xref: /aosp_15_r20/external/toybox/toys/android/setenforce.c (revision cf5a6c84e2b8763fc1a7db14496fd4742913b199) 
1*cf5a6c84SAndroid Build Coastguard Worker /* setenforce.c - Set the current SELinux mode
2*cf5a6c84SAndroid Build Coastguard Worker  *
3*cf5a6c84SAndroid Build Coastguard Worker  * Copyright 2014 The Android Open Source Project
4*cf5a6c84SAndroid Build Coastguard Worker 
5*cf5a6c84SAndroid Build Coastguard Worker USE_SETENFORCE(NEWTOY(setenforce, "<1>1", TOYFLAG_USR|TOYFLAG_SBIN))
6*cf5a6c84SAndroid Build Coastguard Worker 
7*cf5a6c84SAndroid Build Coastguard Worker config SETENFORCE
8*cf5a6c84SAndroid Build Coastguard Worker   bool "setenforce"
9*cf5a6c84SAndroid Build Coastguard Worker   default y
10*cf5a6c84SAndroid Build Coastguard Worker   depends on TOYBOX_SELINUX
11*cf5a6c84SAndroid Build Coastguard Worker   help
12*cf5a6c84SAndroid Build Coastguard Worker     usage: setenforce [enforcing|permissive|1|0]
13*cf5a6c84SAndroid Build Coastguard Worker 
14*cf5a6c84SAndroid Build Coastguard Worker     Sets whether SELinux is enforcing (1) or permissive (0).
15*cf5a6c84SAndroid Build Coastguard Worker */
16*cf5a6c84SAndroid Build Coastguard Worker 
17*cf5a6c84SAndroid Build Coastguard Worker #define FOR_setenforce
18*cf5a6c84SAndroid Build Coastguard Worker #include "toys.h"
19*cf5a6c84SAndroid Build Coastguard Worker 
setenforce_main(void)20*cf5a6c84SAndroid Build Coastguard Worker void setenforce_main(void)
21*cf5a6c84SAndroid Build Coastguard Worker {
22*cf5a6c84SAndroid Build Coastguard Worker   char *new = *toys.optargs;
23*cf5a6c84SAndroid Build Coastguard Worker   int state, ret;
24*cf5a6c84SAndroid Build Coastguard Worker 
25*cf5a6c84SAndroid Build Coastguard Worker   if (!is_selinux_enabled()) error_exit("SELinux is disabled");
26*cf5a6c84SAndroid Build Coastguard Worker   else if (!strcmp(new, "1") || !strcasecmp(new, "enforcing")) state = 1;
27*cf5a6c84SAndroid Build Coastguard Worker   else if (!strcmp(new, "0") || !strcasecmp(new, "permissive")) state = 0;
28*cf5a6c84SAndroid Build Coastguard Worker   else error_exit("Invalid state: %s", new);
29*cf5a6c84SAndroid Build Coastguard Worker 
30*cf5a6c84SAndroid Build Coastguard Worker   ret = security_setenforce(state);
31*cf5a6c84SAndroid Build Coastguard Worker   if (ret == -1) perror_msg("Couldn't set enforcing status to '%s'", new);
32*cf5a6c84SAndroid Build Coastguard Worker }
33