xref: /aosp_15_r20/external/selinux/libselinux/utils/selabel_lookup.c (revision 2d543d20722ada2425b5bdab9d0d1d29470e7bba) 
1*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
2*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
3*2d543d20SAndroid Build Coastguard Worker #include <string.h>
4*2d543d20SAndroid Build Coastguard Worker #include <getopt.h>
5*2d543d20SAndroid Build Coastguard Worker #include <errno.h>
6*2d543d20SAndroid Build Coastguard Worker #include <selinux/selinux.h>
7*2d543d20SAndroid Build Coastguard Worker #include <selinux/label.h>
8*2d543d20SAndroid Build Coastguard Worker 
usage(const char * progname)9*2d543d20SAndroid Build Coastguard Worker static __attribute__ ((__noreturn__)) void usage(const char *progname)
10*2d543d20SAndroid Build Coastguard Worker {
11*2d543d20SAndroid Build Coastguard Worker 	fprintf(stderr,
12*2d543d20SAndroid Build Coastguard Worker 		"usage: %s -b backend [-v] [-r] -k key [-t type] [-f file]\n\n"
13*2d543d20SAndroid Build Coastguard Worker 		"Where:\n\t"
14*2d543d20SAndroid Build Coastguard Worker 		"-b  The backend - \"file\", \"media\", \"x\", \"db\" or "
15*2d543d20SAndroid Build Coastguard Worker 			"\"prop\"\n\t"
16*2d543d20SAndroid Build Coastguard Worker 		"-v  Validate entries against loaded policy.\n\t"
17*2d543d20SAndroid Build Coastguard Worker 		"-r  Use \"raw\" function.\n\t"
18*2d543d20SAndroid Build Coastguard Worker 		"-k  Lookup key - Depends on backend.\n\t"
19*2d543d20SAndroid Build Coastguard Worker 		"-t  Lookup type - Optional as depends on backend.\n\t"
20*2d543d20SAndroid Build Coastguard Worker 		"-f  Optional file containing the specs (defaults to\n\t"
21*2d543d20SAndroid Build Coastguard Worker 		"    those used by loaded policy).\n\n"
22*2d543d20SAndroid Build Coastguard Worker 		"Examples:\n\t"
23*2d543d20SAndroid Build Coastguard Worker 		"%s -v -b file -k /run -t 0\n\t"
24*2d543d20SAndroid Build Coastguard Worker 		"   lookup with validation against the loaded policy, the\n\t"
25*2d543d20SAndroid Build Coastguard Worker 		"   \"file\" backend for path \"/run\" with mode = 0\n\t"
26*2d543d20SAndroid Build Coastguard Worker 		"%s -r -b x -t 4 -k X11:ButtonPress\n\t"
27*2d543d20SAndroid Build Coastguard Worker 		"   lookup_raw the \"X\" backend for type SELABEL_X_EVENT\n\t"
28*2d543d20SAndroid Build Coastguard Worker 		"   using key \"X11:ButtonPress\"\n\n",
29*2d543d20SAndroid Build Coastguard Worker 		progname, progname, progname);
30*2d543d20SAndroid Build Coastguard Worker 	exit(1);
31*2d543d20SAndroid Build Coastguard Worker }
32*2d543d20SAndroid Build Coastguard Worker 
main(int argc,char ** argv)33*2d543d20SAndroid Build Coastguard Worker int main(int argc, char **argv)
34*2d543d20SAndroid Build Coastguard Worker {
35*2d543d20SAndroid Build Coastguard Worker 	int raw = 0, type = 0, rc, opt;
36*2d543d20SAndroid Build Coastguard Worker 	unsigned int backend = SELABEL_CTX_FILE;
37*2d543d20SAndroid Build Coastguard Worker 	char *validate = NULL, *key = NULL, *context = NULL, *file = NULL;
38*2d543d20SAndroid Build Coastguard Worker 
39*2d543d20SAndroid Build Coastguard Worker 	struct selabel_handle *hnd;
40*2d543d20SAndroid Build Coastguard Worker 	struct selinux_opt selabel_option[] = {
41*2d543d20SAndroid Build Coastguard Worker 		{ SELABEL_OPT_PATH, file },
42*2d543d20SAndroid Build Coastguard Worker 		{ SELABEL_OPT_VALIDATE, validate }
43*2d543d20SAndroid Build Coastguard Worker 	};
44*2d543d20SAndroid Build Coastguard Worker 
45*2d543d20SAndroid Build Coastguard Worker 	if (argc < 3)
46*2d543d20SAndroid Build Coastguard Worker 		usage(argv[0]);
47*2d543d20SAndroid Build Coastguard Worker 
48*2d543d20SAndroid Build Coastguard Worker 	while ((opt = getopt(argc, argv, "b:f:vrk:t:")) > 0) {
49*2d543d20SAndroid Build Coastguard Worker 		switch (opt) {
50*2d543d20SAndroid Build Coastguard Worker 		case 'b':
51*2d543d20SAndroid Build Coastguard Worker 			if (!strcasecmp(optarg, "file")) {
52*2d543d20SAndroid Build Coastguard Worker 				backend = SELABEL_CTX_FILE;
53*2d543d20SAndroid Build Coastguard Worker 			} else if (!strcmp(optarg, "media")) {
54*2d543d20SAndroid Build Coastguard Worker 				backend = SELABEL_CTX_MEDIA;
55*2d543d20SAndroid Build Coastguard Worker 			} else if (!strcmp(optarg, "x")) {
56*2d543d20SAndroid Build Coastguard Worker 				backend = SELABEL_CTX_X;
57*2d543d20SAndroid Build Coastguard Worker 			} else if (!strcmp(optarg, "db")) {
58*2d543d20SAndroid Build Coastguard Worker 				backend = SELABEL_CTX_DB;
59*2d543d20SAndroid Build Coastguard Worker 			} else if (!strcmp(optarg, "prop")) {
60*2d543d20SAndroid Build Coastguard Worker 				backend = SELABEL_CTX_ANDROID_PROP;
61*2d543d20SAndroid Build Coastguard Worker 			} else if (!strcmp(optarg, "service")) {
62*2d543d20SAndroid Build Coastguard Worker 				backend = SELABEL_CTX_ANDROID_SERVICE;
63*2d543d20SAndroid Build Coastguard Worker 			} else if (!strcmp(optarg, "keystore2_key")) {
64*2d543d20SAndroid Build Coastguard Worker 				backend = SELABEL_CTX_ANDROID_KEYSTORE2_KEY;
65*2d543d20SAndroid Build Coastguard Worker 			} else {
66*2d543d20SAndroid Build Coastguard Worker 				fprintf(stderr, "Unknown backend: %s\n",
67*2d543d20SAndroid Build Coastguard Worker 								    optarg);
68*2d543d20SAndroid Build Coastguard Worker 				usage(argv[0]);
69*2d543d20SAndroid Build Coastguard Worker 			}
70*2d543d20SAndroid Build Coastguard Worker 			break;
71*2d543d20SAndroid Build Coastguard Worker 		case 'f':
72*2d543d20SAndroid Build Coastguard Worker 			file = optarg;
73*2d543d20SAndroid Build Coastguard Worker 			break;
74*2d543d20SAndroid Build Coastguard Worker 		case 'v':
75*2d543d20SAndroid Build Coastguard Worker 			validate = (char *)1;
76*2d543d20SAndroid Build Coastguard Worker 			break;
77*2d543d20SAndroid Build Coastguard Worker 		case 'r':
78*2d543d20SAndroid Build Coastguard Worker 			raw = 1;
79*2d543d20SAndroid Build Coastguard Worker 			break;
80*2d543d20SAndroid Build Coastguard Worker 		case 'k':
81*2d543d20SAndroid Build Coastguard Worker 			key = optarg;
82*2d543d20SAndroid Build Coastguard Worker 			break;
83*2d543d20SAndroid Build Coastguard Worker 		case 't':
84*2d543d20SAndroid Build Coastguard Worker 			type = atoi(optarg);
85*2d543d20SAndroid Build Coastguard Worker 			break;
86*2d543d20SAndroid Build Coastguard Worker 		default:
87*2d543d20SAndroid Build Coastguard Worker 			usage(argv[0]);
88*2d543d20SAndroid Build Coastguard Worker 		}
89*2d543d20SAndroid Build Coastguard Worker 	}
90*2d543d20SAndroid Build Coastguard Worker 
91*2d543d20SAndroid Build Coastguard Worker 	selabel_option[0].value = file;
92*2d543d20SAndroid Build Coastguard Worker 	selabel_option[1].value = validate;
93*2d543d20SAndroid Build Coastguard Worker 
94*2d543d20SAndroid Build Coastguard Worker 	hnd = selabel_open(backend, selabel_option, 2);
95*2d543d20SAndroid Build Coastguard Worker 	if (!hnd) {
96*2d543d20SAndroid Build Coastguard Worker 		fprintf(stderr, "ERROR: selabel_open - Could not obtain "
97*2d543d20SAndroid Build Coastguard Worker 							     "handle:  %s\n",
98*2d543d20SAndroid Build Coastguard Worker 							     strerror(errno));
99*2d543d20SAndroid Build Coastguard Worker 		return -1;
100*2d543d20SAndroid Build Coastguard Worker 	}
101*2d543d20SAndroid Build Coastguard Worker 
102*2d543d20SAndroid Build Coastguard Worker 	switch (raw) {
103*2d543d20SAndroid Build Coastguard Worker 	case 1:
104*2d543d20SAndroid Build Coastguard Worker 		rc = selabel_lookup_raw(hnd, &context, key, type);
105*2d543d20SAndroid Build Coastguard Worker 		break;
106*2d543d20SAndroid Build Coastguard Worker 	default:
107*2d543d20SAndroid Build Coastguard Worker 		rc = selabel_lookup(hnd, &context, key, type);
108*2d543d20SAndroid Build Coastguard Worker 	}
109*2d543d20SAndroid Build Coastguard Worker 	selabel_close(hnd);
110*2d543d20SAndroid Build Coastguard Worker 
111*2d543d20SAndroid Build Coastguard Worker 	if (rc) {
112*2d543d20SAndroid Build Coastguard Worker 		switch (errno) {
113*2d543d20SAndroid Build Coastguard Worker 		case ENOENT:
114*2d543d20SAndroid Build Coastguard Worker 			fprintf(stderr, "ERROR: selabel_lookup failed to "
115*2d543d20SAndroid Build Coastguard Worker 					    "find a valid context.\n");
116*2d543d20SAndroid Build Coastguard Worker 			break;
117*2d543d20SAndroid Build Coastguard Worker 		case EINVAL:
118*2d543d20SAndroid Build Coastguard Worker 			fprintf(stderr, "ERROR: selabel_lookup failed to "
119*2d543d20SAndroid Build Coastguard Worker 				    "validate context, or key / type are "
120*2d543d20SAndroid Build Coastguard Worker 				    "invalid.\n");
121*2d543d20SAndroid Build Coastguard Worker 			break;
122*2d543d20SAndroid Build Coastguard Worker 		default:
123*2d543d20SAndroid Build Coastguard Worker 			fprintf(stderr, "selabel_lookup ERROR: %s\n",
124*2d543d20SAndroid Build Coastguard Worker 						    strerror(errno));
125*2d543d20SAndroid Build Coastguard Worker 		}
126*2d543d20SAndroid Build Coastguard Worker 	} else {
127*2d543d20SAndroid Build Coastguard Worker 		printf("Default context: %s\n", context);
128*2d543d20SAndroid Build Coastguard Worker 		freecon(context);
129*2d543d20SAndroid Build Coastguard Worker 	}
130*2d543d20SAndroid Build Coastguard Worker 
131*2d543d20SAndroid Build Coastguard Worker 	return rc;
132*2d543d20SAndroid Build Coastguard Worker }
133