aboutsummaryrefslogtreecommitdiff
path: root/toys
diff options
context:
space:
mode:
authorElliott Hughes <enh@google.com>2014-12-23 19:20:24 -0600
committerElliott Hughes <enh@google.com>2014-12-23 19:20:24 -0600
commitd5c66a9fd36777f80ba05301dcfa6789b103e486 (patch)
treecace1cecad6c5507f1a0efd1911f2393a19e0d81 /toys
parent627cd0f0d974e9ba25d95cb8f5e23ac6c9c93aaf (diff)
downloadtoybox-d5c66a9fd36777f80ba05301dcfa6789b103e486.tar.gz
getenforce and setenforce
two more easy SELinux commands:
Diffstat (limited to 'toys')
-rw-r--r--toys/pending/getenforce.c31
-rw-r--r--toys/pending/setenforce.c36
2 files changed, 67 insertions, 0 deletions
diff --git a/toys/pending/getenforce.c b/toys/pending/getenforce.c
new file mode 100644
index 00000000..ce43f523
--- /dev/null
+++ b/toys/pending/getenforce.c
@@ -0,0 +1,31 @@
+/* getenforce.c - Get the current SELinux mode
+ *
+ * Copyright 2014 The Android Open Source Project
+
+USE_GETENFORCE(NEWTOY(getenforce, "", TOYFLAG_USR|TOYFLAG_SBIN))
+
+config GETENFORCE
+ bool "getenforce"
+ default n
+ help
+ usage: getenforce
+
+ Shows whether SELinux is disabled, enforcing, or permissive.
+*/
+
+#define FOR_getenforce
+#include "toys.h"
+#include <selinux/selinux.h>
+
+void getenforce_main(void)
+{
+ if (!is_selinux_enabled())
+ printf("Disabled\n");
+ else {
+ int ret = security_getenforce();
+ if (ret == -1)
+ perror_exit("Couldn't get enforcing status");
+ else
+ printf(ret ? "Enforcing\n" : "Permissive\n");
+ }
+}
diff --git a/toys/pending/setenforce.c b/toys/pending/setenforce.c
new file mode 100644
index 00000000..6953f5ba
--- /dev/null
+++ b/toys/pending/setenforce.c
@@ -0,0 +1,36 @@
+/* setenforce.c - Set the current SELinux mode
+ *
+ * Copyright 2014 The Android Open Source Project
+
+USE_SETENFORCE(NEWTOY(setenforce, "<1", TOYFLAG_USR|TOYFLAG_SBIN))
+
+config SETENFORCE
+ bool "setenforce"
+ default n
+ help
+ usage: setenforce [enforcing|permissive|1|0]
+
+ Sets whether SELinux is enforcing (1) or permissive (0).
+*/
+
+#define FOR_setenforce
+#include "toys.h"
+#include <selinux/selinux.h>
+
+void setenforce_main(void)
+{
+ char *state_str = *toys.optargs;
+ int state;
+ if (!is_selinux_enabled())
+ error_exit("SELinux is disabled");
+ else if (!strcmp(state_str, "1") || !strcasecmp(state_str, "enforcing"))
+ state = 1;
+ else if (!strcmp(state_str, "0") || !strcasecmp(state_str, "permissive"))
+ state = 0;
+ else
+ error_exit("Invalid state: %s", state_str);
+
+ int ret = security_setenforce(state);
+ if (ret == -1)
+ perror_msg("Couldn't set enforcing status to '%s'", state_str);
+}