libselinux: Add selinux_check_access utility

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2025-03-03 08:47:42 +00:00 · 2017-05-01 14:20:14 +01:00 · 2017-05-01 14:20:14 +01:00 · a63858b52f
commit a63858b52f
parent 9cba8f6151
2 changed files with 53 additions and 0 deletions
--- a/libselinux/utils/.gitignore
+++ b/libselinux/utils/.gitignore
@ -25,3 +25,4 @@ selinuxexeccon
 setenforce
 setfilecon
 togglesebool
+selinux_check_access
--- a/libselinux/utils/selinux_check_access.c
+++ b/libselinux/utils/selinux_check_access.c
@ -0,0 +1,52 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <selinux/selinux.h>
+
+static void usage(char *progname)
+{
+	fprintf(stderr, "usage:  %s [-a auditdata] scon tcon class perm\n"
+		"\nWhere:\n\t"
+		"-a  Optional information added to audit message.\n",
+		progname);
+	exit(1);
+}
+
+static int cb_auditinfo(void *auditdata,
+			__attribute__((unused))security_class_t class,
+			char *msgbuf, size_t msgbufsize)
+{
+	return snprintf(msgbuf, msgbufsize, "%s", (char *)auditdata);
+}
+
+int main(int argc, char **argv)
+{
+	int opt, rc;
+	char *audit_msg = NULL;
+
+	while ((opt = getopt(argc, argv, "a:")) != -1) {
+		switch (opt) {
+		case 'a':
+			audit_msg = optarg;
+			break;
+		default:
+			usage(argv[0]);
+		}
+	}
+
+	if ((argc - optind) != 4)
+		usage(argv[0]);
+
+	if (audit_msg)
+		selinux_set_callback(SELINUX_CB_AUDIT,
+				     (union selinux_callback)cb_auditinfo);
+
+	rc = selinux_check_access(argv[optind], argv[optind + 1],
+				  argv[optind + 2], argv[optind + 3],
+				  audit_msg);
+	if (rc < 0)
+		perror("selinux_check_access");
+
+	return rc;
+}