Mercurial > hg > toybox

view toys/android/setenforce.c @ 1764:276664aa5ced draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Promote setenforce to android.
author Rob Landley <rob@landley.net>
date Fri, 27 Mar 2015 22:03:13 -0500
parents toys/pending/setenforce.c@61166a30ae47
children
line wrap: on
line source

/* setenforce.c - Set the current SELinux mode
 *
 * Copyright 2014 The Android Open Source Project

USE_SETENFORCE(NEWTOY(setenforce, "<1", TOYFLAG_USR|TOYFLAG_SBIN))

config SETENFORCE
  bool "setenforce"
  default y
  depends on TOYBOX_SELINUX
  help
    usage: setenforce [enforcing|permissive|1|0]

    Sets whether SELinux is enforcing (1) or permissive (0).
*/

#define FOR_setenforce
#include "toys.h"

void setenforce_main(void)
{
  char *new = *toys.optargs;
  int state, ret;

  if (!is_selinux_enabled()) error_exit("SELinux is disabled");
  else if (!strcmp(new, "1") || !strcasecmp(new, "enforcing")) state = 1;
  else if (!strcmp(new, "0") || !strcasecmp(new, "permissive")) state = 0;
  else error_exit("Invalid state: %s", new);

  ret = security_setenforce(state);
  if (ret == -1) perror_msg("Couldn't set enforcing status to '%s'", new);
}