aboutsummaryrefslogtreecommitdiffstats
path: root/libselinux/utils/getdefaultcon.c
diff options
context:
space:
mode:
Diffstat (limited to 'libselinux/utils/getdefaultcon.c')
-rw-r--r--libselinux/utils/getdefaultcon.c80
1 files changed, 80 insertions, 0 deletions
diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
new file mode 100644
index 00000000..93762c1e
--- /dev/null
+++ b/libselinux/utils/getdefaultcon.c
@@ -0,0 +1,80 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+void usage(char *name, char *detail, int rc)
+{
+ fprintf(stderr, "usage: %s [-l level] user fromcon\n", name);
+ if (detail)
+ fprintf(stderr, "%s: %s\n", name, detail);
+ exit(rc);
+}
+
+int main(int argc, char **argv)
+{
+ security_context_t usercon = NULL, cur_context = NULL;
+ char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+ int ret, opt;
+
+ while ((opt = getopt(argc, argv, "l:r:")) > 0) {
+ switch (opt) {
+ case 'l':
+ level = strdup(optarg);
+ break;
+ case 'r':
+ role = strdup(optarg);
+ break;
+ default:
+ usage(argv[0], "invalid option", 1);
+ }
+ }
+
+ if (((argc - optind) < 1) || ((argc - optind) > 2))
+ usage(argv[0], "invalid number of arguments", 2);
+
+ /* If selinux isn't available, bail out. */
+ if (!is_selinux_enabled()) {
+ fprintf(stderr,
+ "%s may be used only on a SELinux kernel.\n", argv[0]);
+ return 1;
+ }
+
+ user = argv[optind];
+
+ /* If a context wasn't passed, use the current context. */
+ if (((argc - optind) < 2)) {
+ if (getcon(&cur_context) < 0) {
+ fprintf(stderr, "Couldn't get current context.\n");
+ return 2;
+ }
+ } else
+ cur_context = argv[optind + 1];
+
+ if ((ret = getseuserbyname(user, &seuser, &dlevel)) == 0) {
+ if (! level) level=dlevel;
+ if (role != NULL && role[0])
+ ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
+ else
+ ret=get_default_context_with_level(seuser, level, cur_context,&usercon);
+ }
+ if (ret < 0)
+ perror(argv[0]);
+ else
+ printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
+
+
+ free(role);
+ free(seuser);
+ if (level != dlevel) free(level);
+ free(dlevel);
+ free(usercon);
+
+ return 0;
+}