[PATCH 4/8] busybox -- libselinux utilities applets

Denis Vlasenko vda.linux at googlemail.com
Fri Jan 26 23:59:34 UTC 2007


On Thursday 25 January 2007 15:44, KaiGai Kohei wrote:
> [4/8] busybox-libselinux-04-getsebool.patch
>   getsebool reports the a particular or all SELinux
>   boolean variable.
>   SELinux boolean variable is a interface to configure
>   the condition of security policy. We can enable or
>   disable the part of the security policy via boolean
>   variable.
> 
> Signed-off-by: Hiroshi Shinji <shiroshi at my.email.ne.jp>
> Signed-off-by: KaiGai Kohei <kaigai at kaigai.gr.jp>
> 
> --
> KaiGai Kohei <kaigai at kaigai.gr.jp>

--- selinux/getsebool.c (revision 0)
+++ selinux/getsebool.c (revision 0)
@@ -0,0 +1,98 @@
+/*
+ * getsebool
+ *
+ * Based on libselinux 1.33.1
+ * Port to BusyBox  Hiroshi Shinji <shiroshi at my.email.ne.jp>
+ *
+ */
+
+#include "busybox.h"
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <getopt.h>
+#include <errno.h>
+#include <string.h>
+#include <selinux/selinux.h>
+
+#define GETSEBOOL_OPT_ALL      1
+
+int getsebool_main(int argc, char **argv)
+{
+       int i, rc = 0, active, pending, len = 0;
+       char **names;
+       unsigned long opt;
+
+       opt = getopt32(argc, argv, "a");
+
+       if(opt & BB_GETOPT_ERROR) {
+               bb_show_usage();
+       }

Is it needed? I mean, can you give an example where it is needed?

+       if(opt & GETSEBOOL_OPT_ALL) {
+               if (argc > 2)
+                       bb_show_usage();
+               if (is_selinux_enabled() <= 0) {
+                       bb_error_msg_and_die("SELinux is disabled");
+               }
+               errno = 0;
+               rc = security_get_boolean_names(&names, &len);
+               if (rc) {
+                       bb_error_msg_and_die("Unable to get boolean names:  %s", strerror(errno));
+               }
+               if (!len) {
+                       printf("No booleans\n");
+                       return 0;
+               }
+       }
+
+       if (is_selinux_enabled() <= 0) {
+               bb_error_msg_and_die("SELinux is disabled");
+       }
+
+       if (!len) {
+               if (argc < 2)
+                       bb_show_usage();
+               len = argc - 1;
+               names = malloc(sizeof(char *) * len);
+               if (!names) {
+                       bb_error_msg_and_die("out of memory");
+               }

xmalloc will do dying for you! :)

+               for (i = 0; i < len; i++) {
+                       names[i] = strdup(argv[i + 1]);

xstrdup. Gotta love busybox. We love to die, and love to get rid
of useless error paths.

+                       if (!names[i]) {
+                               bb_error_msg_and_die("out of memory");
+                       }
+               }
+       }
+
+       for (i = 0; i < len; i++) {
+               active = security_get_boolean_active(names[i]);
+               if (active < 0) {
+                       bb_error_msg("Error getting active value for %s",
+                               names[i]);
+                       rc = -1;
+                       goto out;
+               }
+               pending = security_get_boolean_pending(names[i]);
+               if (pending < 0) {
+                       bb_error_msg("Error getting pending value for %s",
+                               names[i]);
+                       rc = -1;
+                       goto out;
+               }
+               if (pending != active) {
+                       printf("%s --> %s pending: %s\n", names[i],
+                              (active ? "on" : "off"),
+                              (pending ? "on" : "off"));
+               } else {
+                       printf("%s --> %s\n", names[i],
+                              (active ? "on" : "off"));
+               }
+       }
+
+      out:
+       for (i = 0; i < len; i++)
+               free(names[i]);
+       free(names);

	Add if (ENABLE_FEATURE_CLEAN_UP) in front of for().

+       return rc;
+}


More information about the busybox mailing list