Beispiel #1
0
int matchpathcon_main(int argc, char **argv)
{
	int error = 0;
	unsigned opts;
	char *fcontext, *prefix, *path;

	opt_complementary = "-1" /* at least one param reqd */
		":?:f--p:p--f"; /* mutually exclusive */
	opts = getopt32(argc, argv, "nNf:p:V", &fcontext, &prefix);
	argv += optind;

	if (opts & OPT_NOT_TRANS) {
		set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
	}
	if (opts & OPT_FCONTEXT) {
		if (matchpathcon_init(fcontext))
			bb_perror_msg_and_die("error while processing %s", fcontext);
	}
	if (opts & OPT_PREFIX) {
		if (matchpathcon_init_prefix(NULL, prefix))
			bb_perror_msg_and_die("error while processing %s", prefix);
	}

	while ((path = *argv++) != NULL) {
		security_context_t con;
		int rc;

		if (!(opts & OPT_VERIFY)) {
			error += print_matchpathcon(path, opts & OPT_NOT_PRINT);
			continue;
		}

		if (selinux_file_context_verify(path, 0)) {
			printf("%s verified\n", path);
			continue;
		}

		if (opts & OPT_NOT_TRANS)
			rc = lgetfilecon_raw(path, &con);
		else
			rc = lgetfilecon(path, &con);

		if (rc >= 0) {
			printf("%s has context %s, should be ", path, con);
			error += print_matchpathcon(path, 1);
			freecon(con);
			continue;
		}
		printf("actual context unknown: %s, should be ", strerror(errno));
		error += print_matchpathcon(path, 1);
	}
	matchpathcon_fini();
	return error;
}
Beispiel #2
0
rpmsx rpmsxNew(const char * fn, unsigned int flags)
{
    rpmsx sx = rpmsxGetPool(_rpmsxPool);

    sx->fn = NULL;
    sx->flags = flags;

#if defined(WITH_SELINUX)
    if (fn == NULL)
	fn = selinux_file_context_path();
    if (sx->flags)
	set_matchpathcon_flags(sx->flags);
    {	int rc;
	sx->fn = rpmGetPath(fn, NULL);
	rc = matchpathcon_init(sx->fn);
	/* If matchpathcon_init fails, turn off SELinux functionality. */
	if (rc < 0)
	    sx->fn = _free(sx->fn);
    }
#endif
    return rpmsxLink(sx);
}
Beispiel #3
0
int main(int argc, char **argv)
{
	int i, init = 0, force_mode = 0;
	int header = 1, opt;
	int verify = 0;
	int notrans = 0;
	int error = 0;
	int quiet = 0;

	if (argc < 2)
		usage(argv[0]);

	while ((opt = getopt(argc, argv, "m:Nnf:P:p:Vq")) > 0) {
		switch (opt) {
		case 'n':
			header = 0;
			break;
		case 'm':
			force_mode = string_to_mode(optarg);
			if (force_mode < 0) {
				fprintf(stderr, "%s: mode %s is invalid\n", argv[0], optarg);
				exit(1);
			}
			break;
		case 'V':
			verify = 1;
			break;
		case 'N':
			notrans = 1;
			set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
			break;
		case 'f':
			if (init) {
				fprintf(stderr,
					"%s:  -f and -p are exclusive\n",
					argv[0]);
				exit(1);
			}
			init = 1;
			if (matchpathcon_init(optarg)) {
				fprintf(stderr,
					"Error while processing %s:  %s\n",
					optarg,
					errno ? strerror(errno) : "invalid");
				exit(1);
			}
			break;
		case 'P':
			if (selinux_set_policy_root(optarg) < 0 ) {
				fprintf(stderr,
					"Error setting policy root  %s:  %s\n",
					optarg,
					errno ? strerror(errno) : "invalid");
				exit(1);
			}
			break;
		case 'p':
			if (init) {
				fprintf(stderr,
					"%s:  -f and -p are exclusive\n",
					argv[0]);
				exit(1);
			}
			init = 1;
			if (matchpathcon_init_prefix(NULL, optarg)) {
				fprintf(stderr,
					"Error while processing %s:  %s\n",
					optarg,
					errno ? strerror(errno) : "invalid");
				exit(1);
			}
			break;
		case 'q':
			quiet = 1;
			break;
		default:
			usage(argv[0]);
		}
	}
	for (i = optind; i < argc; i++) {
		int rc, mode = 0;
		struct stat buf;
		char *path = argv[i];
		int len = strlen(path);
		if (len > 1  && path[len - 1 ] == '/')
			path[len - 1 ] = '\0';

		if (lstat(path, &buf) == 0)
			mode = buf.st_mode;
		if (force_mode)
			mode = force_mode;

		if (verify) {
			rc = selinux_file_context_verify(path, mode);

			if (quiet) {
				if (rc == 1)
					continue;
				else
					exit(1);
			}

			if (rc == -1) {
				printf("%s error: %s\n", path, strerror(errno));
				exit(1);
			} else if (rc == 1) {
				printf("%s verified.\n", path);
			} else {
				char * con;
				error = 1;
				if (notrans)
					rc = lgetfilecon_raw(path, &con);
				else
					rc = lgetfilecon(path, &con);

				if (rc >= 0) {
					printf("%s has context %s, should be ",
					       path, con);
					printmatchpathcon(path, 0, mode);
					freecon(con);
				} else {
					printf
					    ("actual context unknown: %s, should be ",
					     strerror(errno));
					printmatchpathcon(path, 0, mode);
				}
			}
		} else {
			error |= printmatchpathcon(path, header, mode);
		}
	}
	matchpathcon_fini();
	return error;
}
Beispiel #4
0
int matchpathcon_main(int argc, char **argv)
{
	int i;
	int header = 1;
	int verify = 0;
	int notrans = 0;
	int error = 0;
	unsigned long opts;
	char *fcontext, *prefix;

	if (argc < 2)
		bb_show_usage();

	opts = bb_getopt_ulflags(argc, argv, "nNf:p:V", &fcontext, &prefix);
	if (opts & BB_GETOPT_ERROR)
		bb_show_usage();
	if (opts & MATCHPATHCON_OPT_NOT_PRINT)
		header = 0;
	if (opts & MATCHPATHCON_OPT_NOT_TRANS) {
		notrans = 1;
		set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
	}
	if ((opts & MATCHPATHCON_OPT_FCONTEXT) && (opts & MATCHPATHCON_OPT_PREFIX))
		bb_error_msg_and_die("-f and -p are exclusive");

	if (opts & MATCHPATHCON_OPT_FCONTEXT) {
		if (matchpathcon_init(fcontext))
			bb_error_msg_and_die("Error while processing %s: %s",
					     fcontext, errno ? strerror(errno) : "invalid");
	}
	if (opts & MATCHPATHCON_OPT_PREFIX) {
		if (matchpathcon_init_prefix(NULL, prefix))
			bb_error_msg_and_die("Error while processing %s:  %s",
					     prefix, errno ? strerror(errno) : "invalid");
	}
	if (opts & MATCHPATHCON_OPT_VERIFY)
		verify = 1;

	for (i = optind; i < argc; i++) {
		if (verify) {
			if (selinux_file_context_verify(argv[i], 0)) {
				printf("%s verified.\n", argv[i]);
			} else {
				security_context_t con;
				int rc;
				if (notrans)
					rc = lgetfilecon_raw(argv[i], &con);
				else
					rc = lgetfilecon(argv[i], &con);

				if (rc >= 0) {
					printf("%s has context %s, should be ",
					       argv[i], con);
					error += printmatchpathcon(argv[i], 0);
					freecon(con);
				} else {
					printf
					    ("actual context unknown: %s, should be ",
					     strerror(errno));
					error += printmatchpathcon(argv[i], 0);
				}
			}
		} else {
			error += printmatchpathcon(argv[i], header);
		}
	}
	matchpathcon_fini();
	return error;
}