1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4 #include <unistd.h>
5 #include <selinux/selinux.h>
6 
usage(const char * progname)7 static __attribute__ ((__noreturn__)) void usage(const char *progname)
8 {
9 	fprintf(stderr, "usage:  %s [-a auditdata] scon tcon class perm\n"
10 		"\nWhere:\n\t"
11 		"-a  Optional information added to audit message.\n",
12 		progname);
13 	exit(1);
14 }
15 
cb_auditinfo(void * auditdata,security_class_t class,char * msgbuf,size_t msgbufsize)16 static int cb_auditinfo(void *auditdata,
17 			__attribute__((unused))security_class_t class,
18 			char *msgbuf, size_t msgbufsize)
19 {
20 	return snprintf(msgbuf, msgbufsize, "%s", (char *)auditdata);
21 }
22 
main(int argc,char ** argv)23 int main(int argc, char **argv)
24 {
25 	int opt, rc;
26 	char *audit_msg = NULL;
27 
28 	while ((opt = getopt(argc, argv, "a:")) != -1) {
29 		switch (opt) {
30 		case 'a':
31 			audit_msg = optarg;
32 			break;
33 		default:
34 			usage(argv[0]);
35 		}
36 	}
37 
38 	if ((argc - optind) != 4)
39 		usage(argv[0]);
40 
41 	if (audit_msg)
42 		selinux_set_callback(SELINUX_CB_AUDIT,
43 				     (union selinux_callback)cb_auditinfo);
44 
45 	rc = selinux_check_access(argv[optind], argv[optind + 1],
46 				  argv[optind + 2], argv[optind + 3],
47 				  audit_msg);
48 	if (rc < 0)
49 		perror("selinux_check_access");
50 
51 	return rc;
52 }
53