int security_load_booleans(char *path)
{
FILE *boolf;
char *inbuf;
char localbools[BUFSIZ];
size_t len = 0, errors = 0;
int val;
char name[BUFSIZ];
boolf = fopen(path ? path : selinux_booleans_path(), "r");
if (boolf == NULL)
goto localbool;
__fsetlocking(boolf, FSETLOCKING_BYCALLER);
while (getline(&inbuf, &len, boolf) > 0) {
int ret = process_boolean(inbuf, name, sizeof(name), &val);
if (ret == -1)
errors++;
if (ret == 1)
if (security_set_boolean(name, val) < 0) {
errors++;
}
}
fclose(boolf);
localbool:
snprintf(localbools, sizeof(localbools), "%s.local",
(path ? path : selinux_booleans_path()));
boolf = fopen(localbools, "r");
if (boolf != NULL) {
int ret;
__fsetlocking(boolf, FSETLOCKING_BYCALLER);
while (getline(&inbuf, &len, boolf) > 0) {
ret = process_boolean(inbuf, name, sizeof(name), &val);
if (ret == -1)
errors++;
if (ret == 1)
if (security_set_boolean(name, val) < 0) {
errors++;
}
}
fclose(boolf);
}
if (security_commit_booleans() < 0)
return -1;
if (errors)
errno = EINVAL;
return errors ? -1 : 0;
}
int main(int argc, char **argv)
{
int rc, value;
if (argc != 3) {
fprintf(stderr, "usage: %s boolean value\n", argv[0]);
exit(1);
}
if (strcmp(argv[2], "1") == 0 || strcasecmp(argv[2], "true") == 0)
value = 1;
else if (strcmp(argv[2], "0") == 0 || strcasecmp(argv[2], "false") == 0)
value = 0;
else {
fprintf(stderr, "%s: illegal boolean value %s\n", argv[0], argv[2]);
exit(1);
}
rc = security_set_boolean(argv[1], value);
if (rc) {
fprintf(stderr, "error setting boolean %s to value %d\n",
argv[1], value);
exit(2);
}
rc = security_commit_booleans();
if (rc) {
fprintf(stderr, "error committing booleans\n");
exit(3);
}
exit(0);
}
static void rollback(SELboolean *boollist, int end)
{
int i;
for(i=0; i<end; i++)
security_set_boolean(boollist[i].name,
security_get_boolean_active(boollist[i].name));
}
/* Attempt to rollback the transaction. No need to check error
codes since this is rolling back something that blew up. */
void rollback(int argc, char **argv)
{
int i;
for (i = 1; i < argc; i++)
security_set_boolean(argv[i],
security_get_boolean_active(argv[i]));
exit(1);
}
int security_load_booleans(char *path) {
FILE *boolf;
char buffer[BUFSIZ];
char name[BUFSIZ];
char name1[BUFSIZ];
int val;
int errors=0;
boolf = fopen(path ? path : selinux_booleans_path(),"r");
if (boolf == NULL)
return -1;
while (fgets(buffer, sizeof(buffer), boolf)) {
char *tok=strtok(buffer,"=");
if (tok) {
strncpy(name1,tok, BUFSIZ-1);
strtrim(name,name1,BUFSIZ-1);
if ( name[0]=='#' ) continue;
tok=strtok(NULL,"\0");
if (tok) {
while (isspace(*tok)) tok++;
val = -1;
if (isdigit(tok[0]))
val=atoi(tok);
else if (!strncmp(tok, "true", sizeof("true")-1))
val = 1;
else if (!strncmp(tok, "false", sizeof("false")-1))
val = 0;
if (val != 0 && val != 1) {
fprintf(stderr,"illegal value for boolean %s=%s\n", name, tok);
errors++;
continue;
}
if (security_set_boolean(name, val) < 0) {
fprintf(stderr,"error setting boolean %s to value %d \n", name, val);
errors++;
}
}
}
}
fclose(boolf);
if (security_commit_booleans() < 0)
return -1;
if (errors)
errno = EINVAL;
return errors ? -1 : 0;
}
int security_set_boolean_list(size_t boolcnt, SELboolean * boollist,
int permanent __attribute__((unused)))
{
size_t i;
for (i = 0; i < boolcnt; i++) {
if (security_set_boolean(boollist[i].name, boollist[i].value)) {
rollback(boollist, i);
return -1;
}
}
/* OK, let's do the commit */
if (security_commit_booleans()) {
return -1;
}
return 0;
}
int security_set_boolean_list(size_t boolcnt, SELboolean *boollist, int permanent) {
size_t i;
for (i=0; i < boolcnt; i++) {
if(security_set_boolean(boollist[i].name, boollist[i].value)) {
rollback(boollist, i);
return -1;
}
}
/* OK, let's do the commit */
if (security_commit_booleans()) {
return -1;
}
if (permanent)
return save_booleans(boolcnt, boollist);
return 0;
}
/*
* Function: setBooleanNames
* Purpose: Sets the value for the given SELinux boolean name.
* Parameters:
* String: The name of the SELinux boolean.
* Boolean: The new value of the SELinux boolean.
* Returns: a boolean indicating whether or not the operation succeeded.
* Exceptions: None
*/
static jboolean setBooleanValue(JNIEnv *env, jobject, jstring nameStr, jboolean value) {
if (isSELinuxDisabled) {
return false;
}
if (nameStr == NULL) {
return false;
}
ScopedUtfChars name(env, nameStr);
int ret = security_set_boolean(name.c_str(), value ? 1 : 0);
if (ret) {
return false;
}
if (security_commit_booleans() == -1) {
return false;
}
return true;
}
int setsebool_main(int argc, char **argv)
{
char *p;
int value;
if (argc != 3)
bb_show_usage();
p = argv[2];
if (LONE_CHAR(p, '1') || strcasecmp(p, "true") == 0 || strcasecmp(p, "on") == 0) {
value = 1;
} else if (LONE_CHAR(p, '0') || strcasecmp(p, "false") == 0 || strcasecmp(p, "off") == 0) {
value = 0;
} else {
bb_show_usage();
}
if (security_set_boolean(argv[1], value) < 0)
bb_error_msg_and_die("can't set boolean");
return 0;
}
/*
* Function: setBooleanNames
* Purpose: Sets the value for the given SELinux boolean name.
* Parameters:
* String: The name of the SELinux boolean.
* Boolean: The new value of the SELinux boolean.
* Returns: a boolean indicating whether or not the operation succeeded.
* Exceptions: None
*/
static jboolean setBooleanValue(JNIEnv *env, jobject clazz, jstring name, jboolean value) {
#ifdef HAVE_SELINUX
if (isSELinuxDisabled)
return false;
const char *boolean_name = NULL;
int ret;
if (name == NULL)
return false;
boolean_name = env->GetStringUTFChars(name, NULL);
ret = security_set_boolean(boolean_name, (value) ? 1 : 0);
env->ReleaseStringUTFChars(name, boolean_name);
if (ret)
return false;
if (security_commit_booleans() == -1)
return false;
return true;
#else
return false;
#endif
}
int main(int argc, char **argv)
{
int rc, i, commit = 0;
if (is_selinux_enabled() <= 0) {
fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
return 1;
}
if (argc < 2) {
printf("Usage: %s boolname1 [boolname2 ...]\n",
basename(argv[0]));
return 1;
}
for (i = 1; i < argc; i++) {
printf("%s: ", argv[i]);
rc = security_get_boolean_active(argv[i]);
switch (rc) {
case 1:
if (security_set_boolean(argv[i], 0) >= 0) {
printf("inactive\n");
commit++;
} else {
printf("%s - rolling back all changes\n",
strerror(errno));
rollback(i, argv);
}
break;
case 0:
if (security_set_boolean(argv[i], 1) >= 0) {
printf("active\n");
commit++;
} else {
printf("%s - rolling back all changes\n",
strerror(errno));
rollback(i, argv);
}
break;
default:
if (errno == ENOENT)
printf
("Boolean does not exist - rolling back all changes.\n");
else
printf("%s - rolling back all changes.\n",
strerror(errno));
rollback(i, argv);
break; /* Not reached. */
}
}
if (commit > 0) {
if (security_commit_booleans() < 0) {
printf("Commit failed. (%s) No change to booleans.\n",
strerror(errno));
} else {
/* syslog all the changes */
struct passwd *pwd = getpwuid(getuid());
for (i = 1; i < argc; i++) {
if (pwd && pwd->pw_name)
syslog(LOG_NOTICE,
"The %s policy boolean was toggled by %s",
argv[i], pwd->pw_name);
else
syslog(LOG_NOTICE,
"The %s policy boolean was toggled by uid:%d",
argv[i], getuid());
}
return 0;
}
}
return 1;
}
