Home | History | Annotate | Download | only in src 
      1 #include <unistd.h>
      2 #include <fcntl.h>
      3 #include <string.h>
      4 #include "selinux_internal.h"
      5 #include <stdlib.h>
      6 #include <errno.h>
      7 #include <limits.h>
      8 #include <stdio.h>
      9 #include "policy.h"
     10 
     11 int is_selinux_enabled(void)
     12 {
     13 	char buf[BUFSIZ];
     14 	FILE *fp;
     15 	char *bufp;
     16 	size_t len;
     17 	int enabled = 0;
     18 	security_context_t con;
     19 
     20 	/* init_selinuxmnt() gets called before this function. We
     21  	 * will assume that if a selinux file system is mounted, then
     22  	 * selinux is enabled. */
     23 	if (selinux_mnt) {
     24 
     25 		/* Since a file system is mounted, we consider selinux
     26 		 * enabled. If getcon fails, selinux is still enabled.
     27 		 * We only consider it disabled if no policy is loaded. */
     28 		enabled = 1;
     29 		if (getcon(&con) == 0) {
     30 			if (!strcmp(con, "kernel"))
     31 				enabled = 0;
     32 			freecon(con);
     33 		}
     34 		return enabled;
     35         }
     36 
     37 	/* Drop back to detecting it the long way. */
     38 	fp = fopen("/proc/filesystems", "r");
     39 	if (!fp)
     40 		return -1;
     41 
     42 	while ((bufp = fgets(buf, sizeof buf - 1, fp)) != NULL) {
     43 		if (strstr(buf, "selinuxfs")) {
     44 			enabled = 1;
     45 			break;
     46 		}
     47 	}
     48 
     49 	if (!bufp)
     50 		goto out;
     51 
     52 	/* Since an selinux file system is available, we consider
     53 	 * selinux enabled. If getcon fails, selinux is still
     54 	 * enabled. We only consider it disabled if no policy is loaded. */
     55 	if (getcon(&con) == 0) {
     56 		if (!strcmp(con, "kernel"))
     57 			enabled = 0;
     58 		freecon(con);
     59 	}
     60 
     61       out:
     62 	fclose(fp);
     63 	return enabled;
     64 }
     65 
     66 hidden_def(is_selinux_enabled)
     67 
     68 /*
     69  * Function: is_selinux_mls_enabled()
     70  * Return:   1 on success
     71  *	     0 on failure
     72  */
     73 int is_selinux_mls_enabled(void)
     74 {
     75 	char buf[20], path[PATH_MAX];
     76 	int fd, ret, enabled = 0;
     77 
     78 	if (!selinux_mnt)
     79 		return enabled;
     80 
     81 	snprintf(path, sizeof path, "%s/mls", selinux_mnt);
     82 	fd = open(path, O_RDONLY);
     83 	if (fd < 0)
     84 		return enabled;
     85 
     86 	memset(buf, 0, sizeof buf);
     87 
     88 	do {
     89 		ret = read(fd, buf, sizeof buf - 1);
     90 	} while (ret < 0 && errno == EINTR);
     91 	close(fd);
     92 	if (ret < 0)
     93 		return enabled;
     94 
     95 	if (!strcmp(buf, "1"))
     96 		enabled = 1;
     97 
     98 	return enabled;
     99 }
    100 
    101 hidden_def(is_selinux_mls_enabled)
    102