[Selinux-commits] SF.net SVN: selinux: [2182] trunk/libselinux

[<ssm...@us...>]

Revision: 2182
          http://svn.sourceforge.net/selinux/?rev=2182&view=rev
Author:   ssmalley
Date:     2007-01-16 11:14:28 -0800 (Tue, 16 Jan 2007)

Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: New test program for libselinux/utils that helped with testing MLS/Role/Level coding
Date: Fri, 12 Jan 2007 11:51:19 -0500

Fixed level part of patch

> This is very similar to the existing getseuser utility that likewise
> does a getseuserbyname() but then calls
> get_ordered_context_list_with_level() and displays all of the contexts
> in it.  Differences are that you permit specification of the role (and
> level, if fixed) via options and you only get the default value rather
> than the entire list.
I found this test program much easier to figure out what the application 
(locallogin, sshd ...) would do when I logged in.

Probably be worth while adding some of the mls constraints tests in 
also.  IE Make sure mls is working so if I have a process running s0:s0 
it can't generate a SystemHigh user, as well as a user with s0:s0 can 
not ask for a level of SystemHigh.

Modified Paths:
--------------
    trunk/libselinux/ChangeLog
    trunk/libselinux/VERSION

Added Paths:
-----------
    trunk/libselinux/utils/getdefaultcon.c

Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog	2007-01-16 19:09:55 UTC (rev 2181)
+++ trunk/libselinux/ChangeLog	2007-01-16 19:14:28 UTC (rev 2182)
@@ -1,3 +1,6 @@
+1.33.5 2006-01-16
+	* Merged getdefaultcon utility from Dan Walsh.
+
 1.33.4 2006-01-11
 	* Merged selinux_check_securetty_context() and support from Dan Walsh.
 

Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION	2007-01-16 19:09:55 UTC (rev 2181)
+++ trunk/libselinux/VERSION	2007-01-16 19:14:28 UTC (rev 2182)
@@ -1 +1 @@
-1.33.4
+1.33.5

Added: trunk/libselinux/utils/getdefaultcon.c
===================================================================
--- trunk/libselinux/utils/getdefaultcon.c	                        (rev 0)
+++ trunk/libselinux/utils/getdefaultcon.c	2007-01-16 19:14:28 UTC (rev 2182)
@@ -0,0 +1,80 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+void usage(char *name, char *detail, int rc)
+{
+	fprintf(stderr, "usage:  %s [-l level] user fromcon\n", name);
+	if (detail)
+		fprintf(stderr, "%s:  %s\n", name, detail);
+	exit(rc);
+}
+
+int main(int argc, char **argv)
+{
+	security_context_t usercon = NULL, cur_context = NULL;
+	char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+	int ret, opt;
+
+	while ((opt = getopt(argc, argv, "l:r:")) > 0) {
+		switch (opt) {
+		case 'l':
+			level = strdup(optarg);
+			break;
+		case 'r':
+			role = strdup(optarg);
+			break;
+		default:
+			usage(argv[0], "invalid option", 1);
+		}
+	}
+
+	if (((argc - optind) < 1) || ((argc - optind) > 2))
+		usage(argv[0], "invalid number of arguments", 2);
+
+	/* If selinux isn't available, bail out. */
+	if (!is_selinux_enabled()) {
+		fprintf(stderr,
+			"%s may be used only on a SELinux kernel.\n", argv[0]);
+		return 1;
+	}
+
+	user = argv[optind];
+
+	/* If a context wasn't passed, use the current context. */
+	if (((argc - optind) < 2)) {
+		if (getcon(&cur_context) < 0) {
+			fprintf(stderr, "Couldn't get current context.\n");
+			return 2;
+		}
+	} else
+		cur_context = argv[optind + 1];
+
+	if (getseuserbyname(user, &seuser, &dlevel)==0) {
+		if (! level) level=dlevel;
+		if (role != NULL && role[0]) 
+			ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
+		else
+			ret=get_default_context_with_level(seuser, level, cur_context,&usercon);
+	}
+	if (ret < 0)
+		perror(argv[0]);
+	else
+		printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
+
+
+	free(role);
+	free(seuser);
+	if (level != dlevel) free(level);
+	free(dlevel);
+	free(usercon);
+
+	return 0;
+}


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.