16cd6a6acSopenharmony_ci#include <errno.h>
26cd6a6acSopenharmony_ci#include <stdio.h>
36cd6a6acSopenharmony_ci#include <stdlib.h>
46cd6a6acSopenharmony_ci#include <string.h>
56cd6a6acSopenharmony_ci
66cd6a6acSopenharmony_ci#include <sepol/policydb/services.h>
76cd6a6acSopenharmony_ci#include <sepol/sepol.h>
86cd6a6acSopenharmony_ci
96cd6a6acSopenharmony_ci
106cd6a6acSopenharmony_ciint main(int argc, char *argv[])
116cd6a6acSopenharmony_ci{
126cd6a6acSopenharmony_ci	FILE *fp;
136cd6a6acSopenharmony_ci	sepol_security_id_t ssid, tsid;
146cd6a6acSopenharmony_ci	sepol_security_class_t tclass;
156cd6a6acSopenharmony_ci	struct sepol_av_decision avd;
166cd6a6acSopenharmony_ci	int rc;
176cd6a6acSopenharmony_ci
186cd6a6acSopenharmony_ci	if (argc != 5) {
196cd6a6acSopenharmony_ci		printf("usage:  %s policy scontext tcontext tclass\n", argv[0]);
206cd6a6acSopenharmony_ci		return 1;
216cd6a6acSopenharmony_ci	}
226cd6a6acSopenharmony_ci
236cd6a6acSopenharmony_ci	fp = fopen(argv[1], "r");
246cd6a6acSopenharmony_ci	if (!fp) {
256cd6a6acSopenharmony_ci		fprintf(stderr, "Can't open policy %s:  %s\n", argv[1], strerror(errno));
266cd6a6acSopenharmony_ci		return 1;
276cd6a6acSopenharmony_ci	}
286cd6a6acSopenharmony_ci	if (sepol_set_policydb_from_file(fp) < 0) {
296cd6a6acSopenharmony_ci		fprintf(stderr, "Error while processing policy %s:  %s\n", argv[1], strerror(errno));
306cd6a6acSopenharmony_ci		fclose(fp);
316cd6a6acSopenharmony_ci		return 1;
326cd6a6acSopenharmony_ci	}
336cd6a6acSopenharmony_ci	fclose(fp);
346cd6a6acSopenharmony_ci
356cd6a6acSopenharmony_ci	if (sepol_context_to_sid(argv[2], strlen(argv[2]), &ssid) < 0) {
366cd6a6acSopenharmony_ci		fprintf(stderr, "Invalid source context %s\n", argv[2]);
376cd6a6acSopenharmony_ci		return 1;
386cd6a6acSopenharmony_ci	}
396cd6a6acSopenharmony_ci
406cd6a6acSopenharmony_ci	if (sepol_context_to_sid(argv[3], strlen(argv[3]), &tsid) < 0) {
416cd6a6acSopenharmony_ci		fprintf(stderr, "Invalid target context %s\n", argv[3]);
426cd6a6acSopenharmony_ci		return 1;
436cd6a6acSopenharmony_ci	}
446cd6a6acSopenharmony_ci
456cd6a6acSopenharmony_ci	if (sepol_string_to_security_class(argv[4], &tclass) < 0) {
466cd6a6acSopenharmony_ci		fprintf(stderr, "Invalid security class %s\n", argv[4]);
476cd6a6acSopenharmony_ci		return 1;
486cd6a6acSopenharmony_ci	}
496cd6a6acSopenharmony_ci
506cd6a6acSopenharmony_ci	rc = sepol_compute_av(ssid, tsid, tclass, 0, &avd);
516cd6a6acSopenharmony_ci	switch (rc) {
526cd6a6acSopenharmony_ci	case 0:
536cd6a6acSopenharmony_ci		printf("allowed:    %s\n", sepol_av_perm_to_string(tclass, avd.allowed));
546cd6a6acSopenharmony_ci		printf("decided:    %s\n", sepol_av_perm_to_string(tclass, avd.decided));
556cd6a6acSopenharmony_ci		printf("auditallow: %s\n", sepol_av_perm_to_string(tclass, avd.auditallow));
566cd6a6acSopenharmony_ci		printf("auditdeny:  %s\n", sepol_av_perm_to_string(tclass, avd.auditdeny));
576cd6a6acSopenharmony_ci		break;
586cd6a6acSopenharmony_ci	case -EINVAL:
596cd6a6acSopenharmony_ci		printf("Invalid request\n");
606cd6a6acSopenharmony_ci		break;
616cd6a6acSopenharmony_ci	default:
626cd6a6acSopenharmony_ci		printf("Failed to compute av decision: %d\n", rc);
636cd6a6acSopenharmony_ci	}
646cd6a6acSopenharmony_ci
656cd6a6acSopenharmony_ci	return rc != 0;
666cd6a6acSopenharmony_ci}
67