#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <string.h>
#include <sys/apparmor.h>

#define SELF_EXEC "/proc/self/attr/exec"
#define SELF_CURRENT "/proc/self/attr/current"

void usage(const char *name) {
	printf("%s: profile|exec<profile name> <shell command>\n", name);
	printf("'profile' uses aa_change_profile(3)\n");
	printf("'exec' uses aa_change_onexec(3)\n");
	printf("<shell command> is passed to system(3), so quote it if necessary\n");
	return;
}

char * kill_newline(char *s) {
	char *cr;

	cr = strchr(s, '\n');
	*cr = (char) '\0';

	return s;
}
	
void dump_current_profile(void) {
	int rc;
	int self_current_fd;
	char buf[1024];

	memset(buf, 0, sizeof (buf));

	self_current_fd = open(SELF_CURRENT, O_RDONLY);
	if (self_current_fd < 0) {
		perror("open() of current attr failed");
	} else {
		rc = read(self_current_fd, buf, sizeof(buf));
		printf("Currently running in domain '%s'\n", kill_newline(buf));
	}

	return;
}

void dump_onexec_profile() {
	int rc;
	int self_exec_fd;
	char buf[1024];

	memset(buf, 0, sizeof (buf));

	self_exec_fd = open(SELF_EXEC, O_RDONLY);
	if (self_exec_fd < 0) {
		perror("open() of exec attr failed");
	} else {
		rc = read(self_exec_fd, buf, sizeof(buf));
		printf("Will transition to '%s' domain on exec()\n", kill_newline(buf));
	}

	return;
}


int main(int argc, char *argv[]) {
	char *name;
	char *command;
	char *type;
	int rc;

	if (argc < 3) {
		usage(argv[0]);
		exit(1);
	}


	type = argv[1];
	name = argv[2];
	command = argv[3];

	if (strcmp(type, "profile") == 0) {
		rc = aa_change_profile(name);
		if (rc != 0) {
			perror("aa_change_profile() failed");
			exit(1);
		}

		dump_current_profile();

	} else if (strcmp(type, "exec") == 0) {

		rc = aa_change_onexec(name);
		if (rc != 0) {
			perror("aa_change_onexec() failed");
			exit(1);
		}

		dump_onexec_profile();

	} else {
		printf("command '%s' unknown\n", type);
		exit(1);
	}

	rc = system(command);
	if (rc != 0) {
		perror("system() failed");
		exit(1);
	}
	exit(0);
}