Home | History | Annotate | Download | only in utils
      1 #include <unistd.h>
      2 #include <stdlib.h>
      3 #include <stdio.h>
      4 #include <getopt.h>
      5 #include <errno.h>
      6 #include <string.h>
      7 #include <selinux/selinux.h>
      8 
      9 static void usage(const char *progname)
     10 {
     11 	fprintf(stderr, "usage:  %s -a or %s boolean...\n", progname, progname);
     12 	exit(1);
     13 }
     14 
     15 int main(int argc, char **argv)
     16 {
     17 	int i, get_all = 0, rc = 0, active, pending, len = 0, opt;
     18 	char **names;
     19 
     20 	while ((opt = getopt(argc, argv, "a")) > 0) {
     21 		switch (opt) {
     22 		case 'a':
     23 			if (argc > 2)
     24 				usage(argv[0]);
     25 			if (is_selinux_enabled() <= 0) {
     26 				fprintf(stderr, "%s:  SELinux is disabled\n",
     27 					argv[0]);
     28 				return 1;
     29 			}
     30 			errno = 0;
     31 			rc = security_get_boolean_names(&names, &len);
     32 			if (rc) {
     33 				fprintf(stderr,
     34 					"%s:  Unable to get boolean names:  %s\n",
     35 					argv[0], strerror(errno));
     36 				return 1;
     37 			}
     38 			if (!len) {
     39 				printf("No booleans\n");
     40 				return 0;
     41 			}
     42 			get_all = 1;
     43 			break;
     44 		default:
     45 			usage(argv[0]);
     46 		}
     47 	}
     48 
     49 	if (is_selinux_enabled() <= 0) {
     50 		fprintf(stderr, "%s:  SELinux is disabled\n", argv[0]);
     51 		return 1;
     52 	}
     53 
     54 	if (!len) {
     55 		if (argc < 2)
     56 			usage(argv[0]);
     57 		len = argc - 1;
     58 		names = malloc(sizeof(char *) * len);
     59 		if (!names) {
     60 			fprintf(stderr, "%s:  out of memory\n", argv[0]);
     61 			return 2;
     62 		}
     63 		for (i = 0; i < len; i++) {
     64 			names[i] = strdup(argv[i + 1]);
     65 			if (!names[i]) {
     66 				fprintf(stderr, "%s:  out of memory\n",
     67 					argv[0]);
     68 				return 2;
     69 			}
     70 		}
     71 	}
     72 
     73 	for (i = 0; i < len; i++) {
     74 		active = security_get_boolean_active(names[i]);
     75 		if (active < 0) {
     76 			if (get_all && errno == EACCES)
     77 				continue;
     78 			fprintf(stderr, "Error getting active value for %s\n",
     79 				names[i]);
     80 			rc = -1;
     81 			goto out;
     82 		}
     83 		pending = security_get_boolean_pending(names[i]);
     84 		if (pending < 0) {
     85 			fprintf(stderr, "Error getting pending value for %s\n",
     86 				names[i]);
     87 			rc = -1;
     88 			goto out;
     89 		}
     90 		char *alt_name = selinux_boolean_sub(names[i]);
     91 		if (! alt_name) {
     92 			perror("Out of memory\n");
     93 			rc = -1;
     94 			goto out;
     95 		}
     96 
     97 		if (pending != active) {
     98 			printf("%s --> %s pending: %s\n", alt_name,
     99 			       (active ? "on" : "off"),
    100 			       (pending ? "on" : "off"));
    101 		} else {
    102 			printf("%s --> %s\n", alt_name,
    103 			       (active ? "on" : "off"));
    104 		}
    105 		free(alt_name);
    106 	}
    107 
    108       out:
    109 	for (i = 0; i < len; i++)
    110 		free(names[i]);
    111 	free(names);
    112 	return rc;
    113 }
    114