2 * sestatus -- displays the status of SELinux
4 * Ported to busybox: KaiGai Kohei <kaigai@ak.jp.nec.com>
6 * Copyright (C) KaiGai Kohei <kaigai@ak.jp.nec.com>
11 extern char *selinux_mnt;
13 #define OPT_VERBOSE (1 << 0)
14 #define OPT_BOOLEAN (1 << 1)
16 #define COL_FMT "%-31s "
18 static void display_boolean(void)
21 int i, active, pending, nbool;
23 if (security_get_boolean_names(&bools, &nbool) < 0)
26 puts("\nPolicy booleans:");
28 for (i = 0; i < nbool; i++) {
29 active = security_get_boolean_active(bools[i]);
32 pending = security_get_boolean_pending(bools[i]);
36 bools[i], active == 0 ? "off" : "on");
37 if (active != pending)
38 printf(" (%sactivate pending)", pending == 0 ? "in" : "");
41 if (ENABLE_FEATURE_CLEAN_UP)
44 if (ENABLE_FEATURE_CLEAN_UP)
48 static void read_config(char **pc, int npc, char **fc, int nfc)
52 int pc_ofs = 0, fc_ofs = 0, section = -1;
56 fp = fopen("/etc/sestatus.conf", "rb");
60 while (fgets(buf, sizeof(buf), fp) != NULL) {
64 for (i = 0; (c = buf[i]) != '\0'; i++) {
75 if (strcmp(buf, "[process]") == 0) {
77 } else if (strcmp(buf, "[files]") == 0) {
80 if (section == 1 && pc_ofs < npc -1) {
81 pc[pc_ofs++] = strdup(buf);
83 } else if (section == 2 && fc_ofs < nfc - 1) {
84 fc[fc_ofs++] = strdup(buf);
92 static void display_verbose(void)
94 security_context_t con, _con;
95 char *fc[50], *pc[50], *cterm;
99 read_config(pc, ARRAY_SIZE(pc), fc, ARRAY_SIZE(fc));
101 /* process contexts */
102 puts("\nProcess contexts:");
104 /* current context */
105 if (getcon(&con) == 0) {
106 printf(COL_FMT "%s\n", "Current context:", con);
107 if (ENABLE_FEATURE_CLEAN_UP)
110 /* /sbin/init context */
111 if (getpidcon(1, &con) == 0) {
112 printf(COL_FMT "%s\n", "Init context:", con);
113 if (ENABLE_FEATURE_CLEAN_UP)
117 /* [process] context */
118 for (i = 0; pc[i] != NULL; i++) {
119 pidList = find_pid_by_name(bb_basename(pc[i]));
120 if (pidList[0] > 0 && getpidcon(pidList[0], &con) == 0) {
121 printf(COL_FMT "%s\n", pc[i], con);
122 if (ENABLE_FEATURE_CLEAN_UP)
125 if (ENABLE_FEATURE_CLEAN_UP)
130 puts("\nFile contexts:");
134 if (cterm && lgetfilecon(cterm, &con) >= 0) {
135 printf(COL_FMT "%s\n", "Controlling term:", con);
136 if (ENABLE_FEATURE_CLEAN_UP)
140 for (i=0; fc[i] != NULL; i++) {
143 if (lgetfilecon(fc[i], &con) < 0)
145 if (lstat(fc[i], &stbuf) == 0) {
146 if (S_ISLNK(stbuf.st_mode)) {
147 if (getfilecon(fc[i], &_con) >= 0) {
148 printf(COL_FMT "%s -> %s\n", fc[i], _con, con);
149 if (ENABLE_FEATURE_CLEAN_UP)
153 printf(COL_FMT "%s\n", fc[i], con);
156 if (ENABLE_FEATURE_CLEAN_UP)
161 int sestatus_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
162 int sestatus_main(int argc ATTRIBUTE_UNUSED, char **argv)
165 const char *pol_path;
168 opt_complementary = "?0"; /* no arguments are required. */
169 opts = getopt32(argv, "vb");
171 /* SELinux status: line */
172 rc = is_selinux_enabled();
175 printf(COL_FMT "%s\n", "SELinux status:",
176 rc == 1 ? "enabled" : "disabled");
178 /* SELinuxfs mount: line */
181 printf(COL_FMT "%s\n", "SELinuxfs mount:",
184 /* Current mode: line */
185 rc = security_getenforce();
188 printf(COL_FMT "%s\n", "Current mode:",
189 rc == 0 ? "permissive" : "enforcing");
191 /* Mode from config file: line */
192 if (selinux_getenforcemode(&rc) != 0)
194 printf(COL_FMT "%s\n", "Mode from config file:",
195 rc < 0 ? "disabled" : (rc == 0 ? "permissive" : "enforcing"));
197 /* Policy version: line */
198 rc = security_policyvers();
201 printf(COL_FMT "%u\n", "Policy version:", rc);
203 /* Policy from config file: line */
204 pol_path = selinux_policy_root();
207 printf(COL_FMT "%s\n", "Policy from config file:",
208 bb_basename(pol_path));
210 if (opts & OPT_BOOLEAN)
212 if (opts & OPT_VERBOSE)
218 bb_perror_msg_and_die("libselinux returns unknown state");
projects / busybox4maemo / blob