aboutsummaryrefslogtreecommitdiff
path: root/toys/android/setenforce.c
diff options
context:
space:
mode:
Diffstat (limited to 'toys/android/setenforce.c')
-rw-r--r--toys/android/setenforce.c32
1 files changed, 32 insertions, 0 deletions
diff --git a/toys/android/setenforce.c b/toys/android/setenforce.c
new file mode 100644
index 00000000..68957465
--- /dev/null
+++ b/toys/android/setenforce.c
@@ -0,0 +1,32 @@
+/* setenforce.c - Set the current SELinux mode
+ *
+ * Copyright 2014 The Android Open Source Project
+
+USE_SETENFORCE(NEWTOY(setenforce, "<1", TOYFLAG_USR|TOYFLAG_SBIN))
+
+config SETENFORCE
+ bool "setenforce"
+ default y
+ depends on TOYBOX_SELINUX
+ help
+ usage: setenforce [enforcing|permissive|1|0]
+
+ Sets whether SELinux is enforcing (1) or permissive (0).
+*/
+
+#define FOR_setenforce
+#include "toys.h"
+
+void setenforce_main(void)
+{
+ char *new = *toys.optargs;
+ int state, ret;
+
+ if (!is_selinux_enabled()) error_exit("SELinux is disabled");
+ else if (!strcmp(new, "1") || !strcasecmp(new, "enforcing")) state = 1;
+ else if (!strcmp(new, "0") || !strcasecmp(new, "permissive")) state = 0;
+ else error_exit("Invalid state: %s", new);
+
+ ret = security_setenforce(state);
+ if (ret == -1) perror_msg("Couldn't set enforcing status to '%s'", new);
+}