2 * sestatus -- displays the status of SELinux
4 * Ported to busybox: KaiGai Kohei <kaigai@ak.jp.nec.com>
6 * Copyright (C) KaiGai Kohei <kaigai@ak.jp.nec.com>
8 * Licensed under GPLv2, see file LICENSE in this tarball for details.
13 extern char *selinux_mnt;
15 #define OPT_VERBOSE (1 << 0)
16 #define OPT_BOOLEAN (1 << 1)
18 #define COL_FMT "%-31s "
20 static void display_boolean(void)
23 int i, active, pending, nbool;
25 if (security_get_boolean_names(&bools, &nbool) < 0)
28 puts("\nPolicy booleans:");
30 for (i = 0; i < nbool; i++) {
31 active = security_get_boolean_active(bools[i]);
34 pending = security_get_boolean_pending(bools[i]);
38 bools[i], active == 0 ? "off" : "on");
39 if (active != pending)
40 printf(" (%sactivate pending)", pending == 0 ? "in" : "");
43 if (ENABLE_FEATURE_CLEAN_UP)
46 if (ENABLE_FEATURE_CLEAN_UP)
50 static void read_config(char **pc, int npc, char **fc, int nfc)
54 int pc_ofs = 0, fc_ofs = 0, section = -1;
58 parser = config_open("/etc/sestatus.conf");
59 while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) {
60 if (strcmp(buf, "[process]") == 0) {
62 } else if (strcmp(buf, "[files]") == 0) {
65 if (section == 1 && pc_ofs < npc -1) {
66 pc[pc_ofs++] = xstrdup(buf);
68 } else if (section == 2 && fc_ofs < nfc - 1) {
69 fc[fc_ofs++] = xstrdup(buf);
77 static void display_verbose(void)
79 security_context_t con, _con;
80 char *fc[50], *pc[50], *cterm;
84 read_config(pc, ARRAY_SIZE(pc), fc, ARRAY_SIZE(fc));
86 /* process contexts */
87 puts("\nProcess contexts:");
90 if (getcon(&con) == 0) {
91 printf(COL_FMT "%s\n", "Current context:", con);
92 if (ENABLE_FEATURE_CLEAN_UP)
95 /* /sbin/init context */
96 if (getpidcon(1, &con) == 0) {
97 printf(COL_FMT "%s\n", "Init context:", con);
98 if (ENABLE_FEATURE_CLEAN_UP)
102 /* [process] context */
103 for (i = 0; pc[i] != NULL; i++) {
104 pidList = find_pid_by_name(bb_basename(pc[i]));
105 if (pidList[0] > 0 && getpidcon(pidList[0], &con) == 0) {
106 printf(COL_FMT "%s\n", pc[i], con);
107 if (ENABLE_FEATURE_CLEAN_UP)
110 if (ENABLE_FEATURE_CLEAN_UP)
115 puts("\nFile contexts:");
119 if (cterm && lgetfilecon(cterm, &con) >= 0) {
120 printf(COL_FMT "%s\n", "Controlling term:", con);
121 if (ENABLE_FEATURE_CLEAN_UP)
125 for (i=0; fc[i] != NULL; i++) {
128 if (lgetfilecon(fc[i], &con) < 0)
130 if (lstat(fc[i], &stbuf) == 0) {
131 if (S_ISLNK(stbuf.st_mode)) {
132 if (getfilecon(fc[i], &_con) >= 0) {
133 printf(COL_FMT "%s -> %s\n", fc[i], _con, con);
134 if (ENABLE_FEATURE_CLEAN_UP)
138 printf(COL_FMT "%s\n", fc[i], con);
141 if (ENABLE_FEATURE_CLEAN_UP)
146 int sestatus_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
147 int sestatus_main(int argc UNUSED_PARAM, char **argv)
150 const char *pol_path;
153 opt_complementary = "?0"; /* no arguments are required. */
154 opts = getopt32(argv, "vb");
156 /* SELinux status: line */
157 rc = is_selinux_enabled();
160 printf(COL_FMT "%s\n", "SELinux status:",
161 rc == 1 ? "enabled" : "disabled");
163 /* SELinuxfs mount: line */
166 printf(COL_FMT "%s\n", "SELinuxfs mount:",
169 /* Current mode: line */
170 rc = security_getenforce();
173 printf(COL_FMT "%s\n", "Current mode:",
174 rc == 0 ? "permissive" : "enforcing");
176 /* Mode from config file: line */
177 if (selinux_getenforcemode(&rc) != 0)
179 printf(COL_FMT "%s\n", "Mode from config file:",
180 rc < 0 ? "disabled" : (rc == 0 ? "permissive" : "enforcing"));
182 /* Policy version: line */
183 rc = security_policyvers();
186 printf(COL_FMT "%u\n", "Policy version:", rc);
188 /* Policy from config file: line */
189 pol_path = selinux_policy_root();
192 printf(COL_FMT "%s\n", "Policy from config file:",
193 bb_basename(pol_path));
195 if (opts & OPT_BOOLEAN)
197 if (opts & OPT_VERBOSE)
203 bb_perror_msg_and_die("libselinux returns unknown state");