Home | History | Annotate | Download | only in utils
      1 #include <unistd.h>
      2 #include <stdio.h>
      3 #include <stdlib.h>
      4 #include <libgen.h>
      5 #include <errno.h>
      6 #include <selinux/selinux.h>
      7 #include <syslog.h>
      8 #include <pwd.h>
      9 #include <string.h>
     10 
     11 /* Attempt to rollback the transaction. No need to check error
     12    codes since this is rolling back something that blew up. */
     13 static void rollback(int argc, char **argv)
     14 {
     15 	int i;
     16 
     17 	for (i = 1; i < argc; i++)
     18 		security_set_boolean(argv[i],
     19 				     security_get_boolean_active(argv[i]));
     20 	exit(1);
     21 }
     22 
     23 int main(int argc, char **argv)
     24 {
     25 
     26 	int rc, i, commit = 0;
     27 
     28 	if (is_selinux_enabled() <= 0) {
     29 		fprintf(stderr, "%s:  SELinux is disabled\n", argv[0]);
     30 		return 1;
     31 	}
     32 
     33 	if (argc < 2) {
     34 		printf("Usage:  %s boolname1 [boolname2 ...]\n",
     35 		       basename(argv[0]));
     36 		return 1;
     37 	}
     38 
     39 	for (i = 1; i < argc; i++) {
     40 		printf("%s: ", argv[i]);
     41 		rc = security_get_boolean_active(argv[i]);
     42 		switch (rc) {
     43 		case 1:
     44 			if (security_set_boolean(argv[i], 0) >= 0) {
     45 				printf("inactive\n");
     46 				commit++;
     47 			} else {
     48 				printf("%s - rolling back all changes\n",
     49 				       strerror(errno));
     50 				rollback(i, argv);
     51 			}
     52 			break;
     53 		case 0:
     54 			if (security_set_boolean(argv[i], 1) >= 0) {
     55 				printf("active\n");
     56 				commit++;
     57 			} else {
     58 				printf("%s - rolling back all changes\n",
     59 				       strerror(errno));
     60 				rollback(i, argv);
     61 			}
     62 			break;
     63 		default:
     64 			if (errno == ENOENT)
     65 				printf
     66 				    ("Boolean does not exist - rolling back all changes.\n");
     67 			else
     68 				printf("%s - rolling back all changes.\n",
     69 				       strerror(errno));
     70 			rollback(i, argv);
     71 			break;	/* Not reached. */
     72 		}
     73 	}
     74 
     75 	if (commit > 0) {
     76 		if (security_commit_booleans() < 0) {
     77 			printf("Commit failed. (%s)  No change to booleans.\n",
     78 			       strerror(errno));
     79 		} else {
     80 			/* syslog all the changes */
     81 			struct passwd *pwd = getpwuid(getuid());
     82 			for (i = 1; i < argc; i++) {
     83 				if (pwd && pwd->pw_name)
     84 					syslog(LOG_NOTICE,
     85 					       "The %s policy boolean was toggled by %s",
     86 					       argv[i], pwd->pw_name);
     87 				else
     88 					syslog(LOG_NOTICE,
     89 					       "The %s policy boolean was toggled by uid:%u",
     90 					       argv[i], getuid());
     91 
     92 			}
     93 			return 0;
     94 		}
     95 	}
     96 	return 1;
     97 }
     98