2 * sestatus -- displays the status of SELinux
4 * Ported to busybox: KaiGai Kohei <kaigai@ak.jp.nec.com>
6 * Copyright (C) KaiGai Kohei <kaigai@ak.jp.nec.com>
11 extern char *selinux_mnt;
13 #define OPT_VERBOSE (1 << 0)
14 #define OPT_BOOLEAN (1 << 1)
16 #define COL_FMT "%-31s "
18 static void display_boolean(void)
21 int i, active, pending, nbool;
23 if (security_get_boolean_names(&bools, &nbool) < 0)
26 puts("\nPolicy booleans:");
28 for (i = 0; i < nbool; i++) {
29 active = security_get_boolean_active(bools[i]);
32 pending = security_get_boolean_pending(bools[i]);
36 bools[i], active == 0 ? "off" : "on");
37 if (active != pending)
38 printf(" (%sactivate pending)", pending == 0 ? "in" : "");
41 if (ENABLE_FEATURE_CLEAN_UP)
44 if (ENABLE_FEATURE_CLEAN_UP)
48 static void read_config(char **pc, int npc, char **fc, int nfc)
52 int pc_ofs = 0, fc_ofs = 0, section = -1;
56 parser = config_open("/etc/sestatus.conf");
57 while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) {
58 if (strcmp(buf, "[process]") == 0) {
60 } else if (strcmp(buf, "[files]") == 0) {
63 if (section == 1 && pc_ofs < npc -1) {
64 pc[pc_ofs++] = xstrdup(buf);
66 } else if (section == 2 && fc_ofs < nfc - 1) {
67 fc[fc_ofs++] = xstrdup(buf);
75 static void display_verbose(void)
77 security_context_t con, _con;
78 char *fc[50], *pc[50], *cterm;
82 read_config(pc, ARRAY_SIZE(pc), fc, ARRAY_SIZE(fc));
84 /* process contexts */
85 puts("\nProcess contexts:");
88 if (getcon(&con) == 0) {
89 printf(COL_FMT "%s\n", "Current context:", con);
90 if (ENABLE_FEATURE_CLEAN_UP)
93 /* /sbin/init context */
94 if (getpidcon(1, &con) == 0) {
95 printf(COL_FMT "%s\n", "Init context:", con);
96 if (ENABLE_FEATURE_CLEAN_UP)
100 /* [process] context */
101 for (i = 0; pc[i] != NULL; i++) {
102 pidList = find_pid_by_name(bb_basename(pc[i]));
103 if (pidList[0] > 0 && getpidcon(pidList[0], &con) == 0) {
104 printf(COL_FMT "%s\n", pc[i], con);
105 if (ENABLE_FEATURE_CLEAN_UP)
108 if (ENABLE_FEATURE_CLEAN_UP)
113 puts("\nFile contexts:");
117 if (cterm && lgetfilecon(cterm, &con) >= 0) {
118 printf(COL_FMT "%s\n", "Controlling term:", con);
119 if (ENABLE_FEATURE_CLEAN_UP)
123 for (i=0; fc[i] != NULL; i++) {
126 if (lgetfilecon(fc[i], &con) < 0)
128 if (lstat(fc[i], &stbuf) == 0) {
129 if (S_ISLNK(stbuf.st_mode)) {
130 if (getfilecon(fc[i], &_con) >= 0) {
131 printf(COL_FMT "%s -> %s\n", fc[i], _con, con);
132 if (ENABLE_FEATURE_CLEAN_UP)
136 printf(COL_FMT "%s\n", fc[i], con);
139 if (ENABLE_FEATURE_CLEAN_UP)
144 int sestatus_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
145 int sestatus_main(int argc UNUSED_PARAM, char **argv)
148 const char *pol_path;
151 opt_complementary = "?0"; /* no arguments are required. */
152 opts = getopt32(argv, "vb");
154 /* SELinux status: line */
155 rc = is_selinux_enabled();
158 printf(COL_FMT "%s\n", "SELinux status:",
159 rc == 1 ? "enabled" : "disabled");
161 /* SELinuxfs mount: line */
164 printf(COL_FMT "%s\n", "SELinuxfs mount:",
167 /* Current mode: line */
168 rc = security_getenforce();
171 printf(COL_FMT "%s\n", "Current mode:",
172 rc == 0 ? "permissive" : "enforcing");
174 /* Mode from config file: line */
175 if (selinux_getenforcemode(&rc) != 0)
177 printf(COL_FMT "%s\n", "Mode from config file:",
178 rc < 0 ? "disabled" : (rc == 0 ? "permissive" : "enforcing"));
180 /* Policy version: line */
181 rc = security_policyvers();
184 printf(COL_FMT "%u\n", "Policy version:", rc);
186 /* Policy from config file: line */
187 pol_path = selinux_policy_root();
190 printf(COL_FMT "%s\n", "Policy from config file:",
191 bb_basename(pol_path));
193 if (opts & OPT_BOOLEAN)
195 if (opts & OPT_VERBOSE)
201 bb_perror_msg_and_die("libselinux returns unknown state");
projects / oweals / busybox.git / blob