utils/chsmack.c

   1 /*
   2  * chsmack - Set smack attributes on files
   3  *
   4  * Copyright (C) 2011 Nokia Corporation.
   5  *
   6  *      This program is free software; you can redistribute it and/or modify
   7  *      it under the terms of the GNU General Public License as published by
   8  *      the Free Software Foundation, version 2.
   9  *
  10  *      This program is distributed in the hope that it will be useful, but
  11  *      WITHOUT ANY WARRANTY; without even the implied warranty of
  12  *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  13  *      General Public License for more details.
  14  *
  15  *      You should have received a copy of the GNU General Public
  16  *      License along with this program; if not, write to the Free Software
  17  *      Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  18  *      02110-1301 USA
  19  *
  20  * Author:
  21  *      Casey Schaufler <casey@schaufler-ca.com>
  22  */
  23
  24 #include <sys/types.h>
  25 #include <sys/stat.h>
  26 #include <sys/xattr.h>
  27 #include <unistd.h>
  28 #include <fcntl.h>
  29 #include <stdio.h>
  30 #include <stdlib.h>
  31 #include <string.h>
  32
  33 #define LSIZE 23
  34
  35 static inline int leads(char *in, char *lead)
  36 {
  37         return (strncmp(in, lead, strlen(lead)) == 0);
  38 }
  39
  40 int
  41 main(int argc, char *argv[])
  42 {
  43         int rc;
  44         int argi;
  45         int transmute = 0;
  46         char buffer[LSIZE + 1];
  47         char *access = NULL;
  48         char *mm = NULL;
  49         char *execute = NULL;
  50
  51         for (argi = 1; argi < argc; argi++) {
  52                 if (strcmp(argv[argi], "-a") == 0)
  53                         access = argv[++argi];
  54                 else if (leads(argv[argi], "--access="))
  55                         access = argv[argi] + strlen("--access=");
  56                 else if (strcmp(argv[argi], "-e") == 0)
  57                         execute = argv[++argi];
  58                 else if (leads(argv[argi], "--exec="))
  59                         execute = argv[argi] + strlen("--exec=");
  60                 else if (leads(argv[argi], "--execute="))
  61                         execute = argv[argi] + strlen("--execute=");
  62                 else if (strcmp(argv[argi], "-m") == 0)
  63                         mm = argv[++argi];
  64                 else if (leads(argv[argi], "--mmap="))
  65                         mm = argv[argi] + strlen("--mmap=");
  66                 else if (strcmp(argv[argi], "-t") == 0)
  67                         transmute = 1;
  68                 else if (strcmp(argv[argi], "--transmute") == 0)
  69                         transmute = 1;
  70                 else if (*argv[argi] == '-') {
  71                         fprintf(stderr, "Invalid argument \"%s\".\n",
  72                                 argv[argi]);
  73                         exit(1);
  74                 }
  75                 /*
  76                  * Indicates the start of filenames.
  77                  */
  78                 else
  79                         break;
  80         }
  81         if (argi >= argc) {
  82                 fprintf(stderr, "No files specified.\n");
  83                 exit(1);
  84         }
  85         if (access != NULL && strlen(access) > LSIZE) {
  86                 fprintf(stderr, "Access label \"%s\" exceeds %d characters.\n",
  87                         access, LSIZE);
  88                 exit(1);
  89         }
  90         if (mm != NULL && strlen(mm) > LSIZE) {
  91                 fprintf(stderr, "mmap label \"%s\" exceeds %d characters.\n",
  92                         mm, LSIZE);
  93                 exit(1);
  94         }
  95         if (execute != NULL && strlen(execute) > LSIZE) {
  96                 fprintf(stderr, "execute label \"%s\" exceeds %d characters.\n",
  97                         execute, LSIZE);
  98                 exit(1);
  99         }
 100         for (; argi < argc; argi++) {
 101                 if (access == NULL && mm == NULL &&
 102                     execute == NULL && !transmute) {
 103                         printf("%s", argv[argi]);
 104                         rc = lgetxattr(argv[argi], "security.SMACK64",
 105                                 buffer, LSIZE + 1);
 106                         if (rc > 0) {
 107                                 buffer[rc] = '\0';
 108                                 printf(" access=\"%s\"", buffer);
 109                         }
 110                         rc = lgetxattr(argv[argi], "security.SMACK64EXEC",
 111                                 buffer, LSIZE + 1);
 112                         if (rc > 0) {
 113                                 buffer[rc] = '\0';
 114                                 printf(" execute=\"%s\"", buffer);
 115                         }
 116                         rc = lgetxattr(argv[argi], "security.SMACK64MMAP",
 117                                 buffer, LSIZE + 1);
 118                         if (rc > 0) {
 119                                 buffer[rc] = '\0';
 120                                 printf(" mmap=\"%s\"", buffer);
 121                         }
 122                         rc = lgetxattr(argv[argi], "security.SMACK64TRANSMUTE",
 123                                 buffer, LSIZE + 1);
 124                         if (rc > 0) {
 125                                 buffer[rc] = '\0';
 126                                 printf(" transmute=\"%s\"", buffer);
 127                         }
 128                         printf("\n");
 129                         continue;
 130                 }
 131                 if (access != NULL) {
 132                         rc = lsetxattr(argv[argi], "security.SMACK64",
 133                                 access, strlen(access) + 1, 0);
 134                         if (rc < 0)
 135                                 perror(argv[argi]);
 136                 }
 137                 if (execute != NULL) {
 138                         rc = lsetxattr(argv[argi], "security.SMACK64EXEC",
 139                                 execute, strlen(execute) + 1, 0);
 140                         if (rc < 0)
 141                                 perror(argv[argi]);
 142                 }
 143                 if (mm != NULL) {
 144                         rc = lsetxattr(argv[argi], "security.SMACK64MMAP",
 145                                 mm, strlen(mm) + 1, 0);
 146                         if (rc < 0)
 147                                 perror(argv[argi]);
 148                 }
 149                 if (transmute) {
 150                         rc = lsetxattr(argv[argi], "security.SMACK64TRANSMUTE",
 151                                 "TRUE", 4, 0);
 152                         if (rc < 0)
 153                                 perror(argv[argi]);
 154                 }
 155         }
 156         exit(0);
 157 }