int matchpathcon_main(int argc, char **argv) { int error = 0; unsigned opts; char *fcontext, *prefix, *path; opt_complementary = "-1" /* at least one param reqd */ ":?:f--p:p--f"; /* mutually exclusive */ opts = getopt32(argc, argv, "nNf:p:V", &fcontext, &prefix); argv += optind; if (opts & OPT_NOT_TRANS) { set_matchpathcon_flags(MATCHPATHCON_NOTRANS); } if (opts & OPT_FCONTEXT) { if (matchpathcon_init(fcontext)) bb_perror_msg_and_die("error while processing %s", fcontext); } if (opts & OPT_PREFIX) { if (matchpathcon_init_prefix(NULL, prefix)) bb_perror_msg_and_die("error while processing %s", prefix); } while ((path = *argv++) != NULL) { security_context_t con; int rc; if (!(opts & OPT_VERIFY)) { error += print_matchpathcon(path, opts & OPT_NOT_PRINT); continue; } if (selinux_file_context_verify(path, 0)) { printf("%s verified\n", path); continue; } if (opts & OPT_NOT_TRANS) rc = lgetfilecon_raw(path, &con); else rc = lgetfilecon(path, &con); if (rc >= 0) { printf("%s has context %s, should be ", path, con); error += print_matchpathcon(path, 1); freecon(con); continue; } printf("actual context unknown: %s, should be ", strerror(errno)); error += print_matchpathcon(path, 1); } matchpathcon_fini(); return error; }
int main(int argc, char **argv) { int i, init = 0, force_mode = 0; int header = 1, opt; int verify = 0; int notrans = 0; int error = 0; int quiet = 0; if (argc < 2) usage(argv[0]); while ((opt = getopt(argc, argv, "m:Nnf:P:p:Vq")) > 0) { switch (opt) { case 'n': header = 0; break; case 'm': force_mode = string_to_mode(optarg); if (force_mode < 0) { fprintf(stderr, "%s: mode %s is invalid\n", argv[0], optarg); exit(1); } break; case 'V': verify = 1; break; case 'N': notrans = 1; set_matchpathcon_flags(MATCHPATHCON_NOTRANS); break; case 'f': if (init) { fprintf(stderr, "%s: -f and -p are exclusive\n", argv[0]); exit(1); } init = 1; if (matchpathcon_init(optarg)) { fprintf(stderr, "Error while processing %s: %s\n", optarg, errno ? strerror(errno) : "invalid"); exit(1); } break; case 'P': if (selinux_set_policy_root(optarg) < 0 ) { fprintf(stderr, "Error setting policy root %s: %s\n", optarg, errno ? strerror(errno) : "invalid"); exit(1); } break; case 'p': if (init) { fprintf(stderr, "%s: -f and -p are exclusive\n", argv[0]); exit(1); } init = 1; if (matchpathcon_init_prefix(NULL, optarg)) { fprintf(stderr, "Error while processing %s: %s\n", optarg, errno ? strerror(errno) : "invalid"); exit(1); } break; case 'q': quiet = 1; break; default: usage(argv[0]); } } for (i = optind; i < argc; i++) { int rc, mode = 0; struct stat buf; char *path = argv[i]; int len = strlen(path); if (len > 1 && path[len - 1 ] == '/') path[len - 1 ] = '\0'; if (lstat(path, &buf) == 0) mode = buf.st_mode; if (force_mode) mode = force_mode; if (verify) { rc = selinux_file_context_verify(path, mode); if (quiet) { if (rc == 1) continue; else exit(1); } if (rc == -1) { printf("%s error: %s\n", path, strerror(errno)); exit(1); } else if (rc == 1) { printf("%s verified.\n", path); } else { char * con; error = 1; if (notrans) rc = lgetfilecon_raw(path, &con); else rc = lgetfilecon(path, &con); if (rc >= 0) { printf("%s has context %s, should be ", path, con); printmatchpathcon(path, 0, mode); freecon(con); } else { printf ("actual context unknown: %s, should be ", strerror(errno)); printmatchpathcon(path, 0, mode); } } } else { error |= printmatchpathcon(path, header, mode); } } matchpathcon_fini(); return error; }
int matchpathcon_main(int argc, char **argv) { int i; int header = 1; int verify = 0; int notrans = 0; int error = 0; unsigned long opts; char *fcontext, *prefix; if (argc < 2) bb_show_usage(); opts = bb_getopt_ulflags(argc, argv, "nNf:p:V", &fcontext, &prefix); if (opts & BB_GETOPT_ERROR) bb_show_usage(); if (opts & MATCHPATHCON_OPT_NOT_PRINT) header = 0; if (opts & MATCHPATHCON_OPT_NOT_TRANS) { notrans = 1; set_matchpathcon_flags(MATCHPATHCON_NOTRANS); } if ((opts & MATCHPATHCON_OPT_FCONTEXT) && (opts & MATCHPATHCON_OPT_PREFIX)) bb_error_msg_and_die("-f and -p are exclusive"); if (opts & MATCHPATHCON_OPT_FCONTEXT) { if (matchpathcon_init(fcontext)) bb_error_msg_and_die("Error while processing %s: %s", fcontext, errno ? strerror(errno) : "invalid"); } if (opts & MATCHPATHCON_OPT_PREFIX) { if (matchpathcon_init_prefix(NULL, prefix)) bb_error_msg_and_die("Error while processing %s: %s", prefix, errno ? strerror(errno) : "invalid"); } if (opts & MATCHPATHCON_OPT_VERIFY) verify = 1; for (i = optind; i < argc; i++) { if (verify) { if (selinux_file_context_verify(argv[i], 0)) { printf("%s verified.\n", argv[i]); } else { security_context_t con; int rc; if (notrans) rc = lgetfilecon_raw(argv[i], &con); else rc = lgetfilecon(argv[i], &con); if (rc >= 0) { printf("%s has context %s, should be ", argv[i], con); error += printmatchpathcon(argv[i], 0); freecon(con); } else { printf ("actual context unknown: %s, should be ", strerror(errno)); error += printmatchpathcon(argv[i], 0); } } } else { error += printmatchpathcon(argv[i], header); } } matchpathcon_fini(); return error; }