selinux/libselinux/utils/selinuxexeccon.c
Stephen Smalley 76913d8adb Deprecate use of flask.h and av_permissions.h.
Also remove all internal uses by libselinux.
This requires deleting the old class/perm string lookup tables
and compatibility code for kernels that predate the /sys/fs/selinux/class
tree, i.e. Linux < 2.6.23.

This also fixes a longstanding bug in the stringrep code; it was allocating
NVECTORS (number of vectors in the legacy av_perm_to_string table, i.e.
the total number of legacy permissions) entries in the per-class perms array
rather than MAXVECTORS (the maximum number of permissions in any
access vector).  Ho hum.  I already fixed this in Android but forgot it
here.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-07-09 13:49:18 -04:00

60 lines
1.2 KiB
C

#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <ctype.h>
#include <selinux/selinux.h>
static void usage(const char *name, const char *detail, int rc)
{
fprintf(stderr, "usage: %s command [ fromcon ]\n", name);
if (detail)
fprintf(stderr, "%s: %s\n", name, detail);
exit(rc);
}
static char * get_selinux_proc_context(const char *command, char * execcon) {
char * fcon = NULL, *newcon = NULL;
int ret = getfilecon(command, &fcon);
if (ret < 0) goto err;
ret = security_compute_create(execcon, fcon, string_to_security_class("process"), &newcon);
if (ret < 0) goto err;
err:
freecon(fcon);
return newcon;
}
int main(int argc, char **argv)
{
int ret = -1;
char * proccon = NULL, *con = NULL;
if (argc < 2 || argc > 3)
usage(argv[0], "Invalid number of arguments", -1);
if (argc == 2) {
if (getcon(&con) < 0) {
perror(argv[0]);
return -1;
}
} else {
con = strdup(argv[2]);
}
proccon = get_selinux_proc_context(argv[1], con);
if (proccon) {
printf("%s\n", proccon);
ret = 0;
} else {
perror(argv[0]);
}
free(proccon);
free(con);
return ret;
}