diff options
author | Elliott Hughes <enh@google.com> | 2014-12-23 19:20:24 -0600 |
---|---|---|
committer | Elliott Hughes <enh@google.com> | 2014-12-23 19:20:24 -0600 |
commit | d5c66a9fd36777f80ba05301dcfa6789b103e486 (patch) | |
tree | cace1cecad6c5507f1a0efd1911f2393a19e0d81 /toys/pending/setenforce.c | |
parent | 627cd0f0d974e9ba25d95cb8f5e23ac6c9c93aaf (diff) | |
download | toybox-d5c66a9fd36777f80ba05301dcfa6789b103e486.tar.gz |
getenforce and setenforce
two more easy SELinux commands:
Diffstat (limited to 'toys/pending/setenforce.c')
-rw-r--r-- | toys/pending/setenforce.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/toys/pending/setenforce.c b/toys/pending/setenforce.c new file mode 100644 index 00000000..6953f5ba --- /dev/null +++ b/toys/pending/setenforce.c @@ -0,0 +1,36 @@ +/* setenforce.c - Set the current SELinux mode + * + * Copyright 2014 The Android Open Source Project + +USE_SETENFORCE(NEWTOY(setenforce, "<1", TOYFLAG_USR|TOYFLAG_SBIN)) + +config SETENFORCE + bool "setenforce" + default n + help + usage: setenforce [enforcing|permissive|1|0] + + Sets whether SELinux is enforcing (1) or permissive (0). +*/ + +#define FOR_setenforce +#include "toys.h" +#include <selinux/selinux.h> + +void setenforce_main(void) +{ + char *state_str = *toys.optargs; + int state; + if (!is_selinux_enabled()) + error_exit("SELinux is disabled"); + else if (!strcmp(state_str, "1") || !strcasecmp(state_str, "enforcing")) + state = 1; + else if (!strcmp(state_str, "0") || !strcasecmp(state_str, "permissive")) + state = 0; + else + error_exit("Invalid state: %s", state_str); + + int ret = security_setenforce(state); + if (ret == -1) + perror_msg("Couldn't set enforcing status to '%s'", state_str); +} |