rpms / selinux-policy

Clone
Source Code
GIT

Blame libselinux/utils/togglesebool.c

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   7eec657c86ff98e2156a90352ab53391cb3863c1
  2.   libselinux
  3.   utils
  4.   togglesebool.c
Blob History Raw
Chris PeBenito 473ea7 
/*
Chris PeBenito 473ea7 
 * Copyright 1999-2004 Gentoo Technologies, Inc.
Chris PeBenito 473ea7 
 * Distributed under the terms of the GNU General Public License v2
Chris PeBenito 473ea7 
 * $Header: /var/cvsroot/gentoo-projects/hardened/policycoreutils-extra/src/toggle_bool.c,v 1.2 2004/06/18 04:09:04 pebenito Exp $
Chris PeBenito 473ea7 
 */
Chris PeBenito 473ea7 
#include <unistd.h>
Chris PeBenito 473ea7 
#include <stdio.h>
Chris PeBenito 473ea7 
#include <stdlib.h>
Chris PeBenito 473ea7 
#include <libgen.h>
Chris PeBenito 473ea7 
#include <errno.h>
Chris PeBenito 473ea7 
#include <selinux/selinux.h>
Chris PeBenito 473ea7 
#include <syslog.h>
Chris PeBenito 473ea7 
#include <pwd.h>
Chris PeBenito 473ea7 
#include <string.h>
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
/* Attempt to rollback the transaction. No need to check error
Chris PeBenito 473ea7 
   codes since this is rolling back something that blew up. */
Chris PeBenito 473ea7 
void rollback(int argc, char **argv)
Chris PeBenito 473ea7 
{
Chris PeBenito 473ea7 
	int i;
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	for(i=1; i
Chris PeBenito 473ea7 
		security_set_boolean(argv[i],
Chris PeBenito 473ea7 
			security_get_boolean_active(argv[i]));
Chris PeBenito 473ea7 
	exit(1);
Chris PeBenito 473ea7 
}
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
int main(int argc, char **argv) {
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	int rc, i, commit=0;
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	if (is_selinux_enabled() <= 0) {
Chris PeBenito 473ea7 
		fprintf(stderr, "%s:  SELinux is disabled\n", argv[0]);
Chris PeBenito 473ea7 
		return 1;
Chris PeBenito 473ea7 
	}
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	if(argc < 2) {
Chris PeBenito 473ea7 
		printf("Usage:  %s boolname1 [boolname2 ...]\n",basename(argv[0]));
Chris PeBenito 473ea7 
		return 1;
Chris PeBenito 473ea7 
	}
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	for(i=1; i
Chris PeBenito 473ea7 
		printf("%s: ",argv[i]);
Chris PeBenito 473ea7 
		rc=security_get_boolean_active(argv[i]);
Chris PeBenito 473ea7 
		switch(rc) {
Chris PeBenito 473ea7 
			case 1:
Chris PeBenito 473ea7 
				if(security_set_boolean(argv[i],0) >= 0) {
Chris PeBenito 473ea7 
					printf("inactive\n");
Chris PeBenito 473ea7 
					commit++;
Chris PeBenito 473ea7 
				} else {
Chris PeBenito 473ea7 
					printf("%s - rolling back all changes\n"
Chris PeBenito 473ea7 
						,strerror(errno));
Chris PeBenito 473ea7 
					rollback(i, argv);
Chris PeBenito 473ea7 
				}
Chris PeBenito 473ea7 
				break;
Chris PeBenito 473ea7 
			case 0:
Chris PeBenito 473ea7 
				if(security_set_boolean(argv[i],1) >= 0) {
Chris PeBenito 473ea7 
					printf("active\n");
Chris PeBenito 473ea7 
					commit++;
Chris PeBenito 473ea7 
				} else {
Chris PeBenito 473ea7 
					printf("%s - rolling back all changes\n"
Chris PeBenito 473ea7 
						,strerror(errno));
Chris PeBenito 473ea7 
					rollback(i, argv);
Chris PeBenito 473ea7 
				}
Chris PeBenito 473ea7 
				break;
Chris PeBenito 473ea7 
			default:
Chris PeBenito 473ea7 
				if(errno==ENOENT)
Chris PeBenito 473ea7 
					printf("Boolean does not exist - rolling back all changes.\n");
Chris PeBenito 473ea7 
				else
Chris PeBenito 473ea7 
					printf("%s - rolling back all changes.\n",strerror(errno));
Chris PeBenito 473ea7 
				rollback(i, argv);
Chris PeBenito 473ea7 
				break; /* Not reached. */
Chris PeBenito 473ea7 
		}
Chris PeBenito 473ea7 
	}
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
	if(commit > 0) {
Chris PeBenito 473ea7 
		if(security_commit_booleans() < 0) {
Chris PeBenito 473ea7 
			printf("Commit failed. (%s)  No change to booleans.\n",
Chris PeBenito 473ea7 
						strerror(errno));
Chris PeBenito 473ea7 
		} else {
Chris PeBenito 473ea7 
			/* syslog all the changes */
Chris PeBenito 473ea7 
			struct passwd *pwd = getpwuid(getuid());
Chris PeBenito 473ea7 
			for(i=1; i
Chris PeBenito 473ea7 
		                if (pwd && pwd->pw_name)
Chris PeBenito 473ea7 
                		        syslog(LOG_NOTICE,
Chris PeBenito 473ea7 
                            			"The %s policy boolean was toggled by %s",
Chris PeBenito 473ea7 
                                		argv[i], pwd->pw_name);
Chris PeBenito 473ea7 
		                else
Chris PeBenito 473ea7 
                		        syslog(LOG_NOTICE,
Chris PeBenito 473ea7 
						"The %s policy boolean was toggled by uid:%d",
Chris PeBenito 473ea7 
						argv[i], getuid());
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
			}
Chris PeBenito 473ea7 
			return 0;
Chris PeBenito 473ea7 
		}
Chris PeBenito 473ea7 
	}
Chris PeBenito 473ea7 
	return 1;
Chris PeBenito 473ea7 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation