should happen at context_new() time */ 58913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 59013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tmp = strdup(val); 59113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!tmp) 59213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errx(EXIT_FAILURE, "Couldn't create context from: %s", 59313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scon); 59413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (strchr(tmp, '-')) 59513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *strchr(tmp, '-') = 0; 59613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 59713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("sensitivity", tmp); 59813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 59913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(tmp); 60013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 60113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_clr) { 60213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const char *val = NULL; 60313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *tmp = NULL; 60413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 60513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle val = context_range_get(con); 60613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!val) 60713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle val = ""; /* targeted has no "level" etc., 60813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle any errors should happen at context_new() time */ 60913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 61013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tmp = strdup(val); 61113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!tmp) 61213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle errx(EXIT_FAILURE, "Couldn't create context from: %s", 61313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scon); 61413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (strchr(tmp, '-')) 61513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("clearance", strchr(tmp, '-') + 1); 61613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 61713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("clearance", tmp); 61813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 61913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(tmp); 62013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 62113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 62213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (opts->disp_mlsr) 62313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp__con_val("mls-range", context_range_get(con)); 62413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 62513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle context_free(con); 62613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 62713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 62813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint main(int argc, char *argv[]) 62913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 63013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle security_context_t scon = NULL; 63113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 63213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cmd_line(argc, argv); 63313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 63413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scon = get_scon(); 63513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 63613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle disp_con(scon); 63713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 63813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle freecon(scon); 63913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 64013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(EXIT_SUCCESS); 64113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 642