16cd6a6acSopenharmony_ci#include <unistd.h> 26cd6a6acSopenharmony_ci#include <stdlib.h> 36cd6a6acSopenharmony_ci#include <stdio.h> 46cd6a6acSopenharmony_ci#include <getopt.h> 56cd6a6acSopenharmony_ci#include <errno.h> 66cd6a6acSopenharmony_ci#include <string.h> 76cd6a6acSopenharmony_ci#include <selinux/selinux.h> 86cd6a6acSopenharmony_ci 96cd6a6acSopenharmony_cistatic __attribute__ ((__noreturn__)) void usage(const char *progname) 106cd6a6acSopenharmony_ci{ 116cd6a6acSopenharmony_ci fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname); 126cd6a6acSopenharmony_ci exit(1); 136cd6a6acSopenharmony_ci} 146cd6a6acSopenharmony_ci 156cd6a6acSopenharmony_ciint main(int argc, char **argv) 166cd6a6acSopenharmony_ci{ 176cd6a6acSopenharmony_ci int i, get_all = 0, rc = 0, active, pending, len = 0, opt; 186cd6a6acSopenharmony_ci char **names = NULL; 196cd6a6acSopenharmony_ci 206cd6a6acSopenharmony_ci while ((opt = getopt(argc, argv, "a")) > 0) { 216cd6a6acSopenharmony_ci switch (opt) { 226cd6a6acSopenharmony_ci case 'a': 236cd6a6acSopenharmony_ci if (argc > 2) 246cd6a6acSopenharmony_ci usage(argv[0]); 256cd6a6acSopenharmony_ci if (is_selinux_enabled() <= 0) { 266cd6a6acSopenharmony_ci fprintf(stderr, "%s: SELinux is disabled\n", 276cd6a6acSopenharmony_ci argv[0]); 286cd6a6acSopenharmony_ci return 1; 296cd6a6acSopenharmony_ci } 306cd6a6acSopenharmony_ci errno = 0; 316cd6a6acSopenharmony_ci rc = security_get_boolean_names(&names, &len); 326cd6a6acSopenharmony_ci if (rc) { 336cd6a6acSopenharmony_ci fprintf(stderr, 346cd6a6acSopenharmony_ci "%s: Unable to get boolean names: %s\n", 356cd6a6acSopenharmony_ci argv[0], strerror(errno)); 366cd6a6acSopenharmony_ci return 1; 376cd6a6acSopenharmony_ci } 386cd6a6acSopenharmony_ci if (!len) { 396cd6a6acSopenharmony_ci printf("No booleans\n"); 406cd6a6acSopenharmony_ci return 0; 416cd6a6acSopenharmony_ci } 426cd6a6acSopenharmony_ci get_all = 1; 436cd6a6acSopenharmony_ci break; 446cd6a6acSopenharmony_ci default: 456cd6a6acSopenharmony_ci usage(argv[0]); 466cd6a6acSopenharmony_ci } 476cd6a6acSopenharmony_ci } 486cd6a6acSopenharmony_ci 496cd6a6acSopenharmony_ci if (is_selinux_enabled() <= 0) { 506cd6a6acSopenharmony_ci fprintf(stderr, "%s: SELinux is disabled\n", argv[0]); 516cd6a6acSopenharmony_ci return 1; 526cd6a6acSopenharmony_ci } 536cd6a6acSopenharmony_ci 546cd6a6acSopenharmony_ci if (!len) { 556cd6a6acSopenharmony_ci if (argc < 2) 566cd6a6acSopenharmony_ci usage(argv[0]); 576cd6a6acSopenharmony_ci len = argc - 1; 586cd6a6acSopenharmony_ci names = calloc(len, sizeof(char *)); 596cd6a6acSopenharmony_ci if (!names) { 606cd6a6acSopenharmony_ci fprintf(stderr, "%s: out of memory\n", argv[0]); 616cd6a6acSopenharmony_ci return 2; 626cd6a6acSopenharmony_ci } 636cd6a6acSopenharmony_ci for (i = 0; i < len; i++) { 646cd6a6acSopenharmony_ci names[i] = strdup(argv[i + 1]); 656cd6a6acSopenharmony_ci if (!names[i]) { 666cd6a6acSopenharmony_ci fprintf(stderr, "%s: out of memory\n", 676cd6a6acSopenharmony_ci argv[0]); 686cd6a6acSopenharmony_ci rc = 2; 696cd6a6acSopenharmony_ci goto out; 706cd6a6acSopenharmony_ci } 716cd6a6acSopenharmony_ci } 726cd6a6acSopenharmony_ci } 736cd6a6acSopenharmony_ci 746cd6a6acSopenharmony_ci for (i = 0; i < len; i++) { 756cd6a6acSopenharmony_ci active = security_get_boolean_active(names[i]); 766cd6a6acSopenharmony_ci if (active < 0) { 776cd6a6acSopenharmony_ci if (get_all && errno == EACCES) 786cd6a6acSopenharmony_ci continue; 796cd6a6acSopenharmony_ci fprintf(stderr, "Error getting active value for %s\n", 806cd6a6acSopenharmony_ci names[i]); 816cd6a6acSopenharmony_ci rc = -1; 826cd6a6acSopenharmony_ci goto out; 836cd6a6acSopenharmony_ci } 846cd6a6acSopenharmony_ci pending = security_get_boolean_pending(names[i]); 856cd6a6acSopenharmony_ci if (pending < 0) { 866cd6a6acSopenharmony_ci fprintf(stderr, "Error getting pending value for %s\n", 876cd6a6acSopenharmony_ci names[i]); 886cd6a6acSopenharmony_ci rc = -1; 896cd6a6acSopenharmony_ci goto out; 906cd6a6acSopenharmony_ci } 916cd6a6acSopenharmony_ci char *alt_name = selinux_boolean_sub(names[i]); 926cd6a6acSopenharmony_ci if (! alt_name) { 936cd6a6acSopenharmony_ci perror("Out of memory\n"); 946cd6a6acSopenharmony_ci rc = -1; 956cd6a6acSopenharmony_ci goto out; 966cd6a6acSopenharmony_ci } 976cd6a6acSopenharmony_ci 986cd6a6acSopenharmony_ci if (pending != active) { 996cd6a6acSopenharmony_ci printf("%s --> %s pending: %s\n", alt_name, 1006cd6a6acSopenharmony_ci (active ? "on" : "off"), 1016cd6a6acSopenharmony_ci (pending ? "on" : "off")); 1026cd6a6acSopenharmony_ci } else { 1036cd6a6acSopenharmony_ci printf("%s --> %s\n", alt_name, 1046cd6a6acSopenharmony_ci (active ? "on" : "off")); 1056cd6a6acSopenharmony_ci } 1066cd6a6acSopenharmony_ci free(alt_name); 1076cd6a6acSopenharmony_ci } 1086cd6a6acSopenharmony_ci 1096cd6a6acSopenharmony_ci out: 1106cd6a6acSopenharmony_ci for (i = 0; i < len; i++) 1116cd6a6acSopenharmony_ci free(names[i]); 1126cd6a6acSopenharmony_ci free(names); 1136cd6a6acSopenharmony_ci return rc; 1146cd6a6acSopenharmony_ci} 115