selinux/libselinux/utils/selinuxexeccon.c

#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <ctype.h>
#include <selinux/selinux.h>

static __attribute__ ((__noreturn__)) void usage(const char *name, const char *detail, int rc)
{
	fprintf(stderr, "usage:  %s command [ fromcon ]\n", name);
	if (detail)
		fprintf(stderr, "%s:  %s\n", name, detail);
	exit(rc);
}

static char * get_selinux_proc_context(const char *command, const char * execcon) {
	char * fcon = NULL, *newcon = NULL;

	int ret = getfilecon(command, &fcon);
	if (ret < 0) goto err;
	ret = security_compute_create(execcon, fcon, string_to_security_class("process"), &newcon);
	if (ret < 0) goto err;

err:
	freecon(fcon);
	return newcon;
}

int main(int argc, char **argv)
{
	int ret = -1;
	char * proccon = NULL, *con = NULL;
	if (argc < 2 || argc > 3)
		usage(argv[0], "Invalid number of arguments", -1);

	if (argc == 2) {
		if (getcon(&con) < 0) {
			perror(argv[0]);
			return -1;
		}
	} else {
		con = strdup(argv[2]);
		if (security_check_context(con)) {
			fprintf(stderr, "%s:  invalid from context '%s'\n", argv[0], con);
			return -1;
		}
	}

	proccon = get_selinux_proc_context(argv[1], con);
	if (proccon) {
		printf("%s\n", proccon);
		ret = 0;
	} else {
		perror(argv[0]);
	}

	free(proccon);
	free(con);
	return ret;
}