1 #!/bin/ksh
  2 #
  3 # Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
  4 #
  5 
  6 # This script provides a simple GUI for labeling files and directories.
  7 # The optional argument is the pathname of the file or directory.
  8 
  9 # It can be run in any zone, but the user must have the Object Label
 10 # Management rights profile, and the zone must have the extra privleges
 11 # file_downgrade_sl and file_downgrade_sl added to its limitpriv
 12 # resource. For example:
 13 
 14 # usermod -P "+Object Label Management" myname
 15 # zonecfg -z myzone set limitpriv=default,file_downgrade_sl,file_upgrade_sl
 16 
 17 PATH=/usr/bin:/usr/sbin:/usr/lib export PATH
 18 myname=$(basename $0)
 19 plabel="$(plabel $$)"
 20 title="File Labeler"
 21 default="/multi/public"
 22 
 23 while [ -n $pathname ]; do
 24     if [[ -z $1 ]]; then
 25         pathname=$(zenity  --file-selection \
 26             --title="$title" \
 27             --filename=$default )
 28         if [[ -z $pathname ]]; then
 29             exit
 30         fi
 31     else
 32         pathname=$1
 33     fi
 34     while [ -n $pathname ]; do
 35         lbl=$(getlabel $pathname 2>&1)
 36         if [ $? != 0 ]; then
 37             x=$(zenity --warning \
 38                 --title="$title" \
 39                 --text="$lbl \n\nRelabeling is not possible because\n\
 40 Pathname label must be dominated by zone label.")
 41             break
 42         else
 43             flabel="$(echo $lbl|cut -d" " -f2-99)"
 44         fi
 45         dirname=$(dirname $pathname)
 46         dirlbl=$(getlabel $dirname 2>&1)
 47         minlabel="$(echo $dirlbl|cut -d" " -f2-99)"
 48         upgrading=1
 49         if [ "$flabel" == "$plabel" ]; then
 50             upgrading=0
 51             x=$(zenity --warning \
 52                 --title="$title" \
 53                 --text="$lbl \n\nCannot upgrade this pathname\n\
 54 higher than the zone label.")
 55         fi
 56         if [ "$flabel" == "$minlabel" ]; then
 57             x=$(zenity --question \
 58                 --title="$title" \
 59                 --text="$lbl \n\n\
 60 Cannot downgrade in place because the pathname\n\
 61 is constrained by its parent label.\n\n\
 62 Do you want to select a directory to which the file will be moved?")
 63             if [ $? == 0 ]; then
 64                 dirname=$(zenity  --file-selection \
 65                     --title="$title" \
 66                     --directory \
 67                     --filename=$default )
 68                 if [[ -z $dirname ]]; then
 69                     if [ upgrading == 0 ]; then
 70                         break
 71                     fi
 72                 else
 73                     err=$(mv $pathname $dirname 2>&1)
 74                     if [ $? != 0 ]; then
 75                         x=$(zenity --warning \
 76                             --title="$title" \
 77                             --text="$lbl \n\n\
 78 The file label must dominate the directory label.")
 79                         break
 80                     fi
 81                     filename=$(basename $pathname)
 82                     pathname=$dirname/$filename
 83                     lbl=$(getlabel $pathname 2>&1)
 84                     if [ $? != 0 ]; then
 85                         break
 86                     else
 87                         flabel="$(echo $lbl|cut -d" " -f2-99)"
 88                     fi
 89                 fi
 90             fi
 91         fi
 92         hexlabel=$(tgnome-selectlabel \
 93             --title="$title" \
 94             --text="Pathname:     $pathname
 95         Existing label: $flabel" \
 96             --min="admin_low" \
 97             --default="$flabel"  \
 98             --max="$plabel" \
 99             --accredcheck=no \
100             --mode=sensitivity \
101             --format=internal \
102             2>/dev/null)
103         if [ $? = 0 ] ; then
104             if [ $? -ne 0 ] ; then
105                 exit 1
106             fi
107         fi    
108 
109         if [[ -n $hexlabel ]]; then
110             flabel="$(hextoalabel $hexlabel)"
111             err=$(setlabel $hexlabel $pathname 2>&1)
112             if [ $? != 0 ] ; then
113                 x=$(zenity --warning \
114                     --title="$title" \
115                     --text="$err \n\nCannot set label of
116 $pathname to \n\
117 $flabel\nbecause it does not dominate the label of $dirname")
118             else
119                 x=$(zenity --info \
120                     --title="$title" \
121                     --text="The label of $pathname is now \n$flabel")
122             fi
123         else
124             if [[ -z $1 ]]; then
125                 default=$pathname
126                 break
127             else
128                 exit
129             fi
130         fi
131     done
132 done