/* setenforce.c - Set the current SELinux mode
 *
 * Copyright 2014 The Android Open Source Project

USE_SETENFORCE(NEWTOY(setenforce, "<1>1", TOYFLAG_USR|TOYFLAG_SBIN))

config SETENFORCE
  bool "setenforce"
  default y
  depends on TOYBOX_SELINUX
  help
    usage: setenforce [enforcing|permissive|1|0]

    Sets whether SELinux is enforcing (1) or permissive (0).
*/

#define FOR_setenforce
#include "toys.h"

void setenforce_main(void)
{
  char *new = *toys.optargs;
  int state, ret;

  if (!is_selinux_enabled()) error_exit("SELinux is disabled");
  else if (!strcmp(new, "1") || !strcasecmp(new, "enforcing")) state = 1;
  else if (!strcmp(new, "0") || !strcasecmp(new, "permissive")) state = 0;
  else error_exit("Invalid state: %s", new);

  ret = security_setenforce(state);
  if (ret == -1) perror_msg("Couldn't set enforcing status to '%s'", new);
}