1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4 #include <getopt.h>
5 #include <errno.h>
6 #include <stdbool.h>
7 #include <selinux/selinux.h>
8 #include <selinux/label.h>
9
usage(const char * progname)10 static __attribute__ ((__noreturn__)) void usage(const char *progname)
11 {
12 fprintf(stderr,
13 "usage: %s [-v] -p <path> [-f file]\n\n"
14 "Where:\n\t"
15 "-v Validate file_contxts entries against loaded policy.\n\t"
16 "-p Path to check if a match or partial match is possible\n\t"
17 " against a regex entry in the file_contexts file.\n\t"
18 "-f Optional file_contexts file (defaults to current policy).\n\n"
19 "Example:\n\t"
20 "%s -p /sys/devices/system/cpu/online\n\t"
21 " Check if a match or partial match is possible against\n\t"
22 " the path \"/sys/devices/system/cpu/online\", returning\n\t"
23 " TRUE or FALSE.\n\n", progname, progname);
24 exit(1);
25 }
26
main(int argc,char ** argv)27 int main(int argc, char **argv)
28 {
29 int opt;
30 bool partial_match;
31 const char *validate = NULL, *path = NULL, *file = NULL;
32
33 struct selabel_handle *hnd;
34 struct selinux_opt selabel_option[] = {
35 { SELABEL_OPT_PATH, file },
36 { SELABEL_OPT_VALIDATE, validate }
37 };
38
39 if (argc < 2)
40 usage(argv[0]);
41
42 while ((opt = getopt(argc, argv, "f:vp:")) > 0) {
43 switch (opt) {
44 case 'f':
45 file = optarg;
46 break;
47 case 'v':
48 validate = (char *)1;
49 break;
50 case 'p':
51 path = optarg;
52 break;
53 default:
54 usage(argv[0]);
55 }
56 }
57
58 if (!path || optind != argc)
59 usage(argv[0]);
60
61 selabel_option[0].value = file;
62 selabel_option[1].value = validate;
63
64 hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
65 if (!hnd) {
66 fprintf(stderr, "ERROR: selabel_open - Could not obtain "
67 "handle: %s\n",
68 strerror(errno));
69 return -1;
70 }
71
72 partial_match = selabel_partial_match(hnd, path);
73
74 printf("Match or Partial match: %s\n",
75 partial_match ? "TRUE" : "FALSE");
76
77 selabel_close(hnd);
78 return partial_match;
79 }
80