summaryrefslogtreecommitdiffstats
path: root/toolbox/getsebool.c
blob: aab520020a97479072c572b42ab85d27a2519080 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <getopt.h>
#include <errno.h>
#include <string.h>
#include <selinux/selinux.h>

static void usage(const char *progname)
{
    fprintf(stderr, "usage:  %s -a or %s boolean...\n", progname, progname);
    exit(1);
}

int getsebool_main(int argc, char **argv)
{
    int i, get_all = 0, rc = 0, active, pending, len = 0, opt;
    char **names;

    while ((opt = getopt(argc, argv, "a")) > 0) {
        switch (opt) {
        case 'a':
            if (argc > 2)
                usage(argv[0]);
            if (is_selinux_enabled() <= 0) {
                fprintf(stderr, "%s:  SELinux is disabled\n",
                        argv[0]);
                return 1;
            }
            errno = 0;
            rc = security_get_boolean_names(&names, &len);
            if (rc) {
                fprintf(stderr,
                        "%s:  Unable to get boolean names:  %s\n",
                        argv[0], strerror(errno));
                return 1;
            }
            if (!len) {
                printf("No booleans\n");
                return 0;
            }
            get_all = 1;
            break;
        default:
            usage(argv[0]);
        }
    }

    if (is_selinux_enabled() <= 0) {
        fprintf(stderr, "%s:  SELinux is disabled\n", argv[0]);
        return 1;
    }
    if (!len) {
        if (argc < 2)
            usage(argv[0]);
        len = argc - 1;
        names = malloc(sizeof(char *) * len);
        if (!names) {
            fprintf(stderr, "%s:  out of memory\n", argv[0]);
            return 2;
        }
        for (i = 0; i < len; i++) {
            names[i] = strdup(argv[i + 1]);
            if (!names[i]) {
                fprintf(stderr, "%s:  out of memory\n",
                        argv[0]);
                return 2;
            }
        }
    }

    for (i = 0; i < len; i++) {
        active = security_get_boolean_active(names[i]);
        if (active < 0) {
            if (get_all && errno == EACCES)
                continue;
            fprintf(stderr, "Error getting active value for %s\n",
                    names[i]);
            rc = -1;
            goto out;
        }
        pending = security_get_boolean_pending(names[i]);
        if (pending < 0) {
            fprintf(stderr, "Error getting pending value for %s\n",
                    names[i]);
            rc = -1;
            goto out;
        }
        if (pending != active) {
            printf("%s --> %s pending: %s\n", names[i],
                   (active ? "on" : "off"),
                   (pending ? "on" : "off"));
        } else {
            printf("%s --> %s\n", names[i],
                   (active ? "on" : "off"));
        }
    }

out:
    for (i = 0; i < len; i++)
        free(names[i]);
    free(names);
    return rc;
}