2 * sestatus -- displays the status of SELinux
4 * Ported to busybox: KaiGai Kohei <kaigai@ak.jp.nec.com>
6 * Copyright (C) KaiGai Kohei <kaigai@ak.jp.nec.com>
8 * Licensed under GPLv2, see file LICENSE in this source tree.
11 //usage:#define sestatus_trivial_usage
13 //usage:#define sestatus_full_usage "\n\n"
14 //usage: " -v Verbose"
15 //usage: "\n -b Display current state of booleans"
19 extern char *selinux_mnt;
21 #define OPT_VERBOSE (1 << 0)
22 #define OPT_BOOLEAN (1 << 1)
24 #define COL_FMT "%-31s "
26 static void display_boolean(void)
29 int i, active, pending, nbool;
31 if (security_get_boolean_names(&bools, &nbool) < 0)
34 puts("\nPolicy booleans:");
36 for (i = 0; i < nbool; i++) {
37 active = security_get_boolean_active(bools[i]);
40 pending = security_get_boolean_pending(bools[i]);
44 bools[i], active == 0 ? "off" : "on");
45 if (active != pending)
46 printf(" (%sactivate pending)", pending == 0 ? "in" : "");
49 if (ENABLE_FEATURE_CLEAN_UP)
52 if (ENABLE_FEATURE_CLEAN_UP)
56 static void read_config(char **pc, int npc, char **fc, int nfc)
60 int pc_ofs = 0, fc_ofs = 0, section = -1;
64 parser = config_open("/etc/sestatus.conf");
65 while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) {
66 if (strcmp(buf, "[process]") == 0) {
68 } else if (strcmp(buf, "[files]") == 0) {
71 if (section == 1 && pc_ofs < npc -1) {
72 pc[pc_ofs++] = xstrdup(buf);
74 } else if (section == 2 && fc_ofs < nfc - 1) {
75 fc[fc_ofs++] = xstrdup(buf);
83 static void display_verbose(void)
85 security_context_t con, _con;
86 char *fc[50], *pc[50], *cterm;
90 read_config(pc, ARRAY_SIZE(pc), fc, ARRAY_SIZE(fc));
92 /* process contexts */
93 puts("\nProcess contexts:");
96 if (getcon(&con) == 0) {
97 printf(COL_FMT "%s\n", "Current context:", con);
98 if (ENABLE_FEATURE_CLEAN_UP)
101 /* /sbin/init context */
102 if (getpidcon(1, &con) == 0) {
103 printf(COL_FMT "%s\n", "Init context:", con);
104 if (ENABLE_FEATURE_CLEAN_UP)
108 /* [process] context */
109 for (i = 0; pc[i] != NULL; i++) {
110 pidList = find_pid_by_name(bb_basename(pc[i]));
111 if (pidList[0] > 0 && getpidcon(pidList[0], &con) == 0) {
112 printf(COL_FMT "%s\n", pc[i], con);
113 if (ENABLE_FEATURE_CLEAN_UP)
116 if (ENABLE_FEATURE_CLEAN_UP)
121 puts("\nFile contexts:");
123 cterm = xmalloc_ttyname(0);
124 //FIXME: if cterm == NULL, we segfault!??
126 if (cterm && lgetfilecon(cterm, &con) >= 0) {
127 printf(COL_FMT "%s\n", "Controlling term:", con);
128 if (ENABLE_FEATURE_CLEAN_UP)
132 for (i = 0; fc[i] != NULL; i++) {
135 if (lgetfilecon(fc[i], &con) < 0)
137 if (lstat(fc[i], &stbuf) == 0) {
138 if (S_ISLNK(stbuf.st_mode)) {
139 if (getfilecon(fc[i], &_con) >= 0) {
140 printf(COL_FMT "%s -> %s\n", fc[i], _con, con);
141 if (ENABLE_FEATURE_CLEAN_UP)
145 printf(COL_FMT "%s\n", fc[i], con);
148 if (ENABLE_FEATURE_CLEAN_UP)
153 int sestatus_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
154 int sestatus_main(int argc UNUSED_PARAM, char **argv)
157 const char *pol_path;
160 opt_complementary = "?0"; /* no arguments are required. */
161 opts = getopt32(argv, "vb");
163 /* SELinux status: line */
164 rc = is_selinux_enabled();
167 printf(COL_FMT "%s\n", "SELinux status:",
168 rc == 1 ? "enabled" : "disabled");
170 /* SELinuxfs mount: line */
173 printf(COL_FMT "%s\n", "SELinuxfs mount:",
176 /* Current mode: line */
177 rc = security_getenforce();
180 printf(COL_FMT "%s\n", "Current mode:",
181 rc == 0 ? "permissive" : "enforcing");
183 /* Mode from config file: line */
184 if (selinux_getenforcemode(&rc) != 0)
186 printf(COL_FMT "%s\n", "Mode from config file:",
187 rc < 0 ? "disabled" : (rc == 0 ? "permissive" : "enforcing"));
189 /* Policy version: line */
190 rc = security_policyvers();
193 printf(COL_FMT "%u\n", "Policy version:", rc);
195 /* Policy from config file: line */
196 pol_path = selinux_policy_root();
199 printf(COL_FMT "%s\n", "Policy from config file:",
200 bb_basename(pol_path));
202 if (opts & OPT_BOOLEAN)
204 if (opts & OPT_VERBOSE)
210 bb_perror_msg_and_die("libselinux returns unknown state");
projects / oweals / busybox.git / blob