tools/checkfc.c - platform/external/sepolicy - Git at Google

 #include <getopt.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdbool.h>
 #include <sepol/sepol.h>
 #include <selinux/selinux.h>
 #include <selinux/label.h>

 static int nerr;

 static int validate(char **contextp)
 {
   char *context = *contextp;
   if (sepol_check_context(context) < 0) {
     nerr++;
     return -1;
   }
   return 0;
 }

 static void usage(char *name) {
     fprintf(stderr, "usage1:  %s [-p] sepolicy context_file\n\n", name);
     fprintf(stderr, "Parses a context file and checks for syntax errors.\n");
     fprintf(stderr, "The context_file is assumed to be a file_contexts file\n");
     fprintf(stderr, "unless the -p option is used to indicate the property backend.\n\n");

     fprintf(stderr, "usage2:  %s -c file_contexts1 file_contexts2\n\n", name);
     fprintf(stderr, "Compares two file contexts files and reports one of subset, equal, superset, or incomparable.\n");
     fprintf(stderr, "\n");
     exit(1);
 }

 int main(int argc, char **argv)
 {
   struct selinux_opt opts[] = {
     { SELABEL_OPT_VALIDATE, (void*)1 },
     { SELABEL_OPT_PATH, NULL }
   };

   // Default backend unless changed by input argument.
   unsigned int backend = SELABEL_CTX_FILE;

   FILE *fp;
   bool compare = false;
   struct selabel_handle *sehnd[2];
   char c;

   while ((c = getopt(argc, argv, "cph")) != -1) {
     switch (c) {
       case 'c':
         compare = true;
         break;
       case 'p':
         backend = SELABEL_CTX_ANDROID_PROP;
         break;
       case 'h':
       default:
         usage(argv[0]);
         break;
     }
   }

   int index = optind;
   if (argc - optind != 2) {
     usage(argv[0]);
   }

   if (compare && backend != SELABEL_CTX_FILE) {
     usage(argv[0]);
   }

   if (compare) {
     enum selabel_cmp_result result;
     char *result_str[] = { "subset", "equal", "superset", "incomparable" };
     int i;

     opts[0].value = NULL; /* not validating against a policy when comparing */

     for (i = 0; i < 2; i++) {
         opts[1].value = argv[index+i];
         sehnd[i] = selabel_open(backend, opts, 2);
         if (!sehnd[i]) {
             fprintf(stderr, "Error loading context file from %s\n", argv[index+i]);
             exit(1);
         }
     }

     result = selabel_cmp(sehnd[0], sehnd[1]);
     for (i = 0; i < 2; i++)
         selabel_close(sehnd[i]);
     printf("%s\n", result_str[result]);
     exit(0);
   }

   // remaining args are sepolicy file and context file
   char *sepolicyFile = argv[index];
   char *contextFile = argv[index + 1];

   fp = fopen(sepolicyFile, "r");
   if (!fp) {
     perror(sepolicyFile);
     exit(1);
   }
   if (sepol_set_policydb_from_file(fp) < 0) {
     fprintf(stderr, "Error loading policy from %s\n", sepolicyFile);
     exit(1);
   }

   selinux_set_callback(SELINUX_CB_VALIDATE,
                        (union selinux_callback)&validate);

   opts[1].value = contextFile;

   sehnd[0] = selabel_open(backend, opts, 2);
   if (!sehnd[0]) {
     fprintf(stderr, "Error loading context file from %s\n", contextFile);
     exit(1);
   }
   if (nerr) {
     fprintf(stderr, "Invalid context file found in %s\n", contextFile);
     exit(1);
   }

   exit(0);
 }
	#include <getopt.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <stdbool.h>
	#include <sepol/sepol.h>
	#include <selinux/selinux.h>
	#include <selinux/label.h>

	static int nerr;

	static int validate(char **contextp)
	{
	char context = contextp;
	if (sepol_check_context(context) < 0) {
	nerr++;
	return -1;
	}
	return 0;
	}

	static void usage(char *name) {
	fprintf(stderr, "usage1: %s [-p] sepolicy context_file\n\n", name);
	fprintf(stderr, "Parses a context file and checks for syntax errors.\n");
	fprintf(stderr, "The context_file is assumed to be a file_contexts file\n");
	fprintf(stderr, "unless the -p option is used to indicate the property backend.\n\n");

	fprintf(stderr, "usage2: %s -c file_contexts1 file_contexts2\n\n", name);
	fprintf(stderr, "Compares two file contexts files and reports one of subset, equal, superset, or incomparable.\n");
	fprintf(stderr, "\n");
	exit(1);
	}

	int main(int argc, char **argv)
	{
	struct selinux_opt opts[] = {
	{ SELABEL_OPT_VALIDATE, (void*)1 },
	{ SELABEL_OPT_PATH, NULL }
	};

	// Default backend unless changed by input argument.
	unsigned int backend = SELABEL_CTX_FILE;

	FILE *fp;
	bool compare = false;
	struct selabel_handle *sehnd[2];
	char c;

	while ((c = getopt(argc, argv, "cph")) != -1) {
	switch (c) {
	case 'c':
	compare = true;
	break;
	case 'p':
	backend = SELABEL_CTX_ANDROID_PROP;
	break;
	case 'h':
	default:
	usage(argv[0]);
	break;
	}
	}

	int index = optind;
	if (argc - optind != 2) {
	usage(argv[0]);
	}

	if (compare && backend != SELABEL_CTX_FILE) {
	usage(argv[0]);
	}

	if (compare) {
	enum selabel_cmp_result result;
	char *result_str[] = { "subset", "equal", "superset", "incomparable" };
	int i;

	opts[0].value = NULL; /* not validating against a policy when comparing */

	for (i = 0; i < 2; i++) {
	opts[1].value = argv[index+i];
	sehnd[i] = selabel_open(backend, opts, 2);
	if (!sehnd[i]) {
	fprintf(stderr, "Error loading context file from %s\n", argv[index+i]);
	exit(1);
	}
	}

	result = selabel_cmp(sehnd[0], sehnd[1]);
	for (i = 0; i < 2; i++)
	selabel_close(sehnd[i]);
	printf("%s\n", result_str[result]);
	exit(0);
	}

	// remaining args are sepolicy file and context file
	char *sepolicyFile = argv[index];
	char *contextFile = argv[index + 1];

	fp = fopen(sepolicyFile, "r");
	if (!fp) {
	perror(sepolicyFile);
	exit(1);
	}
	if (sepol_set_policydb_from_file(fp) < 0) {
	fprintf(stderr, "Error loading policy from %s\n", sepolicyFile);
	exit(1);
	}

	selinux_set_callback(SELINUX_CB_VALIDATE,
	(union selinux_callback)&validate);

	opts[1].value = contextFile;

	sehnd[0] = selabel_open(backend, opts, 2);
	if (!sehnd[0]) {
	fprintf(stderr, "Error loading context file from %s\n", contextFile);
	exit(1);
	}
	if (nerr) {
	fprintf(stderr, "Invalid context file found in %s\n", contextFile);
	exit(1);
	}

	exit(0);
	}