# HG changeset patch
# User Elliott Hughes <enh@google.com>
# Date 1419384024 21600
# Node ID 1cc305c51cdeaf21c17a42a0c2bf6d573b537d42
# Parent  ae9d3ffeecbe736afba37da543942304b476f504
getenforce and setenforce

two more easy SELinux commands:

diff -r ae9d3ffeecbe -r 1cc305c51cde toys/pending/getenforce.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/toys/pending/getenforce.c	Tue Dec 23 19:20:24 2014 -0600
@@ -0,0 +1,31 @@
+/* getenforce.c - Get the current SELinux mode
+ *
+ * Copyright 2014 The Android Open Source Project
+
+USE_GETENFORCE(NEWTOY(getenforce, "", TOYFLAG_USR|TOYFLAG_SBIN))
+
+config GETENFORCE
+  bool "getenforce"
+  default n
+  help
+    usage: getenforce
+
+    Shows whether SELinux is disabled, enforcing, or permissive.
+*/
+
+#define FOR_getenforce
+#include "toys.h"
+#include <selinux/selinux.h>
+
+void getenforce_main(void)
+{
+  if (!is_selinux_enabled())
+    printf("Disabled\n");
+  else {
+    int ret = security_getenforce();
+    if (ret == -1)
+      perror_exit("Couldn't get enforcing status");
+    else
+      printf(ret ? "Enforcing\n" : "Permissive\n");
+  }
+}
diff -r ae9d3ffeecbe -r 1cc305c51cde toys/pending/setenforce.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/toys/pending/setenforce.c	Tue Dec 23 19:20:24 2014 -0600
@@ -0,0 +1,36 @@
+/* setenforce.c - Set the current SELinux mode
+ *
+ * Copyright 2014 The Android Open Source Project
+
+USE_SETENFORCE(NEWTOY(setenforce, "<1", TOYFLAG_USR|TOYFLAG_SBIN))
+
+config SETENFORCE
+  bool "setenforce"
+  default n
+  help
+    usage: setenforce [enforcing|permissive|1|0]
+
+    Sets whether SELinux is enforcing (1) or permissive (0).
+*/
+
+#define FOR_setenforce
+#include "toys.h"
+#include <selinux/selinux.h>
+
+void setenforce_main(void)
+{
+  char *state_str = *toys.optargs;
+  int state;
+  if (!is_selinux_enabled())
+    error_exit("SELinux is disabled");
+  else if (!strcmp(state_str, "1") || !strcasecmp(state_str, "enforcing"))
+    state = 1;
+  else if (!strcmp(state_str, "0") || !strcasecmp(state_str, "permissive"))
+    state = 0;
+  else
+    error_exit("Invalid state: %s", state_str);
+
+  int ret = security_setenforce(state);
+  if (ret == -1)
+    perror_msg("Couldn't set enforcing status to '%s'", state_str);
+}