static int validate_handler(
const semanage_fcontext_t* fcon,
void* varg) {
char* str;
/* Unpack varg */
struct validate_handler_arg* arg =
(struct validate_handler_arg*) varg;
semanage_handle_t* handle = arg->handle;
const sepol_policydb_t* policydb = arg->policydb;
/* Unpack fcontext */
const char* expr = semanage_fcontext_get_expr(fcon);
int type = semanage_fcontext_get_type(fcon);
const char* type_str = semanage_fcontext_get_type_str(type);
semanage_context_t* con = semanage_fcontext_get_con(fcon);
if (con && sepol_context_check(handle->sepolh, policydb, con) < 0)
goto invalid;
return 0;
invalid:
if (semanage_context_to_string(handle, con, &str) >= 0) {
ERR(handle, "invalid context %s specified for %s [%s]",
str, expr, type_str);
free(str);
} else
ERR(handle, "invalid context specified for %s [%s]",
expr, type_str);
return -1;
}
static int node_print(semanage_handle_t * handle,
semanage_node_t * node, FILE * str)
{
char *con_str = NULL;
char *addr = NULL;
char *mask = NULL;
int proto = semanage_node_get_proto(node);
const char *proto_str = semanage_node_get_proto_str(proto);
semanage_context_t *con = semanage_node_get_con(node);
if (semanage_node_get_addr(handle, node, &addr) < 0)
goto err;
if (semanage_node_get_mask(handle, node, &mask) < 0)
goto err;
if (semanage_context_to_string(handle, con, &con_str) < 0)
goto err;
if (fprintf
(str, "nodecon %s %s %s %s\n", proto_str, addr, mask, con_str) < 0)
goto err;
free(addr);
free(mask);
free(con_str);
return STATUS_SUCCESS;
err:
free(addr);
free(mask);
free(con_str);
ERR(handle, "could not print node to stream");
return STATUS_ERR;
}
