selinux/libselinux/utils/compute_av.c
Christian Göttsche 0c407c3f1d libselinux/utils: print errno on failure
Print error description on failure after functions known to set errno.

Also mention the library function name in getenforce, policyvers and
setenforce instead of the program name twice.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
2022-05-16 10:31:15 -04:00

67 lines
1.4 KiB
C

#include <unistd.h>
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <selinux/selinux.h>
int main(int argc, char **argv)
{
struct av_decision avd;
security_class_t tclass;
int ret;
if (argc != 4) {
fprintf(stderr, "usage: %s scontext tcontext tclass\n",
argv[0]);
exit(1);
}
if (security_check_context(argv[1])) {
fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
exit(4);
}
if (security_check_context(argv[2])) {
fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
exit(5);
}
tclass = string_to_security_class(argv[3]);
if (!tclass) {
fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
exit(2);
}
ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
if (ret < 0) {
fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno));
exit(3);
}
printf("allowed=");
print_access_vector(tclass, avd.allowed);
printf("\n");
if (avd.decided != ~0U) {
printf("decided=");
print_access_vector(tclass, avd.decided);
printf("\n");
}
if (avd.auditallow) {
printf("auditallow=");
print_access_vector(tclass, avd.auditallow);
printf("\n");
}
if (avd.auditdeny != ~0U) {
printf("auditdeny");
print_access_vector(tclass, avd.auditdeny);
printf("\n");
}
exit(EXIT_SUCCESS);
}