blob: 6953f5ba909d66b912685bed5320589d7c08d507 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
/* setenforce.c - Set the current SELinux mode
*
* Copyright 2014 The Android Open Source Project
USE_SETENFORCE(NEWTOY(setenforce, "<1", TOYFLAG_USR|TOYFLAG_SBIN))
config SETENFORCE
bool "setenforce"
default n
help
usage: setenforce [enforcing|permissive|1|0]
Sets whether SELinux is enforcing (1) or permissive (0).
*/
#define FOR_setenforce
#include "toys.h"
#include <selinux/selinux.h>
void setenforce_main(void)
{
char *state_str = *toys.optargs;
int state;
if (!is_selinux_enabled())
error_exit("SELinux is disabled");
else if (!strcmp(state_str, "1") || !strcasecmp(state_str, "enforcing"))
state = 1;
else if (!strcmp(state_str, "0") || !strcasecmp(state_str, "permissive"))
state = 0;
else
error_exit("Invalid state: %s", state_str);
int ret = security_setenforce(state);
if (ret == -1)
perror_msg("Couldn't set enforcing status to '%s'", state_str);
}
|
