#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <selinux/selinux.h>
static __attribute__ ((__noreturn__)) void usage(const char *progname)
{
fprintf(stderr, "usage: %s [-a auditdata] scon tcon class perm\n"
"\nWhere:\n\t"
"-a Optional information added to audit message.\n",
progname);
exit(1);
}
static int cb_auditinfo(void *auditdata,
__attribute__((unused))security_class_t class,
char *msgbuf, size_t msgbufsize)
{
return snprintf(msgbuf, msgbufsize, "%s", (char *)auditdata);
}
int main(int argc, char **argv)
{
int opt, rc;
char *audit_msg = NULL;
while ((opt = getopt(argc, argv, "a:")) != -1) {
switch (opt) {
case 'a':
audit_msg = optarg;
break;
default:
usage(argv[0]);
}
}
if ((argc - optind) != 4)
usage(argv[0]);
if (audit_msg)
selinux_set_callback(SELINUX_CB_AUDIT,
(union selinux_callback)cb_auditinfo);
rc = selinux_check_access(argv[optind], argv[optind + 1],
argv[optind + 2], argv[optind + 3],
audit_msg);
if (rc < 0)
perror("selinux_check_access");
return rc;
}