aboutsummaryrefslogtreecommitdiff
path: root/toys/pending/setenforce.c
blob: 6953f5ba909d66b912685bed5320589d7c08d507 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
/* setenforce.c - Set the current SELinux mode
 *
 * Copyright 2014 The Android Open Source Project

USE_SETENFORCE(NEWTOY(setenforce, "<1", TOYFLAG_USR|TOYFLAG_SBIN))

config SETENFORCE
  bool "setenforce"
  default n
  help
    usage: setenforce [enforcing|permissive|1|0]

    Sets whether SELinux is enforcing (1) or permissive (0).
*/

#define FOR_setenforce
#include "toys.h"
#include <selinux/selinux.h>

void setenforce_main(void)
{
  char *state_str = *toys.optargs;
  int state;
  if (!is_selinux_enabled())
    error_exit("SELinux is disabled");
  else if (!strcmp(state_str, "1") || !strcasecmp(state_str, "enforcing"))
    state = 1;
  else if (!strcmp(state_str, "0") || !strcasecmp(state_str, "permissive"))
    state = 0;
  else
    error_exit("Invalid state: %s", state_str);

  int ret = security_setenforce(state);
  if (ret == -1)
    perror_msg("Couldn't set enforcing status to '%s'", state_str);
}