# Pastebin zWKOTcO2
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <sys/apparmor.h>

static void
test (const char *label,
      const char *path,
      uint32_t    mask,
      int         should_allow,
      int         should_audit)
{
  int allowed;
  int audited;

  aa_query_dconf (mask, label, path, &allowed, &audited);

  if (allowed == should_allow && audited == should_audit)
    printf ("PASS: ");
  else
    printf ("FAIL: ");

  printf ("path = %s, mask = 0x%x", path, mask);

  if (allowed == should_allow)
    printf (", allowed = %d", allowed);
  else
    printf (", allowed = %d (expected %d)", allowed, should_allow);

  if (audited == should_audit)
    printf (", audited = %d", audited);
  else
    printf (", audited = %d (expected %d)", audited, should_audit);

  printf ("\n");
}

int
main (int   argc,
      char *argv[])
{
  char *label;
  aa_dconf_info info;
  unsigned int i;
  uint32_t mask;
  const char *path;
  int allowed;
  int audited;

  printf ("aa_getcon () -> %d\n", aa_getcon (&label, NULL));
  perror ("aa_getcon ()");
  printf ("label: '%s'\n", label);

  printf ("aa_query_dconf_info () -> %d\n", aa_query_dconf_info (label, &info));
  perror ("aa_query_dconf_info ()");

  printf ("read-only paths:\n");
  for (i = 0; i < info.r_n; i++)
    printf ("%s\n", info.r_paths[i]);

  printf ("\nread-write paths:\n");
  for (i = 0; i < info.rw_n; i++)
    printf ("%s\n", info.rw_paths[i]);

  printf ("\naudited read-only paths:\n");
  for (i = 0; i < info.ar_n; i++)
    printf ("%s\n", info.ar_paths[i]);

  printf ("\naudited read-write paths:\n");
  for (i = 0; i < info.arw_n; i++)
    printf ("%s\n", info.arw_paths[i]);

  aa_clear_dconf_info (&info);

  printf ("\n");

  test (label, "/a", AA_DCONF_READ, 1, 0);
  test (label, "/a", AA_DCONF_WRITE, 0, 1);
  test (label, "/a", AA_DCONF_READ | AA_DCONF_WRITE, 0, 1);
  test (label, "/a/b", AA_DCONF_READ, 0, 1);
  test (label, "/b/c", AA_DCONF_READ, 0, 1);
  test (label, "/b/c/", AA_DCONF_READ, 1, 0);
  test (label, "/b/c/d", AA_DCONF_READ, 1, 0);
  test (label, "/d", AA_DCONF_READ, 1, 0);
  test (label, "/d", AA_DCONF_WRITE, 1, 0);
  test (label, "/d", AA_DCONF_READ | AA_DCONF_WRITE, 1, 0);
  test (label, "/e/f", AA_DCONF_READ | AA_DCONF_WRITE, 0, 1);
  test (label, "/e/f/", AA_DCONF_READ | AA_DCONF_WRITE, 1, 0);
  test (label, "/e/f/g", AA_DCONF_READ | AA_DCONF_WRITE, 1, 0);
  test (label, "/g", AA_DCONF_READ, 1, 1);
  test (label, "/g/h", AA_DCONF_READ, 0, 1);
  test (label, "/h/i", AA_DCONF_READ, 0, 1);
  test (label, "/h/i/", AA_DCONF_READ, 1, 1);
  test (label, "/h/i/j", AA_DCONF_READ, 1, 1);
  test (label, "/j", AA_DCONF_READ, 1, 1);
  test (label, "/j/k", AA_DCONF_READ, 0, 1);
  test (label, "/k/l/m", AA_DCONF_READ, 1, 1);
  test (label, "/k/l/m", AA_DCONF_WRITE, 1, 1);
  test (label, "/k/l/m", AA_DCONF_READ | AA_DCONF_WRITE, 1, 1);

  free (label);

  return 0;
}