#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include "selinux_internal.h"
#include "policy.h"
#include <limits.h>

int security_canonicalize_context_raw(const char * con,
				      char ** canoncon)
{
	char path[PATH_MAX];
	char *buf;
	size_t size;
	int fd, ret;

	if (!selinux_mnt) {
		errno = ENOENT;
		return -1;
	}

	snprintf(path, sizeof path, "%s/context", selinux_mnt);
	fd = open(path, O_RDWR | O_CLOEXEC);
	if (fd < 0)
		return -1;

	size = selinux_page_size;
	buf = malloc(size);
	if (!buf) {
		ret = -1;
		goto out;
	}
	strncpy(buf, con, size);

	ret = write(fd, buf, strlen(buf) + 1);
	if (ret < 0)
		goto out2;

	memset(buf, 0, size);
	ret = read(fd, buf, size - 1);
	if (ret < 0 && errno == EINVAL) {
		/* Fall back to the original context for kernels
		   that do not support the extended interface. */
		strncpy(buf, con, size);
	}

	*canoncon = strdup(buf);
	if (!(*canoncon)) {
		ret = -1;
		goto out2;
	}
	ret = 0;
      out2:
	free(buf);
      out:
	close(fd);
	return ret;
}

hidden_def(security_canonicalize_context_raw)

int security_canonicalize_context(const char * con,
				      char ** canoncon)
{
	int ret;
	char * rcon;
	char * rcanoncon;

	if (selinux_trans_to_raw_context(con, &rcon))
		return -1;

	ret = security_canonicalize_context_raw(rcon, &rcanoncon);

	freecon(rcon);
	if (!ret) {
		ret = selinux_raw_to_trans_context(rcanoncon, canoncon);
		freecon(rcanoncon);
	}

	return ret;
}

hidden_def(security_canonicalize_context)