1/* matchpathcon  -  get the default security context for the specified
2 *                  path from the file contexts configuration.
3 *                  based on libselinux-1.32
4 * Port to busybox: KaiGai Kohei <kaigai@kaigai.gr.jp>
5 *
6 */
7#include "libbb.h"
8
9static int print_matchpathcon(char *path, int noprint)
10{
11	char *buf;
12	int rc = matchpathcon(path, 0, &buf);
13	if (rc < 0) {
14		bb_perror_msg("matchpathcon(%s) failed", path);
15		return 1;
16	}
17	if (!noprint)
18		printf("%s\t%s\n", path, buf);
19	else
20		printf("%s\n", buf);
21
22	freecon(buf);
23	return 0;
24}
25
26#define OPT_NOT_PRINT   (1<<0)  /* -n */
27#define OPT_NOT_TRANS   (1<<1)  /* -N */
28#define OPT_FCONTEXT    (1<<2)  /* -f */
29#define OPT_PREFIX      (1<<3)  /* -p */
30#define OPT_VERIFY      (1<<4)  /* -V */
31
32int matchpathcon_main(int argc, char **argv);
33int matchpathcon_main(int argc, char **argv)
34{
35	int error = 0;
36	unsigned opts;
37	char *fcontext, *prefix, *path;
38
39	opt_complementary = "-1" /* at least one param reqd */
40		":?:f--p:p--f"; /* mutually exclusive */
41	opts = getopt32(argv, "nNf:p:V", &fcontext, &prefix);
42	argv += optind;
43
44	if (opts & OPT_NOT_TRANS) {
45		set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
46	}
47	if (opts & OPT_FCONTEXT) {
48		if (matchpathcon_init(fcontext))
49			bb_perror_msg_and_die("error while processing %s", fcontext);
50	}
51	if (opts & OPT_PREFIX) {
52		if (matchpathcon_init_prefix(NULL, prefix))
53			bb_perror_msg_and_die("error while processing %s", prefix);
54	}
55
56	while ((path = *argv++) != NULL) {
57		security_context_t con;
58		int rc;
59
60		if (!(opts & OPT_VERIFY)) {
61			error += print_matchpathcon(path, opts & OPT_NOT_PRINT);
62			continue;
63		}
64
65		if (selinux_file_context_verify(path, 0)) {
66			printf("%s verified\n", path);
67			continue;
68		}
69
70		if (opts & OPT_NOT_TRANS)
71			rc = lgetfilecon_raw(path, &con);
72		else
73			rc = lgetfilecon(path, &con);
74
75		if (rc >= 0) {
76			printf("%s has context %s, should be ", path, con);
77			error += print_matchpathcon(path, 1);
78			freecon(con);
79			continue;
80		}
81		printf("actual context unknown: %s, should be ", strerror(errno));
82		error += print_matchpathcon(path, 1);
83	}
84	matchpathcon_fini();
85	return error;
86}
87