#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <limits.h>
#include "selinux_internal.h"
#include "policy.h"
#include "mapping.h"

int security_validatetrans_raw(const char *scon,
			       const char *tcon,
			       security_class_t tclass,
			       const char *newcon)
{
	char path[PATH_MAX];
	char *buf = NULL;
	int size, bufsz;
	int fd, ret = -1;
	errno = ENOENT;

	if (!selinux_mnt) {
		return -1;
	}

	snprintf(path, sizeof path, "%s/validatetrans", selinux_mnt);
	fd = open(path, O_WRONLY | O_CLOEXEC);
	if (fd < 0) {
		return -1;
	}

	errno = EINVAL;
	size = selinux_page_size;
	buf = malloc(size);
	if (!buf) {
		goto out;
	}

	bufsz = snprintf(buf, size, "%s %s %hu %s", scon, tcon, unmap_class(tclass), newcon);
	if (bufsz >= size || bufsz < 0) {
		// It got truncated or there was an encoding error
		goto out;
	}

	// clear errno for write()
	errno = 0;
	ret = write(fd, buf, strlen(buf));
	if (ret > 0) {
		// The kernel returns the bytes written on success, not 0 as noted in the commit message
		ret = 0;
	}
out:
	free(buf);
	close(fd);
	return ret;
}


int security_validatetrans(const char *scon,
			   const char *tcon,
			   security_class_t tclass,
			   const char *newcon)
{
	int ret = -1;
	char *rscon = NULL;
	char *rtcon = NULL;
	char *rnewcon = NULL;

	if (selinux_trans_to_raw_context(scon, &rscon)) {
		goto out;
	}

	if (selinux_trans_to_raw_context(tcon, &rtcon)) {
		goto out;
	}

	if (selinux_trans_to_raw_context(newcon, &rnewcon)) {
		goto out;
	}

	ret = security_validatetrans_raw(rscon, rtcon, tclass, rnewcon);

out:
	freecon(rnewcon);
	freecon(rtcon);
	freecon(rscon);

	return ret;
}