diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2015-03-13 14:01:58 -0400 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2015-03-13 14:01:58 -0400 |
commit | d4b2d8923f9f85f5691aac1e230449052d56c1fd (patch) | |
tree | bb67e7a6f292b55e0310abc86cb7a28a8f76a8ca /toolbox | |
parent | bd518bce07094ccc2e91df67e072de94ca7db442 (diff) | |
download | system_core-d4b2d8923f9f85f5691aac1e230449052d56c1fd.zip system_core-d4b2d8923f9f85f5691aac1e230449052d56c1fd.tar.gz system_core-d4b2d8923f9f85f5691aac1e230449052d56c1fd.tar.bz2 |
Remove getsebool/setsebool from init and toolbox.
These were leftovers from the SELinux boolean support that
was originally merged. Since Android prohibits SELinux policy
booleans, we can just drop it.
Change-Id: I02f646a7d8db65e153702205b082b87a73f60d73
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'toolbox')
-rw-r--r-- | toolbox/Android.mk | 2 | ||||
-rw-r--r-- | toolbox/getsebool.c | 104 | ||||
-rw-r--r-- | toolbox/setsebool.c | 46 |
3 files changed, 0 insertions, 152 deletions
diff --git a/toolbox/Android.mk b/toolbox/Android.mk index 2c7544c..424ba23 100644 --- a/toolbox/Android.mk +++ b/toolbox/Android.mk @@ -44,7 +44,6 @@ OUR_TOOLS := \ df \ getevent \ getprop \ - getsebool \ iftop \ ioctl \ ionice \ @@ -64,7 +63,6 @@ OUR_TOOLS := \ schedtop \ sendevent \ setprop \ - setsebool \ smd \ start \ stop \ diff --git a/toolbox/getsebool.c b/toolbox/getsebool.c deleted file mode 100644 index aab5200..0000000 --- a/toolbox/getsebool.c +++ /dev/null @@ -1,104 +0,0 @@ -#include <unistd.h> -#include <stdlib.h> -#include <stdio.h> -#include <getopt.h> -#include <errno.h> -#include <string.h> -#include <selinux/selinux.h> - -static void usage(const char *progname) -{ - fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname); - exit(1); -} - -int getsebool_main(int argc, char **argv) -{ - int i, get_all = 0, rc = 0, active, pending, len = 0, opt; - char **names; - - while ((opt = getopt(argc, argv, "a")) > 0) { - switch (opt) { - case 'a': - if (argc > 2) - usage(argv[0]); - if (is_selinux_enabled() <= 0) { - fprintf(stderr, "%s: SELinux is disabled\n", - argv[0]); - return 1; - } - errno = 0; - rc = security_get_boolean_names(&names, &len); - if (rc) { - fprintf(stderr, - "%s: Unable to get boolean names: %s\n", - argv[0], strerror(errno)); - return 1; - } - if (!len) { - printf("No booleans\n"); - return 0; - } - get_all = 1; - break; - default: - usage(argv[0]); - } - } - - if (is_selinux_enabled() <= 0) { - fprintf(stderr, "%s: SELinux is disabled\n", argv[0]); - return 1; - } - if (!len) { - if (argc < 2) - usage(argv[0]); - len = argc - 1; - names = malloc(sizeof(char *) * len); - if (!names) { - fprintf(stderr, "%s: out of memory\n", argv[0]); - return 2; - } - for (i = 0; i < len; i++) { - names[i] = strdup(argv[i + 1]); - if (!names[i]) { - fprintf(stderr, "%s: out of memory\n", - argv[0]); - return 2; - } - } - } - - for (i = 0; i < len; i++) { - active = security_get_boolean_active(names[i]); - if (active < 0) { - if (get_all && errno == EACCES) - continue; - fprintf(stderr, "Error getting active value for %s\n", - names[i]); - rc = -1; - goto out; - } - pending = security_get_boolean_pending(names[i]); - if (pending < 0) { - fprintf(stderr, "Error getting pending value for %s\n", - names[i]); - rc = -1; - goto out; - } - if (pending != active) { - printf("%s --> %s pending: %s\n", names[i], - (active ? "on" : "off"), - (pending ? "on" : "off")); - } else { - printf("%s --> %s\n", names[i], - (active ? "on" : "off")); - } - } - -out: - for (i = 0; i < len; i++) - free(names[i]); - free(names); - return rc; -} diff --git a/toolbox/setsebool.c b/toolbox/setsebool.c deleted file mode 100644 index f79a612..0000000 --- a/toolbox/setsebool.c +++ /dev/null @@ -1,46 +0,0 @@ -#include <unistd.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <errno.h> -#include <selinux/selinux.h> -#include <errno.h> - -static int do_setsebool(int nargs, char **args) { - const char *name = args[1]; - const char *value = args[2]; - SELboolean b; - - if (is_selinux_enabled() <= 0) - return 0; - - b.name = name; - if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on")) - b.value = 1; - else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off")) - b.value = 0; - else { - fprintf(stderr, "setsebool: invalid value %s\n", value); - return -1; - } - - if (security_set_boolean_list(1, &b, 0) < 0) - { - fprintf(stderr, "setsebool: could not set %s to %s: %s", name, value, strerror(errno)); - return -1; - } - - return 0; -} - -int setsebool_main(int argc, char **argv) -{ - if (argc != 3) { - fprintf(stderr, "Usage: %s name value\n", argv[0]); - exit(1); - } - - return do_setsebool(argc, argv); -} |