sestatus.c 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
  1. /*
  2. * sestatus -- displays the status of SELinux
  3. *
  4. * Ported to busybox: KaiGai Kohei <kaigai@ak.jp.nec.com>
  5. *
  6. * Copyright (C) KaiGai Kohei <kaigai@ak.jp.nec.com>
  7. *
  8. * Licensed under GPLv2, see file LICENSE in this tarball for details.
  9. */
  10. #include "libbb.h"
  11. extern char *selinux_mnt;
  12. #define OPT_VERBOSE (1 << 0)
  13. #define OPT_BOOLEAN (1 << 1)
  14. #define COL_FMT "%-31s "
  15. static void display_boolean(void)
  16. {
  17. char **bools;
  18. int i, active, pending, nbool;
  19. if (security_get_boolean_names(&bools, &nbool) < 0)
  20. return;
  21. puts("\nPolicy booleans:");
  22. for (i = 0; i < nbool; i++) {
  23. active = security_get_boolean_active(bools[i]);
  24. if (active < 0)
  25. goto skip;
  26. pending = security_get_boolean_pending(bools[i]);
  27. if (pending < 0)
  28. goto skip;
  29. printf(COL_FMT "%s",
  30. bools[i], active == 0 ? "off" : "on");
  31. if (active != pending)
  32. printf(" (%sactivate pending)", pending == 0 ? "in" : "");
  33. bb_putchar('\n');
  34. skip:
  35. if (ENABLE_FEATURE_CLEAN_UP)
  36. free(bools[i]);
  37. }
  38. if (ENABLE_FEATURE_CLEAN_UP)
  39. free(bools);
  40. }
  41. static void read_config(char **pc, int npc, char **fc, int nfc)
  42. {
  43. char *buf;
  44. parser_t *parser;
  45. int pc_ofs = 0, fc_ofs = 0, section = -1;
  46. pc[0] = fc[0] = NULL;
  47. parser = config_open("/etc/sestatus.conf");
  48. while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) {
  49. if (strcmp(buf, "[process]") == 0) {
  50. section = 1;
  51. } else if (strcmp(buf, "[files]") == 0) {
  52. section = 2;
  53. } else {
  54. if (section == 1 && pc_ofs < npc -1) {
  55. pc[pc_ofs++] = xstrdup(buf);
  56. pc[pc_ofs] = NULL;
  57. } else if (section == 2 && fc_ofs < nfc - 1) {
  58. fc[fc_ofs++] = xstrdup(buf);
  59. fc[fc_ofs] = NULL;
  60. }
  61. }
  62. }
  63. config_close(parser);
  64. }
  65. static void display_verbose(void)
  66. {
  67. security_context_t con, _con;
  68. char *fc[50], *pc[50], *cterm;
  69. pid_t *pidList;
  70. int i;
  71. read_config(pc, ARRAY_SIZE(pc), fc, ARRAY_SIZE(fc));
  72. /* process contexts */
  73. puts("\nProcess contexts:");
  74. /* current context */
  75. if (getcon(&con) == 0) {
  76. printf(COL_FMT "%s\n", "Current context:", con);
  77. if (ENABLE_FEATURE_CLEAN_UP)
  78. freecon(con);
  79. }
  80. /* /sbin/init context */
  81. if (getpidcon(1, &con) == 0) {
  82. printf(COL_FMT "%s\n", "Init context:", con);
  83. if (ENABLE_FEATURE_CLEAN_UP)
  84. freecon(con);
  85. }
  86. /* [process] context */
  87. for (i = 0; pc[i] != NULL; i++) {
  88. pidList = find_pid_by_name(bb_basename(pc[i]));
  89. if (pidList[0] > 0 && getpidcon(pidList[0], &con) == 0) {
  90. printf(COL_FMT "%s\n", pc[i], con);
  91. if (ENABLE_FEATURE_CLEAN_UP)
  92. freecon(con);
  93. }
  94. if (ENABLE_FEATURE_CLEAN_UP)
  95. free(pidList);
  96. }
  97. /* files contexts */
  98. puts("\nFile contexts:");
  99. cterm = xmalloc_ttyname(0);
  100. //FIXME: if cterm == NULL, we segfault!??
  101. puts(cterm);
  102. if (cterm && lgetfilecon(cterm, &con) >= 0) {
  103. printf(COL_FMT "%s\n", "Controlling term:", con);
  104. if (ENABLE_FEATURE_CLEAN_UP)
  105. freecon(con);
  106. }
  107. for (i = 0; fc[i] != NULL; i++) {
  108. struct stat stbuf;
  109. if (lgetfilecon(fc[i], &con) < 0)
  110. continue;
  111. if (lstat(fc[i], &stbuf) == 0) {
  112. if (S_ISLNK(stbuf.st_mode)) {
  113. if (getfilecon(fc[i], &_con) >= 0) {
  114. printf(COL_FMT "%s -> %s\n", fc[i], _con, con);
  115. if (ENABLE_FEATURE_CLEAN_UP)
  116. freecon(_con);
  117. }
  118. } else {
  119. printf(COL_FMT "%s\n", fc[i], con);
  120. }
  121. }
  122. if (ENABLE_FEATURE_CLEAN_UP)
  123. freecon(con);
  124. }
  125. }
  126. int sestatus_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  127. int sestatus_main(int argc UNUSED_PARAM, char **argv)
  128. {
  129. unsigned opts;
  130. const char *pol_path;
  131. int rc;
  132. opt_complementary = "?0"; /* no arguments are required. */
  133. opts = getopt32(argv, "vb");
  134. /* SELinux status: line */
  135. rc = is_selinux_enabled();
  136. if (rc < 0)
  137. goto error;
  138. printf(COL_FMT "%s\n", "SELinux status:",
  139. rc == 1 ? "enabled" : "disabled");
  140. /* SELinuxfs mount: line */
  141. if (!selinux_mnt)
  142. goto error;
  143. printf(COL_FMT "%s\n", "SELinuxfs mount:",
  144. selinux_mnt);
  145. /* Current mode: line */
  146. rc = security_getenforce();
  147. if (rc < 0)
  148. goto error;
  149. printf(COL_FMT "%s\n", "Current mode:",
  150. rc == 0 ? "permissive" : "enforcing");
  151. /* Mode from config file: line */
  152. if (selinux_getenforcemode(&rc) != 0)
  153. goto error;
  154. printf(COL_FMT "%s\n", "Mode from config file:",
  155. rc < 0 ? "disabled" : (rc == 0 ? "permissive" : "enforcing"));
  156. /* Policy version: line */
  157. rc = security_policyvers();
  158. if (rc < 0)
  159. goto error;
  160. printf(COL_FMT "%u\n", "Policy version:", rc);
  161. /* Policy from config file: line */
  162. pol_path = selinux_policy_root();
  163. if (!pol_path)
  164. goto error;
  165. printf(COL_FMT "%s\n", "Policy from config file:",
  166. bb_basename(pol_path));
  167. if (opts & OPT_BOOLEAN)
  168. display_boolean();
  169. if (opts & OPT_VERBOSE)
  170. display_verbose();
  171. return 0;
  172. error:
  173. bb_perror_msg_and_die("libselinux returns unknown state");
  174. }