Remove getsebool/setsebool from init and toolbox.

These were leftovers from the SELinux boolean support that
was originally merged.  Since Android prohibits SELinux policy
booleans, we can just drop it.

Change-Id: I02f646a7d8db65e153702205b082b87a73f60d73
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2015-03-13 14:01:58 -04:00
parent bd518bce07
commit d4b2d8923f
7 changed files with 0 additions and 187 deletions

View File

@ -854,34 +854,6 @@ int do_restorecon_recursive(int nargs, char **args) {
return ret;
}
int do_setsebool(int nargs, char **args) {
const char *name = args[1];
const char *value = args[2];
SELboolean b;
int ret;
if (is_selinux_enabled() <= 0)
return 0;
b.name = name;
if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on"))
b.value = 1;
else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off"))
b.value = 0;
else {
ERROR("setsebool: invalid value %s\n", value);
return -EINVAL;
}
if (security_set_boolean_list(1, &b, 0) < 0) {
ret = -errno;
ERROR("setsebool: could not set %s to %s\n", name, value);
return ret;
}
return 0;
}
int do_loglevel(int nargs, char **args) {
int log_level;
char log_level_str[PROP_VALUE_MAX] = "";

View File

@ -190,7 +190,6 @@ static int lookup_keyword(const char *s)
if (!strcmp(s, "etkey")) return K_setkey;
if (!strcmp(s, "etprop")) return K_setprop;
if (!strcmp(s, "etrlimit")) return K_setrlimit;
if (!strcmp(s, "etsebool")) return K_setsebool;
if (!strcmp(s, "ocket")) return K_socket;
if (!strcmp(s, "tart")) return K_start;
if (!strcmp(s, "top")) return K_stop;

View File

@ -26,7 +26,6 @@ int do_setcon(int nargs, char **args);
int do_setkey(int nargs, char **args);
int do_setprop(int nargs, char **args);
int do_setrlimit(int nargs, char **args);
int do_setsebool(int nargs, char **args);
int do_start(int nargs, char **args);
int do_stop(int nargs, char **args);
int do_swapon_all(int nargs, char **args);
@ -87,7 +86,6 @@ enum {
KEYWORD(setkey, COMMAND, 0, do_setkey)
KEYWORD(setprop, COMMAND, 2, do_setprop)
KEYWORD(setrlimit, COMMAND, 3, do_setrlimit)
KEYWORD(setsebool, COMMAND, 2, do_setsebool)
KEYWORD(socket, OPTION, 0, 0)
KEYWORD(start, COMMAND, 1, do_start)
KEYWORD(stop, COMMAND, 1, do_stop)

View File

@ -238,10 +238,6 @@ setprop <name> <value>
setrlimit <resource> <cur> <max>
Set the rlimit for a resource.
setsebool <name> <value>
Set SELinux boolean <name> to <value>.
<value> may be 1|true|on or 0|false|off
start <service>
Start a service running if it is not already running.

View File

@ -44,7 +44,6 @@ OUR_TOOLS := \
df \
getevent \
getprop \
getsebool \
iftop \
ioctl \
ionice \
@ -64,7 +63,6 @@ OUR_TOOLS := \
schedtop \
sendevent \
setprop \
setsebool \
smd \
start \
stop \

View File

@ -1,104 +0,0 @@
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <getopt.h>
#include <errno.h>
#include <string.h>
#include <selinux/selinux.h>
static void usage(const char *progname)
{
fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname);
exit(1);
}
int getsebool_main(int argc, char **argv)
{
int i, get_all = 0, rc = 0, active, pending, len = 0, opt;
char **names;
while ((opt = getopt(argc, argv, "a")) > 0) {
switch (opt) {
case 'a':
if (argc > 2)
usage(argv[0]);
if (is_selinux_enabled() <= 0) {
fprintf(stderr, "%s: SELinux is disabled\n",
argv[0]);
return 1;
}
errno = 0;
rc = security_get_boolean_names(&names, &len);
if (rc) {
fprintf(stderr,
"%s: Unable to get boolean names: %s\n",
argv[0], strerror(errno));
return 1;
}
if (!len) {
printf("No booleans\n");
return 0;
}
get_all = 1;
break;
default:
usage(argv[0]);
}
}
if (is_selinux_enabled() <= 0) {
fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
return 1;
}
if (!len) {
if (argc < 2)
usage(argv[0]);
len = argc - 1;
names = malloc(sizeof(char *) * len);
if (!names) {
fprintf(stderr, "%s: out of memory\n", argv[0]);
return 2;
}
for (i = 0; i < len; i++) {
names[i] = strdup(argv[i + 1]);
if (!names[i]) {
fprintf(stderr, "%s: out of memory\n",
argv[0]);
return 2;
}
}
}
for (i = 0; i < len; i++) {
active = security_get_boolean_active(names[i]);
if (active < 0) {
if (get_all && errno == EACCES)
continue;
fprintf(stderr, "Error getting active value for %s\n",
names[i]);
rc = -1;
goto out;
}
pending = security_get_boolean_pending(names[i]);
if (pending < 0) {
fprintf(stderr, "Error getting pending value for %s\n",
names[i]);
rc = -1;
goto out;
}
if (pending != active) {
printf("%s --> %s pending: %s\n", names[i],
(active ? "on" : "off"),
(pending ? "on" : "off"));
} else {
printf("%s --> %s\n", names[i],
(active ? "on" : "off"));
}
}
out:
for (i = 0; i < len; i++)
free(names[i]);
free(names);
return rc;
}

View File

@ -1,46 +0,0 @@
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
#include <selinux/selinux.h>
#include <errno.h>
static int do_setsebool(int nargs, char **args) {
const char *name = args[1];
const char *value = args[2];
SELboolean b;
if (is_selinux_enabled() <= 0)
return 0;
b.name = name;
if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on"))
b.value = 1;
else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off"))
b.value = 0;
else {
fprintf(stderr, "setsebool: invalid value %s\n", value);
return -1;
}
if (security_set_boolean_list(1, &b, 0) < 0)
{
fprintf(stderr, "setsebool: could not set %s to %s: %s", name, value, strerror(errno));
return -1;
}
return 0;
}
int setsebool_main(int argc, char **argv)
{
if (argc != 3) {
fprintf(stderr, "Usage: %s name value\n", argv[0]);
exit(1);
}
return do_setsebool(argc, argv);
}