Gitiles
Code Review Sign In
review.blissroms.org / platform_external_selinux / refs/heads/r / . / libselinux / utils / togglesebool.c
blob: 4a7c830efe4f2f28f3b7cbd8cc328d68568dd99b [file] [log] [blame]
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]1#include <unistd.h>
2#include <stdio.h>
3#include <stdlib.h>
4#include <libgen.h>
5#include <errno.h>
6#include <selinux/selinux.h>
7#include <syslog.h>
8#include <pwd.h>
9#include <string.h>
10
11/* Attempt to rollback the transaction. No need to check error
12 codes since this is rolling back something that blew up. */
William Robertse4f2bcc2016-11-01 14:23:10 -0700[diff] [blame]13static __attribute__ ((__noreturn__)) void rollback(int argc, char **argv)
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]14{
15 int i;
16
17 for (i = 1; i < argc; i++)
18 security_set_boolean(argv[i],
19 security_get_boolean_active(argv[i]));
20 exit(1);
21}
22
23int main(int argc, char **argv)
24{
25
26 int rc, i, commit = 0;
27
28 if (is_selinux_enabled() <= 0) {
29 fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
30 return 1;
31 }
32
33 if (argc < 2) {
34 printf("Usage: %s boolname1 [boolname2 ...]\n",
35 basename(argv[0]));
36 return 1;
37 }
38
39 for (i = 1; i < argc; i++) {
40 printf("%s: ", argv[i]);
41 rc = security_get_boolean_active(argv[i]);
42 switch (rc) {
43 case 1:
44 if (security_set_boolean(argv[i], 0) >= 0) {
45 printf("inactive\n");
46 commit++;
47 } else {
48 printf("%s - rolling back all changes\n",
49 strerror(errno));
50 rollback(i, argv);
51 }
52 break;
53 case 0:
54 if (security_set_boolean(argv[i], 1) >= 0) {
55 printf("active\n");
56 commit++;
57 } else {
58 printf("%s - rolling back all changes\n",
59 strerror(errno));
60 rollback(i, argv);
61 }
62 break;
63 default:
64 if (errno == ENOENT)
65 printf
66 ("Boolean does not exist - rolling back all changes.\n");
67 else
68 printf("%s - rolling back all changes.\n",
69 strerror(errno));
70 rollback(i, argv);
71 break; /* Not reached. */
72 }
73 }
74
75 if (commit > 0) {
76 if (security_commit_booleans() < 0) {
77 printf("Commit failed. (%s) No change to booleans.\n",
78 strerror(errno));
79 } else {
80 /* syslog all the changes */
81 struct passwd *pwd = getpwuid(getuid());
82 for (i = 1; i < argc; i++) {
83 if (pwd && pwd->pw_name)
84 syslog(LOG_NOTICE,
85 "The %s policy boolean was toggled by %s",
86 argv[i], pwd->pw_name);
87 else
88 syslog(LOG_NOTICE,
Petr Lautrbach417cb8d2015-03-13 15:54:09 +0100[diff] [blame]89 "The %s policy boolean was toggled by uid:%u",
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]90 argv[i], getuid());
91
92 }
93 return 0;
94 }
95 }
96 return 1;
97}