16cd6a6acSopenharmony_ci#include <errno.h> 26cd6a6acSopenharmony_ci#include <stdio.h> 36cd6a6acSopenharmony_ci#include <stdlib.h> 46cd6a6acSopenharmony_ci#include <string.h> 56cd6a6acSopenharmony_ci 66cd6a6acSopenharmony_ci#include <sepol/policydb/services.h> 76cd6a6acSopenharmony_ci#include <sepol/sepol.h> 86cd6a6acSopenharmony_ci 96cd6a6acSopenharmony_ci 106cd6a6acSopenharmony_ciint main(int argc, char *argv[]) 116cd6a6acSopenharmony_ci{ 126cd6a6acSopenharmony_ci FILE *fp; 136cd6a6acSopenharmony_ci sepol_security_id_t oldsid, newsid, tasksid; 146cd6a6acSopenharmony_ci sepol_security_class_t tclass; 156cd6a6acSopenharmony_ci char *reason = NULL; 166cd6a6acSopenharmony_ci int ret; 176cd6a6acSopenharmony_ci 186cd6a6acSopenharmony_ci if (argc != 6) { 196cd6a6acSopenharmony_ci printf("usage: %s policy oldcontext newcontext tclass taskcontext\n", argv[0]); 206cd6a6acSopenharmony_ci return 1; 216cd6a6acSopenharmony_ci } 226cd6a6acSopenharmony_ci 236cd6a6acSopenharmony_ci fp = fopen(argv[1], "r"); 246cd6a6acSopenharmony_ci if (!fp) { 256cd6a6acSopenharmony_ci fprintf(stderr, "Can't open policy %s: %s\n", argv[1], strerror(errno)); 266cd6a6acSopenharmony_ci return 1; 276cd6a6acSopenharmony_ci } 286cd6a6acSopenharmony_ci if (sepol_set_policydb_from_file(fp) < 0) { 296cd6a6acSopenharmony_ci fprintf(stderr, "Error while processing policy %s: %s\n", argv[1], strerror(errno)); 306cd6a6acSopenharmony_ci fclose(fp); 316cd6a6acSopenharmony_ci return 1; 326cd6a6acSopenharmony_ci } 336cd6a6acSopenharmony_ci fclose(fp); 346cd6a6acSopenharmony_ci 356cd6a6acSopenharmony_ci if (sepol_context_to_sid(argv[2], strlen(argv[2]), &oldsid) < 0) { 366cd6a6acSopenharmony_ci fprintf(stderr, "Invalid old context %s\n", argv[2]); 376cd6a6acSopenharmony_ci return 1; 386cd6a6acSopenharmony_ci } 396cd6a6acSopenharmony_ci 406cd6a6acSopenharmony_ci if (sepol_context_to_sid(argv[3], strlen(argv[3]), &newsid) < 0) { 416cd6a6acSopenharmony_ci fprintf(stderr, "Invalid new context %s\n", argv[3]); 426cd6a6acSopenharmony_ci return 1; 436cd6a6acSopenharmony_ci } 446cd6a6acSopenharmony_ci 456cd6a6acSopenharmony_ci if (sepol_string_to_security_class(argv[4], &tclass) < 0) { 466cd6a6acSopenharmony_ci fprintf(stderr, "Invalid security class %s\n", argv[4]); 476cd6a6acSopenharmony_ci return 1; 486cd6a6acSopenharmony_ci } 496cd6a6acSopenharmony_ci 506cd6a6acSopenharmony_ci if (sepol_context_to_sid(argv[5], strlen(argv[5]), &tasksid) < 0) { 516cd6a6acSopenharmony_ci fprintf(stderr, "Invalid task context %s\n", argv[5]); 526cd6a6acSopenharmony_ci return 1; 536cd6a6acSopenharmony_ci } 546cd6a6acSopenharmony_ci 556cd6a6acSopenharmony_ci ret = sepol_validate_transition_reason_buffer(oldsid, newsid, tasksid, tclass, &reason, SHOW_GRANTED); 566cd6a6acSopenharmony_ci switch (ret) { 576cd6a6acSopenharmony_ci case 0: 586cd6a6acSopenharmony_ci printf("allowed\n"); 596cd6a6acSopenharmony_ci ret = 0; 606cd6a6acSopenharmony_ci break; 616cd6a6acSopenharmony_ci case -EPERM: 626cd6a6acSopenharmony_ci printf("denied\n"); 636cd6a6acSopenharmony_ci printf("%s\n", reason ? reason : "unknown - possible BUG()"); 646cd6a6acSopenharmony_ci ret = 7; 656cd6a6acSopenharmony_ci break; 666cd6a6acSopenharmony_ci default: 676cd6a6acSopenharmony_ci printf("sepol_validate_transition_reason_buffer returned %d errno: %s\n", ret, strerror(errno)); 686cd6a6acSopenharmony_ci ret = 1; 696cd6a6acSopenharmony_ci } 706cd6a6acSopenharmony_ci 716cd6a6acSopenharmony_ci free(reason); 726cd6a6acSopenharmony_ci 736cd6a6acSopenharmony_ci return ret; 746cd6a6acSopenharmony_ci} 75