Annotation of /trunk/mkinitrd-magellan/busybox/selinux/sestatus.c
Parent Directory | Revision Log
Revision 984 -
(hide annotations)
(download)
Sun May 30 11:32:42 2010 UTC (14 years ago) by niro
File MIME type: text/plain
File size: 4711 byte(s)
Sun May 30 11:32:42 2010 UTC (14 years ago) by niro
File MIME type: text/plain
File size: 4711 byte(s)
-updated to busybox-1.16.1 and enabled blkid/uuid support in default config
1 | niro | 816 | /* |
2 | * sestatus -- displays the status of SELinux | ||
3 | * | ||
4 | * Ported to busybox: KaiGai Kohei <kaigai@ak.jp.nec.com> | ||
5 | * | ||
6 | * Copyright (C) KaiGai Kohei <kaigai@ak.jp.nec.com> | ||
7 | niro | 984 | * |
8 | * Licensed under GPLv2, see file LICENSE in this tarball for details. | ||
9 | niro | 816 | */ |
10 | |||
11 | #include "libbb.h" | ||
12 | |||
13 | extern char *selinux_mnt; | ||
14 | |||
15 | #define OPT_VERBOSE (1 << 0) | ||
16 | #define OPT_BOOLEAN (1 << 1) | ||
17 | |||
18 | #define COL_FMT "%-31s " | ||
19 | |||
20 | static void display_boolean(void) | ||
21 | { | ||
22 | char **bools; | ||
23 | int i, active, pending, nbool; | ||
24 | |||
25 | if (security_get_boolean_names(&bools, &nbool) < 0) | ||
26 | return; | ||
27 | |||
28 | puts("\nPolicy booleans:"); | ||
29 | |||
30 | for (i = 0; i < nbool; i++) { | ||
31 | active = security_get_boolean_active(bools[i]); | ||
32 | if (active < 0) | ||
33 | goto skip; | ||
34 | pending = security_get_boolean_pending(bools[i]); | ||
35 | if (pending < 0) | ||
36 | goto skip; | ||
37 | printf(COL_FMT "%s", | ||
38 | bools[i], active == 0 ? "off" : "on"); | ||
39 | if (active != pending) | ||
40 | printf(" (%sactivate pending)", pending == 0 ? "in" : ""); | ||
41 | bb_putchar('\n'); | ||
42 | skip: | ||
43 | if (ENABLE_FEATURE_CLEAN_UP) | ||
44 | free(bools[i]); | ||
45 | } | ||
46 | if (ENABLE_FEATURE_CLEAN_UP) | ||
47 | free(bools); | ||
48 | } | ||
49 | |||
50 | static void read_config(char **pc, int npc, char **fc, int nfc) | ||
51 | { | ||
52 | char *buf; | ||
53 | parser_t *parser; | ||
54 | int pc_ofs = 0, fc_ofs = 0, section = -1; | ||
55 | |||
56 | pc[0] = fc[0] = NULL; | ||
57 | |||
58 | parser = config_open("/etc/sestatus.conf"); | ||
59 | while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) { | ||
60 | if (strcmp(buf, "[process]") == 0) { | ||
61 | section = 1; | ||
62 | } else if (strcmp(buf, "[files]") == 0) { | ||
63 | section = 2; | ||
64 | } else { | ||
65 | if (section == 1 && pc_ofs < npc -1) { | ||
66 | pc[pc_ofs++] = xstrdup(buf); | ||
67 | pc[pc_ofs] = NULL; | ||
68 | } else if (section == 2 && fc_ofs < nfc - 1) { | ||
69 | fc[fc_ofs++] = xstrdup(buf); | ||
70 | fc[fc_ofs] = NULL; | ||
71 | } | ||
72 | } | ||
73 | } | ||
74 | config_close(parser); | ||
75 | } | ||
76 | |||
77 | static void display_verbose(void) | ||
78 | { | ||
79 | security_context_t con, _con; | ||
80 | char *fc[50], *pc[50], *cterm; | ||
81 | pid_t *pidList; | ||
82 | int i; | ||
83 | |||
84 | read_config(pc, ARRAY_SIZE(pc), fc, ARRAY_SIZE(fc)); | ||
85 | |||
86 | /* process contexts */ | ||
87 | puts("\nProcess contexts:"); | ||
88 | |||
89 | /* current context */ | ||
90 | if (getcon(&con) == 0) { | ||
91 | printf(COL_FMT "%s\n", "Current context:", con); | ||
92 | if (ENABLE_FEATURE_CLEAN_UP) | ||
93 | freecon(con); | ||
94 | } | ||
95 | /* /sbin/init context */ | ||
96 | if (getpidcon(1, &con) == 0) { | ||
97 | printf(COL_FMT "%s\n", "Init context:", con); | ||
98 | if (ENABLE_FEATURE_CLEAN_UP) | ||
99 | freecon(con); | ||
100 | } | ||
101 | |||
102 | /* [process] context */ | ||
103 | for (i = 0; pc[i] != NULL; i++) { | ||
104 | pidList = find_pid_by_name(bb_basename(pc[i])); | ||
105 | if (pidList[0] > 0 && getpidcon(pidList[0], &con) == 0) { | ||
106 | printf(COL_FMT "%s\n", pc[i], con); | ||
107 | if (ENABLE_FEATURE_CLEAN_UP) | ||
108 | freecon(con); | ||
109 | } | ||
110 | if (ENABLE_FEATURE_CLEAN_UP) | ||
111 | free(pidList); | ||
112 | } | ||
113 | |||
114 | /* files contexts */ | ||
115 | puts("\nFile contexts:"); | ||
116 | |||
117 | niro | 984 | cterm = xmalloc_ttyname(0); |
118 | //FIXME: if cterm == NULL, we segfault!?? | ||
119 | niro | 816 | puts(cterm); |
120 | if (cterm && lgetfilecon(cterm, &con) >= 0) { | ||
121 | printf(COL_FMT "%s\n", "Controlling term:", con); | ||
122 | if (ENABLE_FEATURE_CLEAN_UP) | ||
123 | freecon(con); | ||
124 | } | ||
125 | |||
126 | niro | 984 | for (i = 0; fc[i] != NULL; i++) { |
127 | niro | 816 | struct stat stbuf; |
128 | |||
129 | if (lgetfilecon(fc[i], &con) < 0) | ||
130 | continue; | ||
131 | if (lstat(fc[i], &stbuf) == 0) { | ||
132 | if (S_ISLNK(stbuf.st_mode)) { | ||
133 | if (getfilecon(fc[i], &_con) >= 0) { | ||
134 | printf(COL_FMT "%s -> %s\n", fc[i], _con, con); | ||
135 | if (ENABLE_FEATURE_CLEAN_UP) | ||
136 | freecon(_con); | ||
137 | } | ||
138 | } else { | ||
139 | printf(COL_FMT "%s\n", fc[i], con); | ||
140 | } | ||
141 | } | ||
142 | if (ENABLE_FEATURE_CLEAN_UP) | ||
143 | freecon(con); | ||
144 | } | ||
145 | } | ||
146 | |||
147 | int sestatus_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; | ||
148 | int sestatus_main(int argc UNUSED_PARAM, char **argv) | ||
149 | { | ||
150 | unsigned opts; | ||
151 | const char *pol_path; | ||
152 | int rc; | ||
153 | |||
154 | opt_complementary = "?0"; /* no arguments are required. */ | ||
155 | opts = getopt32(argv, "vb"); | ||
156 | |||
157 | /* SELinux status: line */ | ||
158 | rc = is_selinux_enabled(); | ||
159 | if (rc < 0) | ||
160 | goto error; | ||
161 | printf(COL_FMT "%s\n", "SELinux status:", | ||
162 | rc == 1 ? "enabled" : "disabled"); | ||
163 | |||
164 | /* SELinuxfs mount: line */ | ||
165 | if (!selinux_mnt) | ||
166 | goto error; | ||
167 | printf(COL_FMT "%s\n", "SELinuxfs mount:", | ||
168 | selinux_mnt); | ||
169 | |||
170 | /* Current mode: line */ | ||
171 | rc = security_getenforce(); | ||
172 | if (rc < 0) | ||
173 | goto error; | ||
174 | printf(COL_FMT "%s\n", "Current mode:", | ||
175 | rc == 0 ? "permissive" : "enforcing"); | ||
176 | |||
177 | /* Mode from config file: line */ | ||
178 | if (selinux_getenforcemode(&rc) != 0) | ||
179 | goto error; | ||
180 | printf(COL_FMT "%s\n", "Mode from config file:", | ||
181 | rc < 0 ? "disabled" : (rc == 0 ? "permissive" : "enforcing")); | ||
182 | |||
183 | /* Policy version: line */ | ||
184 | rc = security_policyvers(); | ||
185 | if (rc < 0) | ||
186 | goto error; | ||
187 | printf(COL_FMT "%u\n", "Policy version:", rc); | ||
188 | |||
189 | /* Policy from config file: line */ | ||
190 | pol_path = selinux_policy_root(); | ||
191 | if (!pol_path) | ||
192 | goto error; | ||
193 | printf(COL_FMT "%s\n", "Policy from config file:", | ||
194 | bb_basename(pol_path)); | ||
195 | |||
196 | if (opts & OPT_BOOLEAN) | ||
197 | display_boolean(); | ||
198 | if (opts & OPT_VERBOSE) | ||
199 | display_verbose(); | ||
200 | |||
201 | return 0; | ||
202 | |||
203 | error: | ||
204 | bb_perror_msg_and_die("libselinux returns unknown state"); | ||
205 | } |