1625
|
1 /* setenforce.c - Set the current SELinux mode
|
|
2 *
|
|
3 * Copyright 2014 The Android Open Source Project
|
|
4
|
|
5 USE_SETENFORCE(NEWTOY(setenforce, "<1", TOYFLAG_USR|TOYFLAG_SBIN))
|
|
6
|
|
7 config SETENFORCE
|
|
8 bool "setenforce"
|
|
9 default n
|
|
10 help
|
|
11 usage: setenforce [enforcing|permissive|1|0]
|
|
12
|
|
13 Sets whether SELinux is enforcing (1) or permissive (0).
|
|
14 */
|
|
15
|
|
16 #define FOR_setenforce
|
|
17 #include "toys.h"
|
|
18 #include <selinux/selinux.h>
|
|
19
|
|
20 void setenforce_main(void)
|
|
21 {
|
|
22 char *state_str = *toys.optargs;
|
|
23 int state;
|
|
24 if (!is_selinux_enabled())
|
|
25 error_exit("SELinux is disabled");
|
|
26 else if (!strcmp(state_str, "1") || !strcasecmp(state_str, "enforcing"))
|
|
27 state = 1;
|
|
28 else if (!strcmp(state_str, "0") || !strcasecmp(state_str, "permissive"))
|
|
29 state = 0;
|
|
30 else
|
|
31 error_exit("Invalid state: %s", state_str);
|
|
32
|
|
33 int ret = security_setenforce(state);
|
|
34 if (ret == -1)
|
|
35 perror_msg("Couldn't set enforcing status to '%s'", state_str);
|
|
36 }
|