commit 8290d1083ec7eee3f32265012f5d6be2774c4afc
author Stephen Smalley <sds@tycho.nsa.gov> Fri Jan 13 08:53:56 2012 -0500
committer Stephen Smalley <sds@tycho.nsa.gov> Fri Feb 03 11:11:15 2012 -0500
tree 6d7e239b2a5b3d4a8faf8c3f404f8d9b3270f61d
parent 0458d373261d89979529853fa63cdd998b12e04a

Extend toolbox with SE Android support.

Add -Z option to ls and ps for displaying security contexts.
Modify id to display security context.
Add new SELinux commands: chcon, getenforce, getsebool, load_policy, restorecon, runcon, setenforce, setsebool.

Change-Id: Ia20941be4a6cd706fe392fed6e38a37d880ec5f1

toolbox/getenforce.c

diff --git a/toolbox/getenforce.c b/toolbox/getenforce.c
new file mode 100644
index 0000000..9e7589a
--- /dev/null
+++ b/toolbox/getenforce.c
@@ -0,0 +1,30 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+
+int getenforce_main(int argc, char **argv)
+{
+    int rc;
+
+    rc = is_selinux_enabled();
+    if (rc <= 0) {
+        printf("Disabled\n");
+        return 0;
+    }
+
+    rc = security_getenforce();
+    if (rc < 0) {
+        fprintf(stderr, "Could not get enforcing status:  %s\n",
+                strerror(errno));
+        return 2;
+    }
+
+    if (rc)
+        printf("Enforcing\n");
+    else
+        printf("Permissive\n");
+
+    return 0;
+}