| Stephen Smalley | 8290d10 | 2012-01-13 08:53:56 -0500 | [diff] [blame] | 1 | #include <unistd.h> |
| 2 | #include <stdlib.h> |
| 3 | #include <stdio.h> |
| 4 | #include <getopt.h> |
| 5 | #include <errno.h> |
| 6 | #include <string.h> |
| 7 | #include <selinux/selinux.h> |
| 8 | |
| 9 | static void usage(const char *progname) |
| 10 | { |
| 11 | fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname); |
| 12 | exit(1); |
| 13 | } |
| 14 | |
| 15 | int getsebool_main(int argc, char **argv) |
| 16 | { |
| 17 | int i, get_all = 0, rc = 0, active, pending, len = 0, opt; |
| 18 | char **names; |
| 19 | |
| 20 | while ((opt = getopt(argc, argv, "a")) > 0) { |
| 21 | switch (opt) { |
| 22 | case 'a': |
| 23 | if (argc > 2) |
| 24 | usage(argv[0]); |
| 25 | if (is_selinux_enabled() <= 0) { |
| 26 | fprintf(stderr, "%s: SELinux is disabled\n", |
| 27 | argv[0]); |
| 28 | return 1; |
| 29 | } |
| 30 | errno = 0; |
| 31 | rc = security_get_boolean_names(&names, &len); |
| 32 | if (rc) { |
| 33 | fprintf(stderr, |
| 34 | "%s: Unable to get boolean names: %s\n", |
| 35 | argv[0], strerror(errno)); |
| 36 | return 1; |
| 37 | } |
| 38 | if (!len) { |
| 39 | printf("No booleans\n"); |
| 40 | return 0; |
| 41 | } |
| 42 | get_all = 1; |
| 43 | break; |
| 44 | default: |
| 45 | usage(argv[0]); |
| 46 | } |
| 47 | } |
| 48 | |
| 49 | if (is_selinux_enabled() <= 0) { |
| 50 | fprintf(stderr, "%s: SELinux is disabled\n", argv[0]); |
| 51 | return 1; |
| 52 | } |
| 53 | if (!len) { |
| 54 | if (argc < 2) |
| 55 | usage(argv[0]); |
| 56 | len = argc - 1; |
| 57 | names = malloc(sizeof(char *) * len); |
| 58 | if (!names) { |
| 59 | fprintf(stderr, "%s: out of memory\n", argv[0]); |
| 60 | return 2; |
| 61 | } |
| 62 | for (i = 0; i < len; i++) { |
| 63 | names[i] = strdup(argv[i + 1]); |
| 64 | if (!names[i]) { |
| 65 | fprintf(stderr, "%s: out of memory\n", |
| 66 | argv[0]); |
| 67 | return 2; |
| 68 | } |
| 69 | } |
| 70 | } |
| 71 | |
| 72 | for (i = 0; i < len; i++) { |
| 73 | active = security_get_boolean_active(names[i]); |
| 74 | if (active < 0) { |
| 75 | if (get_all && errno == EACCES) |
| 76 | continue; |
| 77 | fprintf(stderr, "Error getting active value for %s\n", |
| 78 | names[i]); |
| 79 | rc = -1; |
| 80 | goto out; |
| 81 | } |
| 82 | pending = security_get_boolean_pending(names[i]); |
| 83 | if (pending < 0) { |
| 84 | fprintf(stderr, "Error getting pending value for %s\n", |
| 85 | names[i]); |
| 86 | rc = -1; |
| 87 | goto out; |
| 88 | } |
| 89 | if (pending != active) { |
| 90 | printf("%s --> %s pending: %s\n", names[i], |
| 91 | (active ? "on" : "off"), |
| 92 | (pending ? "on" : "off")); |
| 93 | } else { |
| 94 | printf("%s --> %s\n", names[i], |
| 95 | (active ? "on" : "off")); |
| 96 | } |
| 97 | } |
| 98 | |
| 99 | out: |
| 100 | for (i = 0; i < len; i++) |
| 101 | free(names[i]); |
| 102 | free(names); |
| 103 | return rc; |
| 104 | } |