1 #include <unistd.h>
2 #include <stdlib.h>
3 #include <stdio.h>
4 #include <getopt.h>
5 #include <errno.h>
6 #include <string.h>
7 #include <selinux/selinux.h>
8
usage(const char * progname)9 static __attribute__ ((__noreturn__)) void usage(const char *progname)
10 {
11 fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname);
12 exit(1);
13 }
14
main(int argc,char ** argv)15 int main(int argc, char **argv)
16 {
17 int i, get_all = 0, rc = 0, active, pending, len = 0, opt;
18 char **names = NULL;
19
20 while ((opt = getopt(argc, argv, "a")) > 0) {
21 switch (opt) {
22 case 'a':
23 if (argc > 2)
24 usage(argv[0]);
25 if (is_selinux_enabled() <= 0) {
26 fprintf(stderr, "%s: SELinux is disabled\n",
27 argv[0]);
28 return 1;
29 }
30 errno = 0;
31 rc = security_get_boolean_names(&names, &len);
32 if (rc) {
33 fprintf(stderr,
34 "%s: Unable to get boolean names: %s\n",
35 argv[0], strerror(errno));
36 return 1;
37 }
38 if (!len) {
39 printf("No booleans\n");
40 return 0;
41 }
42 get_all = 1;
43 break;
44 default:
45 usage(argv[0]);
46 }
47 }
48
49 if (is_selinux_enabled() <= 0) {
50 fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
51 return 1;
52 }
53
54 if (!len) {
55 if (argc < 2)
56 usage(argv[0]);
57 len = argc - 1;
58 names = calloc(len, sizeof(char *));
59 if (!names) {
60 fprintf(stderr, "%s: out of memory\n", argv[0]);
61 return 2;
62 }
63 for (i = 0; i < len; i++) {
64 names[i] = strdup(argv[i + 1]);
65 if (!names[i]) {
66 fprintf(stderr, "%s: out of memory\n",
67 argv[0]);
68 rc = 2;
69 goto out;
70 }
71 }
72 }
73
74 for (i = 0; i < len; i++) {
75 active = security_get_boolean_active(names[i]);
76 if (active < 0) {
77 if (get_all && errno == EACCES)
78 continue;
79 fprintf(stderr, "Error getting active value for %s\n",
80 names[i]);
81 rc = -1;
82 goto out;
83 }
84 pending = security_get_boolean_pending(names[i]);
85 if (pending < 0) {
86 fprintf(stderr, "Error getting pending value for %s\n",
87 names[i]);
88 rc = -1;
89 goto out;
90 }
91 char *alt_name = selinux_boolean_sub(names[i]);
92 if (! alt_name) {
93 perror("Out of memory\n");
94 rc = -1;
95 goto out;
96 }
97
98 if (pending != active) {
99 printf("%s --> %s pending: %s\n", alt_name,
100 (active ? "on" : "off"),
101 (pending ? "on" : "off"));
102 } else {
103 printf("%s --> %s\n", alt_name,
104 (active ? "on" : "off"));
105 }
106 free(alt_name);
107 }
108
109 out:
110 for (i = 0; i < len; i++)
111 free(names[i]);
112 free(names);
113 return rc;
114 }
115