menu:
printf("\nSelect an option:\n");
printf("0) Call compute_access_vector\n");
printf("1) Call sid_to_context\n");
printf("2) Call context_to_sid\n");
printf("3) Call transition_sid\n");
printf("4) Call member_sid\n");
printf("5) Call change_sid\n");
printf("6) Call list_sids\n");
printf("7) Call load_policy\n");
printf("8) Call fs_sid\n");
printf("9) Call port_sid\n");
printf("a) Call netif_sid\n");
printf("b) Call node_sid\n");
printf("c) Call nfs_sid\n");
#ifdef EQUIVTYPES
printf("z) Show equivalent types\n");
#endif
printf("m) Show menu again\n");
printf("q) Exit\n");
while (1) {
printf("\nChoose: ");
fgets(ans, sizeof(ans), stdin);
switch (ans[0]) {
case '0':
printf("source sid? ");
fgets(ans, sizeof(ans), stdin);
ssid = atoi(ans);
printf("target sid? ");
fgets(ans, sizeof(ans), stdin);
tsid = atoi(ans);
printf("target class? ");
fgets(ans, sizeof(ans), stdin);
if (isdigit(ans[0])) {
tclass = atoi(ans);
if (!tclass || tclass > policydb.p_classes.nprim) {
printf("\nNo such class.\n");
break;
}
cladatum = policydb.class_val_to_struct[tclass - 1];
} else {
ans[strlen(ans) - 1] = 0;
cladatum = (class_datum_t *) hashtab_search(policydb.p_classes.table,
ans);
if (!cladatum) {
printf("\nNo such class\n");
break;
}
tclass = cladatum->value;
}
if (!cladatum->comdatum && !cladatum->permissions.nprim) {
printf("\nNo access vector definition for that class\n");
break;
}
ret = security_compute_av(ssid, tsid, tclass, 0,
&allowed, &decided,
#ifdef CONFIG_FLASK_AUDIT
&auditallow, &auditdeny,
#endif
#ifdef CONFIG_FLASK_NOTIFY
?ify,
#endif
&seqno);
switch (ret) {
case 0:
printf("\nallowed {");
for (i = 1; i <= sizeof(allowed) * 8; i++) {
if (allowed & (1 << (i - 1))) {
perm = (char *) hashtab_map(cladatum->permissions.table,
find_perm, &i);
if (!perm && cladatum->comdatum) {
perm = (char *) hashtab_map(cladatum->comdatum->permissions.table,
find_perm, &i);
}
if (perm)
printf(" %s", perm);
}
}
printf(" }\n");
break;
case -EINVAL:
printf("\ninvalid sid\n");
break;
default:
printf("return code 0x%x\n", ret);
}
break;
case '1':
printf("sid? ");
fgets(ans, sizeof(ans), stdin);
ssid = atoi(ans);
ret = security_sid_to_context(ssid,
&scontext, &scontext_len);
switch (ret) {
case 0:
printf("\nscontext %s\n", scontext);
free(scontext);
break;
case -EINVAL:
printf("\ninvalid sid\n");
break;
case -ENOMEM:
printf("\nout of memory\n");
break;
default:
printf("return code 0x%x\n", ret);
}
break;
case '2':
printf("scontext? ");
fgets(ans, sizeof(ans), stdin);
scontext_len = strlen(ans);
ans[scontext_len - 1] = 0;
ret = security_context_to_sid(ans, scontext_len,
&ssid);
switch (ret) {
case 0:
printf("\nsid %d\n", ssid);
break;
case -EINVAL:
printf("\ninvalid context\n");
break;
case -ENOMEM:
printf("\nout of memory\n");
break;
default:
printf("return code 0x%x\n", ret);
}
break;
case '3':
case '4':
case '5':
ch = ans[0];
printf("source sid? ");
fgets(ans, sizeof(ans), stdin);
ssid = atoi(ans);
printf("target sid? ");
fgets(ans, sizeof(ans), stdin);
tsid = atoi(ans);
printf("object class? ");
fgets(ans, sizeof(ans), stdin);
if (isdigit(ans[0])) {
tclass = atoi(ans);
if (!tclass || tclass > policydb.p_classes.nprim) {
printf("\nNo such class.\n");
break;
}
} else {
ans[strlen(ans) - 1] = 0;
cladatum = (class_datum_t *) hashtab_search(policydb.p_classes.table,
ans);
if (!cladatum) {
printf("\nNo such class\n");
break;
}
tclass = cladatum->value;
}
if (ch == '3')
ret = security_transition_sid(ssid, tsid, tclass, &ssid);
else if (ch == '4')
ret = security_member_sid(ssid, tsid, tclass, &ssid);
else
ret = security_change_sid(ssid, tsid, tclass, &ssid);
switch (ret) {
case 0:
printf("\nsid %d\n", ssid);
break;
case -EINVAL:
printf("\ninvalid sid\n");
break;
case -ENOMEM:
printf("\nout of memory\n");
break;
default:
printf("return code 0x%x\n", ret);
}
break;
case '6':
sidtab_map(&sidtab, print_sid, 0);
break;
case '7':
printf("pathname? ");
fgets(ans, sizeof(ans), stdin);
pathlen = strlen(ans);
ans[pathlen - 1] = 0;
printf("%s: loading policy configuration from %s\n", argv[0], ans);
fp = fopen(ans, "r");
if (!fp) {
printf("%s: unable to open %s\n", argv[0], ans);
break;
}
ret = security_load_policy(fp);
switch (ret) {
case 0:
printf("\nsuccess\n");
break;
case -EINVAL:
printf("\ninvalid policy\n");
break;
case -ENOMEM:
printf("\nout of memory\n");
break;
default:
printf("return code 0x%x\n", ret);
}
fclose(fp);
break;
case '8':
printf("fs kdevname? ");
fgets(ans, sizeof(ans), stdin);
ans[strlen(ans) - 1] = 0;
security_fs_sid(ans, &ssid, &tsid);
printf("fs_sid %d default_file_sid %d\n",
ssid, tsid);
break;
case '9':
printf("protocol? ");
fgets(ans, sizeof(ans), stdin);
ans[strlen(ans) - 1] = 0;
if (!strcmp(ans, "tcp") || !strcmp(ans, "TCP"))
protocol = IPPROTO_TCP;
else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP"))
protocol = IPPROTO_UDP;
else {
printf("unknown protocol\n");
break;
}
printf("port? ");
fgets(ans, sizeof(ans), stdin);
port = atoi(ans);
security_port_sid(0, 0, protocol, port, &ssid);
printf("sid %d\n", ssid);
break;
case 'a':
printf("netif name? ");
fgets(ans, sizeof(ans), stdin);
ans[strlen(ans) - 1] = 0;
security_netif_sid(ans, &ssid, &tsid);
printf("if_sid %d default_msg_sid %d\n",
ssid, tsid);
break;
case 'b':
printf("node address? ");
fgets(ans, sizeof(ans), stdin);
ans[strlen(ans) - 1] = 0;
addr = inet_addr(ans);
security_node_sid(AF_INET, &addr, sizeof addr, &ssid);
printf("sid %d\n", ssid);
break;
case 'c':
printf("NFS server IP address? ");
fgets(ans, sizeof(ans), stdin);
ans[strlen(ans) - 1] = 0;
addr = inet_addr(ans);
security_nfs_sid(AF_INET, &addr, sizeof addr, &ssid, &tsid);
printf("fs_sid %d file_sid %d\n", ssid, tsid);
break;
#ifdef EQUIVTYPES
case 'z':
identify_equiv_types();
break;
#endif
case 'm':
goto menu;
case 'q':
exit(0);
break;
default:
printf("\nUnknown option %s.\n", ans);
}
}
return 0;
}
|
