mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-26 07:52:07 +00:00
9eb9c93275
In attempting to enable building various part of Android with -Wall -Werror, we found that the const security_context_t declarations in libselinux are incorrect; const char * was intended, but const security_context_t translates to char * const and triggers warnings on passing const char * from the caller. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value - there is no true encapsulation of the security context strings and callers already directly use string functions on them. typedef left to permit building legacy users until such a time as all are updated. This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7 from Android, augmented to deal with all of the other code in upstream libselinux and updating the man pages too. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com>
93 lines
2.1 KiB
C
93 lines
2.1 KiB
C
#include <unistd.h>
|
|
#include <sys/types.h>
|
|
#include <fcntl.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <errno.h>
|
|
#include <string.h>
|
|
#include <ctype.h>
|
|
#include <selinux/selinux.h>
|
|
#include <selinux/get_context_list.h>
|
|
|
|
static void usage(const char *name, const char *detail, int rc)
|
|
{
|
|
fprintf(stderr, "usage: %s [-l level] [-s service] user [fromcon]\n", name);
|
|
if (detail)
|
|
fprintf(stderr, "%s: %s\n", name, detail);
|
|
exit(rc);
|
|
}
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
char * usercon = NULL, *cur_context = NULL;
|
|
char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
|
|
char *service = NULL;
|
|
int ret, opt;
|
|
int verbose = 0;
|
|
|
|
while ((opt = getopt(argc, argv, "l:r:s:v")) > 0) {
|
|
switch (opt) {
|
|
case 'l':
|
|
level = strdup(optarg);
|
|
break;
|
|
case 'r':
|
|
role = strdup(optarg);
|
|
break;
|
|
case 's':
|
|
service = strdup(optarg);
|
|
break;
|
|
case 'v':
|
|
verbose = 1;
|
|
break;
|
|
default:
|
|
usage(argv[0], "invalid option", 1);
|
|
}
|
|
}
|
|
|
|
if (((argc - optind) < 1) || ((argc - optind) > 2))
|
|
usage(argv[0], "invalid number of arguments", 2);
|
|
|
|
/* If selinux isn't available, bail out. */
|
|
if (!is_selinux_enabled()) {
|
|
fprintf(stderr,
|
|
"%s may be used only on a SELinux kernel.\n", argv[0]);
|
|
return 1;
|
|
}
|
|
|
|
user = argv[optind];
|
|
|
|
/* If a context wasn't passed, use the current context. */
|
|
if (((argc - optind) < 2)) {
|
|
if (getcon(&cur_context) < 0) {
|
|
fprintf(stderr, "Couldn't get current context.\n");
|
|
return 2;
|
|
}
|
|
} else
|
|
cur_context = argv[optind + 1];
|
|
|
|
if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) {
|
|
if (! level) level=dlevel;
|
|
if (role != NULL && role[0])
|
|
ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
|
|
else
|
|
ret=get_default_context_with_level(seuser, level, cur_context,&usercon);
|
|
}
|
|
if (ret < 0)
|
|
perror(argv[0]);
|
|
else {
|
|
if (verbose) {
|
|
printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
|
|
} else {
|
|
printf("%s\n", usercon);
|
|
}
|
|
}
|
|
|
|
free(role);
|
|
free(seuser);
|
|
if (level != dlevel) free(level);
|
|
free(dlevel);
|
|
free(usercon);
|
|
|
|
return ret >= 0;
|
|
}
|