LXR busybox/selinux/setenforce.c

   1/*
   2 * setenforce
   3 *
   4 * Based on libselinux 1.33.1
   5 * Port to BusyBox  Hiroshi Shinji <shiroshi@my.email.ne.jp>
   6 *
   7 * Licensed under GPLv2, see file LICENSE in this source tree.
   8 */
   9//config:config SETENFORCE
  10//config:       bool "setenforce (2.1 kb)"
  11//config:       default n
  12//config:       depends on SELINUX
  13//config:       help
  14//config:       Enable support to modify the mode SELinux is running in.
  15
  16//applet:IF_SETENFORCE(APPLET(setenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
  17
  18//kbuild:lib-$(CONFIG_SETENFORCE) += setenforce.o
  19
  20//usage:#define setenforce_trivial_usage
  21//usage:       "[Enforcing | Permissive | 1 | 0]"
  22//usage:#define setenforce_full_usage ""
  23
  24#include "libbb.h"
  25
  26/* These strings are arranged so that odd ones
  27 * result in security_setenforce(1) being done,
  28 * the rest will do security_setenforce(0) */
  29static const char *const setenforce_cmd[] = {
  30        "0",
  31        "1",
  32        "permissive",
  33        "enforcing",
  34        NULL,
  35};
  36
  37int setenforce_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  38int setenforce_main(int argc UNUSED_PARAM, char **argv)
  39{
  40        int i, rc;
  41
  42        if (!argv[1] || argv[2])
  43                bb_show_usage();
  44
  45        selinux_or_die();
  46
  47        for (i = 0; setenforce_cmd[i]; i++) {
  48                if (strcasecmp(argv[1], setenforce_cmd[i]) != 0)
  49                        continue;
  50                rc = security_setenforce(i & 1);
  51                if (rc < 0)
  52                        bb_perror_msg_and_die("setenforce() failed");
  53                return 0;
  54        }
  55
  56        bb_show_usage();
  57}
  58