From daef7b06f19b3e9a63b94fb99a53efdf1acf3bd2 Mon Sep 17 00:00:00 2001
From: Brian McGillion <brian.mcgillion@intel.com>
Date: Tue, 15 Nov 2011 12:07:07 +0200
Subject: [PATCH] chsmack: Add chsmack from smackutils

---
 utils/chsmack.c | 157 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 157 insertions(+)
 create mode 100644 utils/chsmack.c

diff --git a/utils/chsmack.c b/utils/chsmack.c
new file mode 100644
index 0000000..2fe8b13
--- /dev/null
+++ b/utils/chsmack.c
@@ -0,0 +1,157 @@
+/*
+ * chsmack - Set smack attributes on files
+ *
+ * Copyright (C) 2011 Nokia Corporation.
+ *
+ *      This program is free software; you can redistribute it and/or modify
+ *      it under the terms of the GNU General Public License as published by
+ *      the Free Software Foundation, version 2.
+ *
+ *	This program is distributed in the hope that it will be useful, but
+ *	WITHOUT ANY WARRANTY; without even the implied warranty of
+ *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ *	General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public
+ *	License along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ *	02110-1301 USA
+ *
+ * Author:
+ *      Casey Schaufler <casey@schaufler-ca.com>
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/xattr.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define LSIZE 23
+
+static inline int leads(char *in, char *lead)
+{
+	return (strncmp(in, lead, strlen(lead)) == 0);
+}
+
+int
+main(int argc, char *argv[])
+{
+	int rc;
+	int argi;
+	int transmute = 0;
+	char buffer[LSIZE + 1];
+	char *access = NULL;
+	char *mm = NULL;
+	char *execute = NULL;
+
+	for (argi = 1; argi < argc; argi++) {
+		if (strcmp(argv[argi], "-a") == 0)
+			access = argv[++argi];
+		else if (leads(argv[argi], "--access="))
+			access = argv[argi] + strlen("--access=");
+		else if (strcmp(argv[argi], "-e") == 0)
+			execute = argv[++argi];
+		else if (leads(argv[argi], "--exec="))
+			execute = argv[argi] + strlen("--exec=");
+		else if (leads(argv[argi], "--execute="))
+			execute = argv[argi] + strlen("--execute=");
+		else if (strcmp(argv[argi], "-m") == 0)
+			mm = argv[++argi];
+		else if (leads(argv[argi], "--mmap="))
+			mm = argv[argi] + strlen("--mmap=");
+		else if (strcmp(argv[argi], "-t") == 0)
+			transmute = 1;
+		else if (strcmp(argv[argi], "--transmute") == 0)
+			transmute = 1;
+		else if (*argv[argi] == '-') {
+			fprintf(stderr, "Invalid argument \"%s\".\n",
+				argv[argi]);
+			exit(1);
+		}
+		/*
+		 * Indicates the start of filenames.
+		 */
+		else
+			break;
+	}
+	if (argi >= argc) {
+		fprintf(stderr, "No files specified.\n");
+		exit(1);
+	}
+	if (access != NULL && strlen(access) > LSIZE) {
+		fprintf(stderr, "Access label \"%s\" exceeds %d characters.\n",
+			access, LSIZE);
+		exit(1);
+	}
+	if (mm != NULL && strlen(mm) > LSIZE) {
+		fprintf(stderr, "mmap label \"%s\" exceeds %d characters.\n",
+			mm, LSIZE);
+		exit(1);
+	}
+	if (execute != NULL && strlen(execute) > LSIZE) {
+		fprintf(stderr, "execute label \"%s\" exceeds %d characters.\n",
+			execute, LSIZE);
+		exit(1);
+	}
+	for (; argi < argc; argi++) {
+		if (access == NULL && mm == NULL &&
+		    execute == NULL && !transmute) {
+			printf("%s", argv[argi]);
+			rc = lgetxattr(argv[argi], "security.SMACK64",
+				buffer, LSIZE + 1);
+			if (rc > 0) {
+				buffer[rc] = '\0';
+				printf(" access=\"%s\"", buffer);
+			}
+			rc = lgetxattr(argv[argi], "security.SMACK64EXEC",
+				buffer, LSIZE + 1);
+			if (rc > 0) {
+				buffer[rc] = '\0';
+				printf(" execute=\"%s\"", buffer);
+			}
+			rc = lgetxattr(argv[argi], "security.SMACK64MMAP",
+				buffer, LSIZE + 1);
+			if (rc > 0) {
+				buffer[rc] = '\0';
+				printf(" mmap=\"%s\"", buffer);
+			}
+			rc = lgetxattr(argv[argi], "security.SMACK64TRANSMUTE",
+				buffer, LSIZE + 1);
+			if (rc > 0) {
+				buffer[rc] = '\0';
+				printf(" transmute=\"%s\"", buffer);
+			}
+			printf("\n");
+			continue;
+		}
+		if (access != NULL) {
+			rc = lsetxattr(argv[argi], "security.SMACK64",
+				access, strlen(access) + 1, 0);
+			if (rc < 0)
+				perror(argv[argi]);
+		}
+		if (execute != NULL) {
+			rc = lsetxattr(argv[argi], "security.SMACK64EXEC",
+				execute, strlen(execute) + 1, 0);
+			if (rc < 0)
+				perror(argv[argi]);
+		}
+		if (mm != NULL) {
+			rc = lsetxattr(argv[argi], "security.SMACK64MMAP",
+				mm, strlen(mm) + 1, 0);
+			if (rc < 0)
+				perror(argv[argi]);
+		}
+		if (transmute) {
+			rc = lsetxattr(argv[argi], "security.SMACK64TRANSMUTE",
+				"TRUE", 4, 0);
+			if (rc < 0)
+				perror(argv[argi]);
+		}
+	}
+	exit(0);
+}
-- 
2.7.4