10f66f451Sopenharmony_ci/* setenforce.c - Set the current SELinux mode 20f66f451Sopenharmony_ci * 30f66f451Sopenharmony_ci * Copyright 2014 The Android Open Source Project 40f66f451Sopenharmony_ci 50f66f451Sopenharmony_ciUSE_SETENFORCE(NEWTOY(setenforce, "<1>1", TOYFLAG_USR|TOYFLAG_SBIN)) 60f66f451Sopenharmony_ci 70f66f451Sopenharmony_ciconfig SETENFORCE 80f66f451Sopenharmony_ci bool "setenforce" 90f66f451Sopenharmony_ci default y 100f66f451Sopenharmony_ci depends on TOYBOX_SELINUX 110f66f451Sopenharmony_ci help 120f66f451Sopenharmony_ci usage: setenforce [enforcing|permissive|1|0] 130f66f451Sopenharmony_ci 140f66f451Sopenharmony_ci Sets whether SELinux is enforcing (1) or permissive (0). 150f66f451Sopenharmony_ci*/ 160f66f451Sopenharmony_ci 170f66f451Sopenharmony_ci#define FOR_setenforce 180f66f451Sopenharmony_ci#include "toys.h" 190f66f451Sopenharmony_ci 200f66f451Sopenharmony_civoid setenforce_main(void) 210f66f451Sopenharmony_ci{ 220f66f451Sopenharmony_ci char *new = *toys.optargs; 230f66f451Sopenharmony_ci int state, ret; 240f66f451Sopenharmony_ci 250f66f451Sopenharmony_ci if (!is_selinux_enabled()) error_exit("SELinux is disabled"); 260f66f451Sopenharmony_ci else if (!strcmp(new, "1") || !strcasecmp(new, "enforcing")) state = 1; 270f66f451Sopenharmony_ci else if (!strcmp(new, "0") || !strcasecmp(new, "permissive")) state = 0; 280f66f451Sopenharmony_ci else error_exit("Invalid state: %s", new); 290f66f451Sopenharmony_ci 300f66f451Sopenharmony_ci ret = security_setenforce(state); 310f66f451Sopenharmony_ci if (ret == -1) perror_msg("Couldn't set enforcing status to '%s'", new); 320f66f451Sopenharmony_ci} 33