Index: policycoreutils/secon/secon.1 =================================================================== --- policycoreutils/secon/secon.1 (revision 19) +++ policycoreutils/secon/secon.1 (working copy) @@ -3,7 +3,7 @@ secon \- See a context, from a file, program or user input. .SH SYNOPSIS .B secon -[\fB-hVurtlmPRfLp\fR] +[\fB-hVurtscmPRfLp\fR] [\fICONTEXT\fR] .br [\fB--file\fR] @@ -39,11 +39,14 @@ \fB\-t\fR, \fB\-\-type\fR show the type of the security context .TP -\fB\-l\fR, \fB\-\-level\fR +\fB\-s\fR, \fB\-\-sensitivity\fR show the sensitivity level of the security context .TP +\fB\-c\fR, \fB\-\-clearance\fR +show the clearance level of the security context +.TP \fB\-m\fR, \fB\-\-mls-range\fR -show the sensitivity level and clearance of the security context +show the sensitivity level and clearance, as a range, of the security context .TP \fB\-R\fR, \fB\-\-raw\fR outputs the sensitivity level and clearance in an untranslated format. Index: policycoreutils/secon/secon.c =================================================================== --- policycoreutils/secon/secon.c (revision 19) +++ policycoreutils/secon/secon.c (working copy) @@ -19,8 +19,8 @@ #define FALSE 0 #define SECON_CONF_PROG_NAME "secon" /* default program name */ -#define SECON_OPTS_SM "hVurtlmPRfLp" /* small options available, printing */ -#define SECON_OPTS_GO "hVurtlmPRf:L:p:" /* small options available, getopt */ +#define SECON_OPTS_SM "hVurtscmPRfLp" /* small options available, print */ +#define SECON_OPTS_GO "hVurtlscmPRf:L:p:" /* small options available, getopt */ #define OPTS_FROM_ARG 0 #define OPTS_FROM_FILE 1 @@ -35,17 +35,18 @@ struct { - unsigned int disp_user : 1; - unsigned int disp_role : 1; - unsigned int disp_type : 1; - unsigned int disp_level : 1; - unsigned int disp_mlsr : 1; + unsigned int disp_user : 1; + unsigned int disp_role : 1; + unsigned int disp_type : 1; + unsigned int disp_sen : 1; + unsigned int disp_clr : 1; + unsigned int disp_mlsr : 1; - unsigned int disp_raw : 1; + unsigned int disp_raw : 1; unsigned int disp_prompt : 1; /* no return, use : to sep */ - unsigned int from_type : 9; /* 16 bits */ + unsigned int from_type : 8; /* 16 bits, uses 4 bits */ union { @@ -54,7 +55,7 @@ const char *link; const char *arg; } f; -} opts[1] = {{FALSE, FALSE, FALSE, FALSE, FALSE, +} opts[1] = {{FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, OPTS_FROM_ARG, {0}}}; @@ -62,16 +63,17 @@ { fprintf(exit_code ? stderr : stdout, " Usage: %s [-%s] [ context | - ]\n" -" --help -h Show this message.\n" -" --version -V Show the version.\n" -" --prompt -P Output in a format good for a prompt.\n" -" --user -u Show the user of the context.\n" -" --role -r Show the role of the context.\n" -" --type -t Show the type of the context.\n" -" --level -l Show the sensitivity level of the context.\n" -" --mls-range -m Show the sensitivity level and clearance of \n" +" --help -h Show this message.\n" +" --version -V Show the version.\n" +" --prompt -P Output in a format good for a prompt.\n" +" --user -u Show the user of the context.\n" +" --role -r Show the role of the context.\n" +" --type -t Show the type of the context.\n" +" --sensitivity -s Show the sensitivity level of the context.\n" +" --clearance -c Show the clearance level of the context.\n" +" --mls-range -m Show the sensitivity to clearance range of \n" " the context.\n" -" --raw -R Show the context in \"raw\" format.\n" +" --raw -R Show the context in \"raw\" format.\n" " --current Get the context for the current process.\n" " --self Get the context for the current process.\n" " --self-exec Get the exec context for the current process.\n" @@ -113,7 +115,8 @@ num += opts->disp_user; num += opts->disp_role; num += opts->disp_type; - num += opts->disp_level; + num += opts->disp_sen; + num += opts->disp_clr; num += opts->disp_mlsr; return (num); @@ -143,8 +146,10 @@ {"user", no_argument, NULL, 'u'}, {"role", no_argument, NULL, 'r'}, {"type", no_argument, NULL, 't'}, - {"level", no_argument, NULL, 'l'}, + {"level", no_argument, NULL, 'l'}, /* compat. */ + {"sensitivity", no_argument, NULL, 's'}, {"range", no_argument, NULL, 'm'}, + {"clearance", no_argument, NULL, 'c'}, {"mls-range", no_argument, NULL, 'm'}, {"raw", no_argument, NULL, 'R'}, @@ -184,11 +189,13 @@ " %s version %s.\n", program_name, VERSION); exit (EXIT_SUCCESS); - case 'u': done = TRUE; opts->disp_user = !opts->disp_user; break; - case 'r': done = TRUE; opts->disp_role = !opts->disp_role; break; - case 't': done = TRUE; opts->disp_type = !opts->disp_type; break; - case 'l': done = TRUE; opts->disp_level = !opts->disp_level; break; - case 'm': done = TRUE; opts->disp_mlsr = !opts->disp_mlsr; break; + case 'u': done = TRUE; opts->disp_user = !opts->disp_user; break; + case 'r': done = TRUE; opts->disp_role = !opts->disp_role; break; + case 't': done = TRUE; opts->disp_type = !opts->disp_type; break; + case 'l': done = TRUE; opts->disp_sen = !opts->disp_sen; break; + case 's': done = TRUE; opts->disp_sen = !opts->disp_sen; break; + case 'c': done = TRUE; opts->disp_clr = !opts->disp_clr; break; + case 'm': done = TRUE; opts->disp_mlsr = !opts->disp_mlsr; break; case 'P': opts->disp_prompt = !opts->disp_prompt; break; @@ -235,9 +242,11 @@ opts->disp_user = TRUE; opts->disp_role = TRUE; opts->disp_type = TRUE; - if (!opts->disp_prompt) /* when displaying prompt, - just output "normal" by default */ - opts->disp_level = TRUE; + if (!opts->disp_prompt) + { /* when displaying prompt, just output "normal" by default */ + opts->disp_sen = TRUE; + opts->disp_clr = TRUE; + } opts->disp_mlsr = TRUE; } @@ -459,13 +468,24 @@ { context_t con = NULL; + if (!*scon) + { /* --self-exec and --self-fs etc. */ + if (opts->disp_user) disp__con_val("user", NULL); + if (opts->disp_role) disp__con_val("role", NULL); + if (opts->disp_type) disp__con_val("type", NULL); + if (opts->disp_sen) disp__con_val("sensitivity", NULL); + if (opts->disp_clr) disp__con_val("clearance", NULL); + if (opts->disp_mlsr) disp__con_val("mls-range", NULL); + return; + } + if (!(con = context_new(scon))) - errx(EXIT_FAILURE, "Couln't create context from: %s", scon); + errx(EXIT_FAILURE, "Couldn't create context from: %s", scon); if (opts->disp_user) disp__con_val("user", context_user_get(con)); if (opts->disp_role) disp__con_val("role", context_role_get(con)); if (opts->disp_type) disp__con_val("type", context_type_get(con)); - if (opts->disp_level) + if (opts->disp_sen) { const char *val = NULL; char *tmp = NULL; @@ -476,13 +496,32 @@ tmp = strdup(val); if (!tmp) - errx(EXIT_FAILURE, "Couln't create context from: %s", scon); + errx(EXIT_FAILURE, "Couldn't create context from: %s", scon); if (strchr(tmp, '-')) *strchr(tmp, '-') = 0; - disp__con_val("level", tmp); + disp__con_val("sensitivity", tmp); free(tmp); } + if (opts->disp_clr) + { + const char *val = NULL; + char *tmp = NULL; + + val = context_range_get(con); + if (!val) val = ""; /* targeted has no "level" etc., + any errors should happen at context_new() time */ + + tmp = strdup(val); + if (!tmp) + errx(EXIT_FAILURE, "Couldn't create context from: %s", scon); + if (strchr(tmp, '-')) + disp__con_val("clearance", strchr(tmp, '-') + 1); + else + disp__con_val("clearance", tmp); + + free(tmp); + } if (opts->disp_mlsr) disp__con_val("mls-range", context_range_get(con));