113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <unistd.h> 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio.h> 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <string.h> 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/stat.h> 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <fcntl.h> 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <errno.h> 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <syslog.h> 9413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh#include <getopt.h> 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <pwd.h> 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <selinux/selinux.h> 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <semanage/handle.h> 1362c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh#include <semanage/debug.h> 1462c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh#include <semanage/booleans_policy.h> 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <semanage/booleans_local.h> 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <semanage/booleans_active.h> 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <semanage/boolean_record.h> 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <errno.h> 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint permanent = 0; 21413b4933ee7203286050c2daf6f9714673cd3a5aDan Walshint reload = 1; 221fd22fc49893700a71ccb6dd310b65be8a51fd27Dan Walshint verbose = 0; 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint setbool(char **list, size_t start, size_t end); 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid usage(void) 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fputs 291fd22fc49893700a71ccb6dd310b65be8a51fd27Dan Walsh ("\nUsage: setsebool [ -NPV ] boolean value | bool1=val1 bool2=val2...\n\n", 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle stderr); 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle exit(1); 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint main(int argc, char **argv) 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 36e4f0a20ee14b5ee3d80f4617ec0d68f61ab36ea1Dan Walsh size_t rc; 37413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh int clflag; /* holds codes for command line flags */ 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (argc < 2) 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle usage(); 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (is_selinux_enabled() <= 0) { 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fputs("setsebool: SELinux is disabled.\n", stderr); 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 1; 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 46413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh while (1) { 471fd22fc49893700a71ccb6dd310b65be8a51fd27Dan Walsh clflag = getopt(argc, argv, "PNV"); 48413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh if (clflag == -1) 49413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh break; 50413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh 51413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh switch (clflag) { 52413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh case 'P': 53413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh permanent = 1; 54413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh break; 55413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh case 'N': 5684bffc43a725093ce975440a707a83c1e3fcf0cfDan Walsh reload = 0; 57413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh break; 581fd22fc49893700a71ccb6dd310b65be8a51fd27Dan Walsh case 'V': 5984bffc43a725093ce975440a707a83c1e3fcf0cfDan Walsh verbose = 1; 601fd22fc49893700a71ccb6dd310b65be8a51fd27Dan Walsh break; 61413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh default: 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle usage(); 63413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh break; 64413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh } 65413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh } 66413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh 67413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh if (argc - optind < 1) { 68413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh fprintf(stderr, "Error: boolean name required\n"); 69413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh usage(); 70413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh } 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Check to see which way we are being called. If a '=' is passed, 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle we'll enforce the list syntax. If not we'll enforce the original 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle syntax for backward compatibility. */ 75e4f0a20ee14b5ee3d80f4617ec0d68f61ab36ea1Dan Walsh if (strchr(argv[optind], '=') == 0) { 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int len; 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *bool_list[1]; 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 79e4f0a20ee14b5ee3d80f4617ec0d68f61ab36ea1Dan Walsh if ((argc - optind) != 2) 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle usage(); 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Add 1 for the '=' */ 83e4f0a20ee14b5ee3d80f4617ec0d68f61ab36ea1Dan Walsh len = strlen(argv[optind]) + strlen(argv[optind + 1]) + 2; 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bool_list[0] = (char *)malloc(len); 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (bool_list[0] == 0) { 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fputs("Out of memory - aborting\n", stderr); 8713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 1; 8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 89e4f0a20ee14b5ee3d80f4617ec0d68f61ab36ea1Dan Walsh snprintf(bool_list[0], len, "%s=%s", argv[optind], 90e4f0a20ee14b5ee3d80f4617ec0d68f61ab36ea1Dan Walsh argv[optind + 1]); 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = setbool(bool_list, 0, 1); 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(bool_list[0]); 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else 94e4f0a20ee14b5ee3d80f4617ec0d68f61ab36ea1Dan Walsh rc = setbool(argv, optind, argc); 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return rc; 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Apply temporal boolean changes to policy via libselinux */ 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int selinux_set_boolean_list(size_t boolcnt, 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle SELboolean * boollist) 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (security_set_boolean_list(boolcnt, boollist, 0)) { 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (errno == ENOENT) 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Could not change active booleans: " 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "Invalid boolean\n"); 1084c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris else if (errno) { 1094c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris if (getuid() == 0) { 1104c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris perror("Could not change active booleans"); 1114c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris } else { 1124c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris perror("Could not change active booleans. Please try as root"); 1134c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris } 1144c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris } 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Apply permanent boolean changes to policy via libsemanage */ 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int semanage_set_boolean_list(size_t boolcnt, 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle SELboolean * boollist) 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t j; 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_handle_t *handle = NULL; 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_bool_t *boolean = NULL; 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_bool_key_t *bool_key = NULL; 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int managed; 13262c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh int result; 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle handle = semanage_handle_create(); 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (handle == NULL) { 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "Could not create semanage library handle\n"); 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1401fd22fc49893700a71ccb6dd310b65be8a51fd27Dan Walsh if (! verbose) { 1411fd22fc49893700a71ccb6dd310b65be8a51fd27Dan Walsh semanage_msg_set_callback(handle,NULL, NULL); 1421fd22fc49893700a71ccb6dd310b65be8a51fd27Dan Walsh } 1431fd22fc49893700a71ccb6dd310b65be8a51fd27Dan Walsh 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle managed = semanage_is_managed(handle); 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (managed < 0) { 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "Error when checking whether policy is managed\n"); 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (managed == 0) { 1514c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris if (getuid() == 0) { 1524c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris fprintf(stderr, 1534c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris "Cannot set persistent booleans without managed policy.\n"); 1544c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris } else { 1554c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris fprintf(stderr, 1564c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris "Cannot set persistent booleans, please try as root.\n"); 1574c63498a4ce04e36398d332cc793dd43dd48fb30Eric Paris } 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (semanage_connect(handle) < 0) 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (semanage_begin_transaction(handle) < 0) 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = 0; j < boolcnt; j++) { 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (semanage_bool_create(handle, &boolean) < 0) 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (semanage_bool_set_name(handle, boolean, boollist[j].name) < 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 0) 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_bool_set_value(boolean, boollist[j].value); 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (semanage_bool_key_extract(handle, boolean, &bool_key) < 0) 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18162c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh semanage_bool_exists(handle, bool_key, &result); 18262c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh if ( !result ) { 18362c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh semanage_bool_exists_local(handle, bool_key, &result); 18462c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh if ( !result ) { 18562c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh fprintf(stderr, "Boolean %s is not defined\n", boollist[j].name); 18662c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh goto err; 18762c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh } 18862c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh } 18962c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (semanage_bool_modify_local(handle, bool_key, 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle boolean) < 0) 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (semanage_bool_set_active(handle, bool_key, boolean) < 0) { 19562c0cd6194156fd272ebb229ef39eca76355f247Dan Walsh fprintf(stderr, "Failed to change boolean %s: %m\n", 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle boollist[j].name); 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_bool_key_free(bool_key); 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_bool_free(boolean); 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bool_key = NULL; 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle boolean = NULL; 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 205413b4933ee7203286050c2daf6f9714673cd3a5aDan Walsh semanage_set_reload(handle, reload); 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (semanage_commit(handle) < 0) 20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_disconnect(handle); 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_handle_destroy(handle); 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 21413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_bool_key_free(bool_key); 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_bool_free(boolean); 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_handle_destroy(handle); 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Given an array of strings in the form "boolname=value", a start index, 22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle and a finish index...walk the list and set the bool. */ 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint setbool(char **list, size_t start, size_t end) 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *name, *value_ptr; 22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int j = 0, value; 22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t i = start; 22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t boolcnt = end - start; 22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct passwd *pwd; 22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle SELboolean *vallist = calloc(boolcnt, sizeof(SELboolean)); 23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!vallist) 23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto omem; 23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (i < end) { 23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle name = list[i]; 23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle value_ptr = strchr(list[i], '='); 23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (value_ptr == 0) { 23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, 23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "setsebool: '=' not found in boolean expression %s\n", 23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle list[i]); 24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 24213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *value_ptr = 0; 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle value_ptr++; 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (strcmp(value_ptr, "1") == 0 || 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle strcasecmp(value_ptr, "true") == 0 || 24613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle strcasecmp(value_ptr, "on") == 0) 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle value = 1; 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if (strcmp(value_ptr, "0") == 0 || 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle strcasecmp(value_ptr, "false") == 0 || 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle strcasecmp(value_ptr, "off") == 0) 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle value = 0; 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else { 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "setsebool: illegal value " 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "%s for boolean %s\n", value_ptr, name); 25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle vallist[j].value = value; 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle vallist[j].name = strdup(name); 26013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!vallist[j].name) 26113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto omem; 26213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i++; 26313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle j++; 26413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Now put it back */ 26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle value_ptr--; 26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *value_ptr = '='; 26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 26913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (permanent) { 27113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (semanage_set_boolean_list(boolcnt, vallist) < 0) 27213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 27313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 27413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (selinux_set_boolean_list(boolcnt, vallist) < 0) 27513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 27613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 27713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Now log what was done */ 27913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pwd = getpwuid(getuid()); 28013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = start; 28113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (i < end) { 28213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle name = list[i]; 28313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle value_ptr = strchr(name, '='); 28413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *value_ptr = 0; 28513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle value_ptr++; 28613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (pwd && pwd->pw_name) 28713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle syslog(LOG_NOTICE, 28813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "The %s policy boolean was changed to %s by %s", 28913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle name, value_ptr, pwd->pw_name); 29013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 29113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle syslog(LOG_NOTICE, 29213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "The %s policy boolean was changed to %s by uid:%d", 29313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle name, value_ptr, getuid()); 29413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i++; 29513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 29613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 29713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < boolcnt; i++) 29813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(vallist[i].name); 29913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(vallist); 30013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 30113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 30213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle omem: 30313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "setsebool: out of memory"); 30413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 30513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 30613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (vallist) { 30713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < boolcnt; i++) 30813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(vallist[i].name); 30913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(vallist); 31013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 31113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 31213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 313