1/* setenforce.c - Set the current SELinux mode 2 * 3 * Copyright 2014 The Android Open Source Project 4 5USE_SETENFORCE(NEWTOY(setenforce, "<1>1", TOYFLAG_USR|TOYFLAG_SBIN)) 6 7config SETENFORCE 8 bool "setenforce" 9 default y 10 depends on TOYBOX_SELINUX 11 help 12 usage: setenforce [enforcing|permissive|1|0] 13 14 Sets whether SELinux is enforcing (1) or permissive (0). 15*/ 16 17#define FOR_setenforce 18#include "toys.h" 19 20void setenforce_main(void) 21{ 22 char *new = *toys.optargs; 23 int state, ret; 24 25 if (!is_selinux_enabled()) error_exit("SELinux is disabled"); 26 else if (!strcmp(new, "1") || !strcasecmp(new, "enforcing")) state = 1; 27 else if (!strcmp(new, "0") || !strcasecmp(new, "permissive")) state = 0; 28 else error_exit("Invalid state: %s", new); 29 30 ret = security_setenforce(state); 31 if (ret == -1) perror_msg("Couldn't set enforcing status to '%s'", new); 32} 33