libselinux/src/query_user_context.c

*2d543d20SAndroid Build Coastguard Worker#include <stdio.h>
*2d543d20SAndroid Build Coastguard Worker#include <stdlib.h>
*2d543d20SAndroid Build Coastguard Worker#include <string.h>
*2d543d20SAndroid Build Coastguard Worker#include "selinux_internal.h"
*2d543d20SAndroid Build Coastguard Worker#include "context_internal.h"
*2d543d20SAndroid Build Coastguard Worker#include <selinux/get_context_list.h>
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/* context_menu - given a list of contexts, presents a menu of security contexts
*2d543d20SAndroid Build Coastguard Worker *            to the user.  Returns the number (position in the list) of
*2d543d20SAndroid Build Coastguard Worker *            the user selected context.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerstatic int context_menu(char ** list)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	int i;			/* array index                        */
*2d543d20SAndroid Build Coastguard Worker	int choice = 0;		/* index of the user's choice         */
*2d543d20SAndroid Build Coastguard Worker	char response[10];	/* string to hold the user's response */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	printf("\n\n");
*2d543d20SAndroid Build Coastguard Worker	for (i = 0; list[i]; i++)
*2d543d20SAndroid Build Coastguard Worker		printf("[%d] %s\n", i + 1, list[i]);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	while ((choice < 1) || (choice > i)) {
*2d543d20SAndroid Build Coastguard Worker		printf("Enter number of choice: ");
*2d543d20SAndroid Build Coastguard Worker		fflush(stdin);
*2d543d20SAndroid Build Coastguard Worker		if (fgets(response, sizeof(response), stdin) == NULL)
*2d543d20SAndroid Build Coastguard Worker			continue;
*2d543d20SAndroid Build Coastguard Worker		fflush(stdin);
*2d543d20SAndroid Build Coastguard Worker		choice = strtol(response, NULL, 10);
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return (choice - 1);
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/* query_user_context - given a list of context, allow the user to choose one.  The
*2d543d20SAndroid Build Coastguard Worker *                  default is the first context in the list.  Returns 0 on
*2d543d20SAndroid Build Coastguard Worker *                  success, -1 on failure
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerint query_user_context(char ** list, char ** usercon)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char response[10];	/* The user's response                        */
*2d543d20SAndroid Build Coastguard Worker	int choice;		/* The index in the list of the sid chosen by
*2d543d20SAndroid Build Coastguard Worker				   the user                                   */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (!list[0])
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	printf("\nYour default context is %s.\n", list[0]);
*2d543d20SAndroid Build Coastguard Worker	if (list[1]) {
*2d543d20SAndroid Build Coastguard Worker		printf("Do you want to choose a different one? [n]");
*2d543d20SAndroid Build Coastguard Worker		fflush(stdin);
*2d543d20SAndroid Build Coastguard Worker		if (fgets(response, sizeof(response), stdin) == NULL)
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		fflush(stdin);
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if ((response[0] == 'y') || (response[0] == 'Y')) {
*2d543d20SAndroid Build Coastguard Worker			choice = context_menu(list);
*2d543d20SAndroid Build Coastguard Worker			*usercon = strdup(list[choice]);
*2d543d20SAndroid Build Coastguard Worker			if (!(*usercon))
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			return 0;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		*usercon = strdup(list[0]);
*2d543d20SAndroid Build Coastguard Worker		if (!(*usercon))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker	} else {
*2d543d20SAndroid Build Coastguard Worker		*usercon = strdup(list[0]);
*2d543d20SAndroid Build Coastguard Worker		if (!(*usercon))
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/* get_field - given fieldstr - the "name" of a field, query the user
*2d543d20SAndroid Build Coastguard Worker *             and set the new value of the field
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerstatic void get_field(const char *fieldstr, char *newfield, int newfieldlen)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	int done = 0;		/* true if a non-empty field has been obtained */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	while (!done) {		/* Keep going until we get a value for the field */
*2d543d20SAndroid Build Coastguard Worker		printf("\tEnter %s ", fieldstr);
*2d543d20SAndroid Build Coastguard Worker		fflush(stdin);
*2d543d20SAndroid Build Coastguard Worker		if (fgets(newfield, newfieldlen, stdin) == NULL)
*2d543d20SAndroid Build Coastguard Worker			continue;
*2d543d20SAndroid Build Coastguard Worker		fflush(stdin);
*2d543d20SAndroid Build Coastguard Worker		if (newfield[strlen(newfield) - 1] == '\n')
*2d543d20SAndroid Build Coastguard Worker			newfield[strlen(newfield) - 1] = '\0';
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (strlen(newfield) == 0) {
*2d543d20SAndroid Build Coastguard Worker			printf("You must enter a %s\n", fieldstr);
*2d543d20SAndroid Build Coastguard Worker		} else {
*2d543d20SAndroid Build Coastguard Worker			done = 1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker/* manual_user_enter_context - provides a way for a user to manually enter a
*2d543d20SAndroid Build Coastguard Worker *                     context in case the policy doesn't allow a list
*2d543d20SAndroid Build Coastguard Worker *                     to be obtained.
*2d543d20SAndroid Build Coastguard Worker *                     given the userid, queries the user and places the
*2d543d20SAndroid Build Coastguard Worker *                     context chosen by the user into usercon.  Returns 0
*2d543d20SAndroid Build Coastguard Worker *                     on success.
*2d543d20SAndroid Build Coastguard Worker */
*2d543d20SAndroid Build Coastguard Workerint manual_user_enter_context(const char *user, char ** newcon)
*2d543d20SAndroid Build Coastguard Worker{
*2d543d20SAndroid Build Coastguard Worker	char response[10];	/* Used to get yes or no answers from user */
*2d543d20SAndroid Build Coastguard Worker	char role[100];		/* The role requested by the user          */
*2d543d20SAndroid Build Coastguard Worker	int rolelen = 100;
*2d543d20SAndroid Build Coastguard Worker	char type[100];		/* The type requested by the user          */
*2d543d20SAndroid Build Coastguard Worker	int typelen = 100;
*2d543d20SAndroid Build Coastguard Worker	char level[100];	/* The level requested by the user         */
*2d543d20SAndroid Build Coastguard Worker	int levellen = 100;
*2d543d20SAndroid Build Coastguard Worker	int mls_enabled = is_selinux_mls_enabled();
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	context_t new_context;	/* The new context chosen by the user     */
*2d543d20SAndroid Build Coastguard Worker	const char *user_context = NULL;	/* String value of the user's context     */
*2d543d20SAndroid Build Coastguard Worker	int done = 0;		/* true if a valid sid has been obtained  */
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	/* Initialize the context.  How this is done depends on whether
*2d543d20SAndroid Build Coastguard Worker	   or not MLS is enabled                                        */
*2d543d20SAndroid Build Coastguard Worker	if (mls_enabled)
*2d543d20SAndroid Build Coastguard Worker		new_context = context_new("user:role:type:level");
*2d543d20SAndroid Build Coastguard Worker	else
*2d543d20SAndroid Build Coastguard Worker		new_context = context_new("user:role:type");
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	if (!new_context)
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	while (!done) {
*2d543d20SAndroid Build Coastguard Worker		printf("Would you like to enter a security context? [y]");
*2d543d20SAndroid Build Coastguard Worker		if (fgets(response, sizeof(response), stdin) == NULL
*2d543d20SAndroid Build Coastguard Worker		    || (response[0] == 'n') || (response[0] == 'N')) {
*2d543d20SAndroid Build Coastguard Worker			context_free(new_context);
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		/* Allow the user to enter each field of the context individually */
*2d543d20SAndroid Build Coastguard Worker		if (context_user_set(new_context, user)) {
*2d543d20SAndroid Build Coastguard Worker			context_free(new_context);
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		get_field("role", role, rolelen);
*2d543d20SAndroid Build Coastguard Worker		if (context_role_set(new_context, role)) {
*2d543d20SAndroid Build Coastguard Worker			context_free(new_context);
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		get_field("type", type, typelen);
*2d543d20SAndroid Build Coastguard Worker		if (context_type_set(new_context, type)) {
*2d543d20SAndroid Build Coastguard Worker			context_free(new_context);
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		if (mls_enabled) {
*2d543d20SAndroid Build Coastguard Worker			get_field("level", level, levellen);
*2d543d20SAndroid Build Coastguard Worker			if (context_range_set(new_context, level)) {
*2d543d20SAndroid Build Coastguard Worker				context_free(new_context);
*2d543d20SAndroid Build Coastguard Worker				return -1;
*2d543d20SAndroid Build Coastguard Worker			}
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker		/* Get the string value of the context and see if it is valid. */
*2d543d20SAndroid Build Coastguard Worker		user_context = context_str(new_context);
*2d543d20SAndroid Build Coastguard Worker		if (!user_context) {
*2d543d20SAndroid Build Coastguard Worker			context_free(new_context);
*2d543d20SAndroid Build Coastguard Worker			return -1;
*2d543d20SAndroid Build Coastguard Worker		}
*2d543d20SAndroid Build Coastguard Worker		if (!security_check_context(user_context))
*2d543d20SAndroid Build Coastguard Worker			done = 1;
*2d543d20SAndroid Build Coastguard Worker		else
*2d543d20SAndroid Build Coastguard Worker			printf("Not a valid security context\n");
*2d543d20SAndroid Build Coastguard Worker	}
*2d543d20SAndroid Build Coastguard Worker
*2d543d20SAndroid Build Coastguard Worker	*newcon = strdup(user_context);
*2d543d20SAndroid Build Coastguard Worker	context_free(new_context);
*2d543d20SAndroid Build Coastguard Worker	if (!(*newcon))
*2d543d20SAndroid Build Coastguard Worker		return -1;
*2d543d20SAndroid Build Coastguard Worker	return 0;
*2d543d20SAndroid Build Coastguard Worker}