#include <unistd.h>

#include <stdlib.h>

#include <stdio.h>

#include <string.h>

#include <sys/stat.h>

#include <fcntl.h>

#include <errno.h>

#include <syslog.h>

#include <pwd.h>

#include <selinux/selinux.h>

#include <errno.h>

int permanent = 0;

int setbool(char **list, size_t start, size_t end);

void usage(void)

{

	fputs("\nUsage:  setsebool [ -P ] boolean value | bool1=val1 bool2=val2...\n\n", stderr);

	exit(1);

}

int main(int argc, char **argv)

{

	size_t rc, start;

	if (argc < 2) 

		usage();

	if (is_selinux_enabled() <= 0) {

		fputs("setsebool:  SELinux is disabled.\n", stderr);

		return 1;

	}

	if (strcmp(argv[1], "-P") == 0) {

		permanent = 1;

		if (argc < 3) 

			usage();

		start = 2;

	}

	else

		start = 1;

	/* Check to see which way we are being called. If a '=' is passed,

	   we'll enforce the list syntax. If not we'll enforce the original

	   syntax for backward compatibility. */

	if (strchr(argv[start], '=') == 0) {

		int len;

		char *bool_list[1];

		if ((argc - start) != 2)

			usage();

		/* Add 1 for the '=' */

		len = strlen(argv[start]) + strlen(argv[start+1]) + 2;

		bool_list[0]=(char *)malloc(len);

		if (bool_list[0] == 0) {

			fputs("Out of memory - aborting\n", stderr);

			return 1;

		}

		snprintf(bool_list[0], len, "%s=%s", argv[start], 

							argv[start+1]);

		rc = setbool(bool_list, 0, 1);

		free(bool_list[0]);

	}

	else 

		rc = setbool(argv, start, argc);

	return rc;

}

/* Given an array of strings in the form "boolname=value", a start index,

   and a finish index...walk the list and set the bool. */

int setbool(char **list, size_t start, size_t end)

{

	char *name, *value_ptr;

	int i=start, value;

	int ret=0;

	int j=0;

	size_t boolcnt=end-start;

	struct passwd *pwd;

	SELboolean *vallist=calloc(boolcnt, sizeof(SELboolean));

	if (!vallist) {

		fprintf(stderr, 

			"Error setting booleans: %s\n", strerror(errno));

		return 1;

	}

	while (i < end) {

		name = list[i];

		value_ptr = strchr(list[i], '=');

		if (value_ptr == 0) {

			fprintf(stderr, 

			"setsebool: '=' not found in boolean expression %s\n",

				list[i]);

			ret=4;

			goto error_label;

		}

		*value_ptr = 0;

		value_ptr++;

		if (strcmp(value_ptr, "1") == 0 || 

				strcasecmp(value_ptr, "true") == 0)

			value = 1;

		else if (strcmp(value_ptr, "0") == 0 || 

				strcasecmp(value_ptr, "false") == 0)

			value = 0;

		else {

			fprintf(stderr, "setsebool: illegal boolean value %s\n",

				value_ptr);

			ret=1;

			goto error_label;

		}

		vallist[j].value = value;

		vallist[j].name = strdup(name);

		if (!vallist[j].name) {

			fprintf(stderr, 

				"Error setting boolean %s to value %d (%s)\n", 

				name, value, strerror(errno));

			ret= 2;

			goto error_label;

		}

		i++;

		j++;

		/* Now put it back */

		value_ptr--;

		*value_ptr = '=';

	}

	ret=security_set_boolean_list(boolcnt, vallist, permanent);

 error_label:

	for (i=0; i < boolcnt; i++) 

		if (vallist[i].name) free(vallist[i].name);

	free(vallist);

	if (ret) {

		if (errno==ENOENT) {

			fprintf(stderr, 

				"Error setting boolean: Invalid boolean\n");

		} else {

			if (errno) 

				perror("Error setting booleans");

		}

		return ret;

	}

	/* Now log what was done */

	pwd = getpwuid(getuid());

	i = start;

	while (i < end) {

		/* Error checking shouldn't be needed since we just did

		   this above and aborted if something went wrong. */

		name = list[i];

		value_ptr = strchr(name, '=');

		*value_ptr = 0;

		value_ptr++;

		if (pwd && pwd->pw_name)

			syslog(LOG_NOTICE, 

			    "The %s policy boolean was changed to %s by %s",

				name, value_ptr, pwd->pw_name);

		else

			syslog(LOG_NOTICE, 

			    "The %s policy boolean was changed to %s by uid:%d",

				name, value_ptr, getuid());

		i++;

	}

	return 0;

}