int main(int argc, char **argv) { struct sepol_module_package *pkg; struct sepol_policy_file *mod, *out; char *module = NULL, *file_contexts = NULL, *seusers = NULL, *user_extra = NULL; char *fcdata = NULL, *outfile = NULL, *seusersdata = NULL, *user_extradata = NULL; size_t fclen = 0, seuserslen = 0, user_extralen = 0; int i; static struct option opts [] = { {"module", required_argument, NULL, 'm'}, {"fc", required_argument, NULL, 'f'}, {"seuser", required_argument, NULL, 's'}, {"user_extra", required_argument, NULL, 'u'}, {"outfile", required_argument, NULL, 'o'}, {"help", 0, NULL, 'h'}, {NULL, 0, NULL, 0} }; while ((i = getopt_long(argc, argv, "m:f:s:u:o:h", opts, NULL)) != -1) { switch (i) { case 'h': usage(argv[0]); exit(0); case 'm': if (module) { fprintf(stderr, "May not specify more than one module\n"); exit(1); } module = strdup(optarg); if (!module) exit(1); break; case 'f': if (file_contexts) { fprintf(stderr, "May not specify more than one file context file\n"); exit(1); } file_contexts = strdup(optarg); if (!file_contexts) exit(1); break; case 'o': if (outfile) { fprintf(stderr, "May not specify more than one output file\n"); exit(1); } outfile = strdup(optarg); if (!outfile) exit(1); break; case 's': if (seusers) { fprintf(stderr, "May not specify more than one seuser file\n"); exit(1); } seusers = strdup(optarg); if (!seusers) exit(1); break; case 'u': if (user_extra) { fprintf(stderr, "May not specify more than one user_extra file\n"); exit(1); } user_extra = strdup(optarg); if (!user_extra) exit(1); } } progname = argv[0]; if (!module || !outfile) { usage(argv[0]); exit(0); } if (file_contexts) { if (file_to_data(file_contexts, &fcdata, &fclen)) exit(1); } if (seusers) { if (file_to_data(seusers, &seusersdata, &seuserslen)) exit(1); } if (user_extra) { if (file_to_data(user_extra, &user_extradata, &user_extralen)) exit(1); } if (file_to_policy_file(module, &mod, "r")) exit(1); if (sepol_module_package_create(&pkg)) { fprintf(stderr, "%s: Out of memory\n", argv[0]); exit(1); } if (sepol_policydb_read(sepol_module_package_get_policy(pkg), mod)) { fprintf(stderr, "%s: Error while reading policy module from %s\n", argv[0], module); exit(1); } if (fclen) sepol_module_package_set_file_contexts(pkg, fcdata, fclen); if (seuserslen) sepol_module_package_set_seusers(pkg, seusersdata, seuserslen); if (user_extra) sepol_module_package_set_user_extra(pkg, user_extradata, user_extralen); if (file_to_policy_file(outfile, &out, "w")) exit(1); if (sepol_module_package_write(pkg, out)) { fprintf(stderr, "%s: Error while writing module package to %s\n", argv[0], argv[1]); exit(1); } if (fclen) munmap(fcdata, fclen); sepol_policy_file_free(mod); sepol_policy_file_free(out); sepol_module_package_free(pkg); free(file_contexts); free(outfile); free(module); exit(0); }
static void do_fc_check_and_die_on_error(struct selinux_opt opts[], unsigned int backend, filemode mode, const char *sepolicy_file, const char *context_file, bool allow_empty) { struct stat sb; if (stat(context_file, &sb) < 0) { perror("Error: could not get stat on file contexts file"); exit(1); } if (sb.st_size == 0) { /* Nothing to check on empty file_contexts file if allowed*/ if (allow_empty) { return; } /* else: We could throw the error here, but libselinux backend will catch it */ } global_state.sepolicy.file = fopen(sepolicy_file, "r"); if (!global_state.sepolicy.file) { perror("Error: could not open policy file"); exit(1); } global_state.sepolicy.handle = sepol_handle_create(); if (!global_state.sepolicy.handle) { fprintf(stderr, "Error: could not create policy handle: %s\n", strerror(errno)); exit(1); } if (sepol_policy_file_create(&global_state.sepolicy.pf) < 0) { perror("Error: could not create policy handle"); exit(1); } sepol_policy_file_set_fp(global_state.sepolicy.pf, global_state.sepolicy.file); sepol_policy_file_set_handle(global_state.sepolicy.pf, global_state.sepolicy.handle); int rc = sepol_policydb_create(&global_state.sepolicy.sdb); if (rc < 0) { perror("Error: could not create policy db"); exit(1); } rc = sepol_policydb_read(global_state.sepolicy.sdb, global_state.sepolicy.pf); if (rc < 0) { perror("Error: could not read file into policy db"); exit(1); } global_state.assert.attrs = filemode_to_assert_attrs(mode); bool ret = ebitmap_attribute_assertion_init(&global_state.assert.set, global_state.assert.attrs); if (!ret) { /* error messages logged by ebitmap_attribute_assertion_init() */ exit(1); } selinux_set_callback(SELINUX_CB_VALIDATE, (union selinux_callback)&validate); opts[1].value = context_file; global_state.sepolicy.sehnd[0] = selabel_open(backend, opts, 2); if (!global_state.sepolicy.sehnd[0]) { fprintf(stderr, "Error: could not load context file from %s\n", context_file); exit(1); } }