1 files changed, 31 insertions, 0 deletions

diff --git a/toys/pending/getenforce.c b/toys/pending/getenforce.c
new file mode 100644
index 00000000..ce43f523
--- /dev/null
+++ b/toys/pending/getenforce.c
@@ -0,0 +1,31 @@
+/* getenforce.c - Get the current SELinux mode
+ *
+ * Copyright 2014 The Android Open Source Project
+
+USE_GETENFORCE(NEWTOY(getenforce, "", TOYFLAG_USR|TOYFLAG_SBIN))
+
+config GETENFORCE
+  bool "getenforce"
+  default n
+  help
+    usage: getenforce
+
+    Shows whether SELinux is disabled, enforcing, or permissive.
+*/
+
+#define FOR_getenforce
+#include "toys.h"
+#include <selinux/selinux.h>
+
+void getenforce_main(void)
+{
+  if (!is_selinux_enabled())
+    printf("Disabled\n");
+  else {
+    int ret = security_getenforce();
+    if (ret == -1)
+      perror_exit("Couldn't get enforcing status");
+    else
+      printf(ret ? "Enforcing\n" : "Permissive\n");
+  }
+}