1#include <errno.h> 2#include <stdio.h> 3#include <stdlib.h> 4#include <string.h> 5 6#include <sepol/policydb/services.h> 7#include <sepol/sepol.h> 8 9 10int main(int argc, char *argv[]) 11{ 12 FILE *fp; 13 sepol_security_id_t ssid, tsid, out_sid; 14 sepol_security_class_t tclass; 15 char *context; 16 size_t context_len; 17 18 if (argc != 5) { 19 printf("usage: %s policy scontext tcontext tclass\n", argv[0]); 20 return 1; 21 } 22 23 fp = fopen(argv[1], "r"); 24 if (!fp) { 25 fprintf(stderr, "Can't open policy %s: %s\n", argv[1], strerror(errno)); 26 return 1; 27 } 28 if (sepol_set_policydb_from_file(fp) < 0) { 29 fprintf(stderr, "Error while processing policy %s: %s\n", argv[1], strerror(errno)); 30 fclose(fp); 31 return 1; 32 } 33 fclose(fp); 34 35 if (sepol_context_to_sid(argv[2], strlen(argv[2]), &ssid) < 0) { 36 fprintf(stderr, "Invalid source context %s\n", argv[2]); 37 return 1; 38 } 39 40 if (sepol_context_to_sid(argv[3], strlen(argv[3]), &tsid) < 0) { 41 fprintf(stderr, "Invalid target context %s\n", argv[3]); 42 return 1; 43 } 44 45 if (sepol_string_to_security_class(argv[4], &tclass) < 0) { 46 fprintf(stderr, "Invalid security class %s\n", argv[4]); 47 return 1; 48 } 49 50 if (sepol_member_sid(ssid, tsid, tclass, &out_sid) < 0) { 51 fprintf(stderr, "Failed to compute member sid: %s\n", strerror(errno)); 52 return 1; 53 } 54 55 if (sepol_sid_to_context(out_sid, &context, &context_len) < 0) { 56 fprintf(stderr, "Failed to convert sid %u: %s\n", out_sid, strerror(errno)); 57 return 1; 58 } 59 60 printf("%s\n", context); 61 free(context); 62 63 return 0; 64} 65