1 #include <unistd.h> 2 #include <fcntl.h> 3 #include <string.h> 4 #include "selinux_internal.h" 5 #include <stdlib.h> 6 #include <errno.h> 7 #include <limits.h> 8 #include <stdio.h> 9 #include "policy.h" 10 11 int is_selinux_enabled(void) 12 { 13 char buf[BUFSIZ]; 14 FILE *fp; 15 char *bufp; 16 int enabled = 0; 17 security_context_t con; 18 19 /* init_selinuxmnt() gets called before this function. We 20 * will assume that if a selinux file system is mounted, then 21 * selinux is enabled. */ 22 if (selinux_mnt) { 23 24 /* Since a file system is mounted, we consider selinux 25 * enabled. If getcon fails, selinux is still enabled. 26 * We only consider it disabled if no policy is loaded. */ 27 enabled = 1; 28 if (getcon(&con) == 0) { 29 if (!strcmp(con, "kernel")) 30 enabled = 0; 31 freecon(con); 32 } 33 return enabled; 34 } 35 36 /* Drop back to detecting it the long way. */ 37 fp = fopen("/proc/filesystems", "r"); 38 if (!fp) 39 return -1; 40 41 while ((bufp = fgets(buf, sizeof buf - 1, fp)) != NULL) { 42 if (strstr(buf, "selinuxfs")) { 43 enabled = 1; 44 break; 45 } 46 } 47 48 if (!bufp) 49 goto out; 50 51 /* Since an selinux file system is available, we consider 52 * selinux enabled. If getcon fails, selinux is still 53 * enabled. We only consider it disabled if no policy is loaded. */ 54 if (getcon(&con) == 0) { 55 if (!strcmp(con, "kernel")) 56 enabled = 0; 57 freecon(con); 58 } 59 60 out: 61 fclose(fp); 62 return enabled; 63 } 64 65 hidden_def(is_selinux_enabled) 66 67 /* 68 * Function: is_selinux_mls_enabled() 69 * Return: 1 on success 70 * 0 on failure 71 */ 72 int is_selinux_mls_enabled(void) 73 { 74 char buf[20], path[PATH_MAX]; 75 int fd, ret, enabled = 0; 76 77 if (!selinux_mnt) 78 return enabled; 79 80 snprintf(path, sizeof path, "%s/mls", selinux_mnt); 81 fd = open(path, O_RDONLY); 82 if (fd < 0) 83 return enabled; 84 85 memset(buf, 0, sizeof buf); 86 87 do { 88 ret = read(fd, buf, sizeof buf - 1); 89 } while (ret < 0 && errno == EINTR); 90 close(fd); 91 if (ret < 0) 92 return enabled; 93 94 if (!strcmp(buf, "1")) 95 enabled = 1; 96 97 return enabled; 98 } 99 100 hidden_def(is_selinux_mls_enabled) 101