1*2d543d20SAndroid Build Coastguard Worker #include <unistd.h>
2*2d543d20SAndroid Build Coastguard Worker #include <sys/types.h>
3*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
4*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
5*2d543d20SAndroid Build Coastguard Worker #include <string.h>
6*2d543d20SAndroid Build Coastguard Worker #include <errno.h>
7*2d543d20SAndroid Build Coastguard Worker #include <selinux/selinux.h>
8*2d543d20SAndroid Build Coastguard Worker
main(int argc,char ** argv)9*2d543d20SAndroid Build Coastguard Worker int main(int argc, char **argv)
10*2d543d20SAndroid Build Coastguard Worker {
11*2d543d20SAndroid Build Coastguard Worker struct av_decision avd;
12*2d543d20SAndroid Build Coastguard Worker security_class_t tclass;
13*2d543d20SAndroid Build Coastguard Worker int ret;
14*2d543d20SAndroid Build Coastguard Worker
15*2d543d20SAndroid Build Coastguard Worker if (argc != 4) {
16*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "usage: %s scontext tcontext tclass\n",
17*2d543d20SAndroid Build Coastguard Worker argv[0]);
18*2d543d20SAndroid Build Coastguard Worker exit(1);
19*2d543d20SAndroid Build Coastguard Worker }
20*2d543d20SAndroid Build Coastguard Worker
21*2d543d20SAndroid Build Coastguard Worker if (security_check_context(argv[1])) {
22*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]);
23*2d543d20SAndroid Build Coastguard Worker exit(4);
24*2d543d20SAndroid Build Coastguard Worker }
25*2d543d20SAndroid Build Coastguard Worker
26*2d543d20SAndroid Build Coastguard Worker if (security_check_context(argv[2])) {
27*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]);
28*2d543d20SAndroid Build Coastguard Worker exit(5);
29*2d543d20SAndroid Build Coastguard Worker }
30*2d543d20SAndroid Build Coastguard Worker
31*2d543d20SAndroid Build Coastguard Worker tclass = string_to_security_class(argv[3]);
32*2d543d20SAndroid Build Coastguard Worker if (!tclass) {
33*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
34*2d543d20SAndroid Build Coastguard Worker exit(2);
35*2d543d20SAndroid Build Coastguard Worker }
36*2d543d20SAndroid Build Coastguard Worker
37*2d543d20SAndroid Build Coastguard Worker ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
38*2d543d20SAndroid Build Coastguard Worker if (ret < 0) {
39*2d543d20SAndroid Build Coastguard Worker fprintf(stderr, "%s: security_compute_av failed: %s\n", argv[0], strerror(errno));
40*2d543d20SAndroid Build Coastguard Worker exit(3);
41*2d543d20SAndroid Build Coastguard Worker }
42*2d543d20SAndroid Build Coastguard Worker
43*2d543d20SAndroid Build Coastguard Worker printf("allowed=");
44*2d543d20SAndroid Build Coastguard Worker print_access_vector(tclass, avd.allowed);
45*2d543d20SAndroid Build Coastguard Worker printf("\n");
46*2d543d20SAndroid Build Coastguard Worker
47*2d543d20SAndroid Build Coastguard Worker if (~avd.decided) {
48*2d543d20SAndroid Build Coastguard Worker printf("decided=");
49*2d543d20SAndroid Build Coastguard Worker print_access_vector(tclass, avd.decided);
50*2d543d20SAndroid Build Coastguard Worker printf("\n");
51*2d543d20SAndroid Build Coastguard Worker
52*2d543d20SAndroid Build Coastguard Worker printf("undecided=");
53*2d543d20SAndroid Build Coastguard Worker print_access_vector(tclass, ~avd.decided);
54*2d543d20SAndroid Build Coastguard Worker printf("\n");
55*2d543d20SAndroid Build Coastguard Worker }
56*2d543d20SAndroid Build Coastguard Worker
57*2d543d20SAndroid Build Coastguard Worker if (avd.auditallow) {
58*2d543d20SAndroid Build Coastguard Worker printf("auditallow=");
59*2d543d20SAndroid Build Coastguard Worker print_access_vector(tclass, avd.auditallow);
60*2d543d20SAndroid Build Coastguard Worker printf("\n");
61*2d543d20SAndroid Build Coastguard Worker }
62*2d543d20SAndroid Build Coastguard Worker
63*2d543d20SAndroid Build Coastguard Worker if (~avd.auditdeny) {
64*2d543d20SAndroid Build Coastguard Worker printf("auditdeny=");
65*2d543d20SAndroid Build Coastguard Worker print_access_vector(tclass, avd.auditdeny);
66*2d543d20SAndroid Build Coastguard Worker printf("\n");
67*2d543d20SAndroid Build Coastguard Worker
68*2d543d20SAndroid Build Coastguard Worker printf("dontaudit=");
69*2d543d20SAndroid Build Coastguard Worker print_access_vector(tclass, ~avd.auditdeny);
70*2d543d20SAndroid Build Coastguard Worker printf("\n");
71*2d543d20SAndroid Build Coastguard Worker }
72*2d543d20SAndroid Build Coastguard Worker
73*2d543d20SAndroid Build Coastguard Worker exit(EXIT_SUCCESS);
74*2d543d20SAndroid Build Coastguard Worker }
75