2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2019-2023, Juniper Networks, Inc.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/types.h>
31 #include <sys/errno.h>
37 #include <security/mac_grantbylabel/mac_grantbylabel.h>
40 * @brief does path have a gbl label
43 * @li 0 if no/empty label or module not loaded
47 gbl_check_path(const char *path)
49 struct mac_grantbylabel_fetch_gbl_args gbl;
54 if ((fd = open(path, O_RDONLY|O_VERIFY)) >= 0) {
56 if (mac_syscall(MAC_GRANTBYLABEL_NAME,
57 MAC_GRANTBYLABEL_FETCH_GBL,
59 if (gbl.gbl != GBL_EMPTY)
68 * @brief does pid have a gbl label
71 * @li 0 if no/empty label or module not loaded
75 gbl_check_pid(pid_t pid)
77 struct mac_grantbylabel_fetch_gbl_args gbl;
82 if (mac_syscall(MAC_GRANTBYLABEL_NAME,
83 MAC_GRANTBYLABEL_FETCH_PID_GBL, &gbl) == 0) {
84 if (gbl.gbl != GBL_EMPTY)
97 main(int argc, char *argv[])
104 while ((c = getopt(argc, argv, "p")) != -1) {
113 for (; optind < argc; optind++) {
116 pid = atoi(argv[optind]);
117 gbl = gbl_check_pid(pid);
119 gbl = gbl_check_path(argv[optind]);
121 printf("arg=%s, gbl=%#o\n", argv[optind], gbl);