Remove getsebool/setsebool from init and toolbox.
These were leftovers from the SELinux boolean support that was originally merged. Since Android prohibits SELinux policy booleans, we can just drop it. Change-Id: I02f646a7d8db65e153702205b082b87a73f60d73 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
bd518bce07
commit
d4b2d8923f
|
@ -854,34 +854,6 @@ int do_restorecon_recursive(int nargs, char **args) {
|
|||
return ret;
|
||||
}
|
||||
|
||||
int do_setsebool(int nargs, char **args) {
|
||||
const char *name = args[1];
|
||||
const char *value = args[2];
|
||||
SELboolean b;
|
||||
int ret;
|
||||
|
||||
if (is_selinux_enabled() <= 0)
|
||||
return 0;
|
||||
|
||||
b.name = name;
|
||||
if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on"))
|
||||
b.value = 1;
|
||||
else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off"))
|
||||
b.value = 0;
|
||||
else {
|
||||
ERROR("setsebool: invalid value %s\n", value);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (security_set_boolean_list(1, &b, 0) < 0) {
|
||||
ret = -errno;
|
||||
ERROR("setsebool: could not set %s to %s\n", name, value);
|
||||
return ret;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int do_loglevel(int nargs, char **args) {
|
||||
int log_level;
|
||||
char log_level_str[PROP_VALUE_MAX] = "";
|
||||
|
|
|
@ -190,7 +190,6 @@ static int lookup_keyword(const char *s)
|
|||
if (!strcmp(s, "etkey")) return K_setkey;
|
||||
if (!strcmp(s, "etprop")) return K_setprop;
|
||||
if (!strcmp(s, "etrlimit")) return K_setrlimit;
|
||||
if (!strcmp(s, "etsebool")) return K_setsebool;
|
||||
if (!strcmp(s, "ocket")) return K_socket;
|
||||
if (!strcmp(s, "tart")) return K_start;
|
||||
if (!strcmp(s, "top")) return K_stop;
|
||||
|
|
|
@ -26,7 +26,6 @@ int do_setcon(int nargs, char **args);
|
|||
int do_setkey(int nargs, char **args);
|
||||
int do_setprop(int nargs, char **args);
|
||||
int do_setrlimit(int nargs, char **args);
|
||||
int do_setsebool(int nargs, char **args);
|
||||
int do_start(int nargs, char **args);
|
||||
int do_stop(int nargs, char **args);
|
||||
int do_swapon_all(int nargs, char **args);
|
||||
|
@ -87,7 +86,6 @@ enum {
|
|||
KEYWORD(setkey, COMMAND, 0, do_setkey)
|
||||
KEYWORD(setprop, COMMAND, 2, do_setprop)
|
||||
KEYWORD(setrlimit, COMMAND, 3, do_setrlimit)
|
||||
KEYWORD(setsebool, COMMAND, 2, do_setsebool)
|
||||
KEYWORD(socket, OPTION, 0, 0)
|
||||
KEYWORD(start, COMMAND, 1, do_start)
|
||||
KEYWORD(stop, COMMAND, 1, do_stop)
|
||||
|
|
|
@ -238,10 +238,6 @@ setprop <name> <value>
|
|||
setrlimit <resource> <cur> <max>
|
||||
Set the rlimit for a resource.
|
||||
|
||||
setsebool <name> <value>
|
||||
Set SELinux boolean <name> to <value>.
|
||||
<value> may be 1|true|on or 0|false|off
|
||||
|
||||
start <service>
|
||||
Start a service running if it is not already running.
|
||||
|
||||
|
|
|
@ -44,7 +44,6 @@ OUR_TOOLS := \
|
|||
df \
|
||||
getevent \
|
||||
getprop \
|
||||
getsebool \
|
||||
iftop \
|
||||
ioctl \
|
||||
ionice \
|
||||
|
@ -64,7 +63,6 @@ OUR_TOOLS := \
|
|||
schedtop \
|
||||
sendevent \
|
||||
setprop \
|
||||
setsebool \
|
||||
smd \
|
||||
start \
|
||||
stop \
|
||||
|
|
|
@ -1,104 +0,0 @@
|
|||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <getopt.h>
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
static void usage(const char *progname)
|
||||
{
|
||||
fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
int getsebool_main(int argc, char **argv)
|
||||
{
|
||||
int i, get_all = 0, rc = 0, active, pending, len = 0, opt;
|
||||
char **names;
|
||||
|
||||
while ((opt = getopt(argc, argv, "a")) > 0) {
|
||||
switch (opt) {
|
||||
case 'a':
|
||||
if (argc > 2)
|
||||
usage(argv[0]);
|
||||
if (is_selinux_enabled() <= 0) {
|
||||
fprintf(stderr, "%s: SELinux is disabled\n",
|
||||
argv[0]);
|
||||
return 1;
|
||||
}
|
||||
errno = 0;
|
||||
rc = security_get_boolean_names(&names, &len);
|
||||
if (rc) {
|
||||
fprintf(stderr,
|
||||
"%s: Unable to get boolean names: %s\n",
|
||||
argv[0], strerror(errno));
|
||||
return 1;
|
||||
}
|
||||
if (!len) {
|
||||
printf("No booleans\n");
|
||||
return 0;
|
||||
}
|
||||
get_all = 1;
|
||||
break;
|
||||
default:
|
||||
usage(argv[0]);
|
||||
}
|
||||
}
|
||||
|
||||
if (is_selinux_enabled() <= 0) {
|
||||
fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
|
||||
return 1;
|
||||
}
|
||||
if (!len) {
|
||||
if (argc < 2)
|
||||
usage(argv[0]);
|
||||
len = argc - 1;
|
||||
names = malloc(sizeof(char *) * len);
|
||||
if (!names) {
|
||||
fprintf(stderr, "%s: out of memory\n", argv[0]);
|
||||
return 2;
|
||||
}
|
||||
for (i = 0; i < len; i++) {
|
||||
names[i] = strdup(argv[i + 1]);
|
||||
if (!names[i]) {
|
||||
fprintf(stderr, "%s: out of memory\n",
|
||||
argv[0]);
|
||||
return 2;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0; i < len; i++) {
|
||||
active = security_get_boolean_active(names[i]);
|
||||
if (active < 0) {
|
||||
if (get_all && errno == EACCES)
|
||||
continue;
|
||||
fprintf(stderr, "Error getting active value for %s\n",
|
||||
names[i]);
|
||||
rc = -1;
|
||||
goto out;
|
||||
}
|
||||
pending = security_get_boolean_pending(names[i]);
|
||||
if (pending < 0) {
|
||||
fprintf(stderr, "Error getting pending value for %s\n",
|
||||
names[i]);
|
||||
rc = -1;
|
||||
goto out;
|
||||
}
|
||||
if (pending != active) {
|
||||
printf("%s --> %s pending: %s\n", names[i],
|
||||
(active ? "on" : "off"),
|
||||
(pending ? "on" : "off"));
|
||||
} else {
|
||||
printf("%s --> %s\n", names[i],
|
||||
(active ? "on" : "off"));
|
||||
}
|
||||
}
|
||||
|
||||
out:
|
||||
for (i = 0; i < len; i++)
|
||||
free(names[i]);
|
||||
free(names);
|
||||
return rc;
|
||||
}
|
|
@ -1,46 +0,0 @@
|
|||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
#include <errno.h>
|
||||
#include <selinux/selinux.h>
|
||||
#include <errno.h>
|
||||
|
||||
static int do_setsebool(int nargs, char **args) {
|
||||
const char *name = args[1];
|
||||
const char *value = args[2];
|
||||
SELboolean b;
|
||||
|
||||
if (is_selinux_enabled() <= 0)
|
||||
return 0;
|
||||
|
||||
b.name = name;
|
||||
if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on"))
|
||||
b.value = 1;
|
||||
else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off"))
|
||||
b.value = 0;
|
||||
else {
|
||||
fprintf(stderr, "setsebool: invalid value %s\n", value);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (security_set_boolean_list(1, &b, 0) < 0)
|
||||
{
|
||||
fprintf(stderr, "setsebool: could not set %s to %s: %s", name, value, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int setsebool_main(int argc, char **argv)
|
||||
{
|
||||
if (argc != 3) {
|
||||
fprintf(stderr, "Usage: %s name value\n", argv[0]);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
return do_setsebool(argc, argv);
|
||||
}
|
Loading…
Reference in New Issue