22542eca18
function old new delta vgetopt32 1318 1392 +74 runsvdir_main 703 713 +10 bb_make_directory 423 425 +2 collect_cpu 546 545 -1 opt_chars 3 - -3 opt_complementary 4 - -4 tftpd_main 567 562 -5 ntp_init 476 471 -5 zcip_main 1266 1256 -10 xxd_main 428 418 -10 whois_main 140 130 -10 who_main 463 453 -10 which_main 212 202 -10 wget_main 2535 2525 -10 watchdog_main 291 281 -10 watch_main 222 212 -10 vlock_main 399 389 -10 uuencode_main 332 322 -10 uudecode_main 316 306 -10 unlink_main 45 35 -10 udhcpd_main 1482 1472 -10 udhcpc_main 2762 2752 -10 tune2fs_main 290 280 -10 tunctl_main 366 356 -10 truncate_main 218 208 -10 tr_main 518 508 -10 time_main 1134 1124 -10 tftp_main 286 276 -10 telnetd_main 1873 1863 -10 tcpudpsvd_main 1785 1775 -10 taskset_main 521 511 -10 tar_main 1009 999 -10 tail_main 1644 1634 -10 syslogd_main 1967 1957 -10 switch_root_main 368 358 -10 svlogd_main 1454 1444 -10 sv 1296 1286 -10 stat_main 104 94 -10 start_stop_daemon_main 1028 1018 -10 split_main 542 532 -10 sort_main 796 786 -10 slattach_main 624 614 -10 shuf_main 504 494 -10 setsid_main 96 86 -10 setserial_main 1132 1122 -10 setfont_main 388 378 -10 setconsole_main 78 68 -10 sendmail_main 1209 1199 -10 sed_main 677 667 -10 script_main 1077 1067 -10 run_parts_main 325 315 -10 rtcwake_main 454 444 -10 rm_main 175 165 -10 reformime_main 119 109 -10 readlink_main 123 113 -10 rdate_main 246 236 -10 pwdx_main 189 179 -10 pstree_main 317 307 -10 pscan_main 663 653 -10 popmaildir_main 818 808 -10 pmap_main 80 70 -10 nc_main 1042 1032 -10 mv_main 558 548 -10 mountpoint_main 477 467 -10 mount_main 1264 1254 -10 modprobe_main 768 758 -10 modinfo_main 333 323 -10 mktemp_main 200 190 -10 mkswap_main 324 314 -10 mkfs_vfat_main 1489 1479 -10 microcom_main 715 705 -10 md5_sha1_sum_main 521 511 -10 man_main 867 857 -10 makedevs_main 1052 1042 -10 ls_main 563 553 -10 losetup_main 432 422 -10 loadfont_main 89 79 -10 ln_main 524 514 -10 link_main 75 65 -10 ipcalc_main 544 534 -10 iostat_main 2397 2387 -10 install_main 768 758 -10 id_main 480 470 -10 i2cset_main 1239 1229 -10 i2cget_main 380 370 -10 i2cdump_main 1482 1472 -10 i2cdetect_main 682 672 -10 hwclock_main 406 396 -10 httpd_main 741 731 -10 grep_main 837 827 -10 getty_main 1559 1549 -10 fuser_main 297 287 -10 ftpgetput_main 345 335 -10 ftpd_main 2232 2222 -10 fstrim_main 251 241 -10 fsfreeze_main 77 67 -10 fsck_minix_main 2921 2911 -10 flock_main 314 304 -10 flashcp_main 740 730 -10 flash_eraseall_main 833 823 -10 fdformat_main 532 522 -10 expand_main 680 670 -10 eject_main 335 325 -10 dumpleases_main 630 620 -10 du_main 314 304 -10 dos2unix_main 441 431 -10 diff_main 1350 1340 -10 df_main 1064 1054 -10 date_main 1095 1085 -10 cut_main 961 951 -10 cryptpw_main 228 218 -10 crontab_main 575 565 -10 crond_main 1149 1139 -10 cp_main 370 360 -10 common_traceroute_main 3834 3824 -10 common_ping_main 1767 1757 -10 comm_main 239 229 -10 cmp_main 655 645 -10 chrt_main 379 369 -10 chpst_main 704 694 -10 chpasswd_main 308 298 -10 chown_main 171 161 -10 chmod_main 158 148 -10 cat_main 428 418 -10 bzip2_main 120 110 -10 blkdiscard_main 264 254 -10 base64_main 221 211 -10 arping_main 1665 1655 -10 ar_main 556 546 -10 adjtimex_main 406 396 -10 adduser_main 882 872 -10 addgroup_main 411 401 -10 acpid_main 1198 1188 -10 optstring 11 - -11 opt_string 18 - -18 OPT_STR 25 - -25 ubi_tools_main 1288 1258 -30 ls_options 31 - -31 ------------------------------------------------------------------------------ (add/remove: 0/6 grow/shrink: 3/129 up/down: 86/-1383) Total: -1297 bytes text data bss dec hex filename 915428 485 6876 922789 e14a5 busybox_old 914629 485 6872 921986 e1182 busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
221 lines
5.0 KiB
C
221 lines
5.0 KiB
C
/*
|
|
* sestatus -- displays the status of SELinux
|
|
*
|
|
* Ported to busybox: KaiGai Kohei <kaigai@ak.jp.nec.com>
|
|
*
|
|
* Copyright (C) KaiGai Kohei <kaigai@ak.jp.nec.com>
|
|
*
|
|
* Licensed under GPLv2, see file LICENSE in this source tree.
|
|
*/
|
|
//config:config SESTATUS
|
|
//config: bool "sestatus (12 kb)"
|
|
//config: default n
|
|
//config: depends on SELINUX
|
|
//config: help
|
|
//config: Displays the status of SELinux.
|
|
|
|
//applet:IF_SESTATUS(APPLET(sestatus, BB_DIR_USR_SBIN, BB_SUID_DROP))
|
|
|
|
//kbuild:lib-$(CONFIG_SESTATUS) += sestatus.o
|
|
|
|
//usage:#define sestatus_trivial_usage
|
|
//usage: "[-vb]"
|
|
//usage:#define sestatus_full_usage "\n\n"
|
|
//usage: " -v Verbose"
|
|
//usage: "\n -b Display current state of booleans"
|
|
|
|
#include "libbb.h"
|
|
|
|
extern char *selinux_mnt;
|
|
|
|
#define OPT_VERBOSE (1 << 0)
|
|
#define OPT_BOOLEAN (1 << 1)
|
|
|
|
#define COL_FMT "%-31s "
|
|
|
|
static void display_boolean(void)
|
|
{
|
|
char **bools;
|
|
int i, active, pending, nbool;
|
|
|
|
if (security_get_boolean_names(&bools, &nbool) < 0)
|
|
return;
|
|
|
|
puts("\nPolicy booleans:");
|
|
|
|
for (i = 0; i < nbool; i++) {
|
|
active = security_get_boolean_active(bools[i]);
|
|
if (active < 0)
|
|
goto skip;
|
|
pending = security_get_boolean_pending(bools[i]);
|
|
if (pending < 0)
|
|
goto skip;
|
|
printf(COL_FMT "%s",
|
|
bools[i], active == 0 ? "off" : "on");
|
|
if (active != pending)
|
|
printf(" (%sactivate pending)", pending == 0 ? "in" : "");
|
|
bb_putchar('\n');
|
|
skip:
|
|
if (ENABLE_FEATURE_CLEAN_UP)
|
|
free(bools[i]);
|
|
}
|
|
if (ENABLE_FEATURE_CLEAN_UP)
|
|
free(bools);
|
|
}
|
|
|
|
static void read_config(char **pc, int npc, char **fc, int nfc)
|
|
{
|
|
char *buf;
|
|
parser_t *parser;
|
|
int pc_ofs = 0, fc_ofs = 0, section = -1;
|
|
|
|
pc[0] = fc[0] = NULL;
|
|
|
|
parser = config_open("/etc/sestatus.conf");
|
|
while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) {
|
|
if (strcmp(buf, "[process]") == 0) {
|
|
section = 1;
|
|
} else if (strcmp(buf, "[files]") == 0) {
|
|
section = 2;
|
|
} else {
|
|
if (section == 1 && pc_ofs < npc -1) {
|
|
pc[pc_ofs++] = xstrdup(buf);
|
|
pc[pc_ofs] = NULL;
|
|
} else if (section == 2 && fc_ofs < nfc - 1) {
|
|
fc[fc_ofs++] = xstrdup(buf);
|
|
fc[fc_ofs] = NULL;
|
|
}
|
|
}
|
|
}
|
|
config_close(parser);
|
|
}
|
|
|
|
static void display_verbose(void)
|
|
{
|
|
security_context_t con, _con;
|
|
char *fc[50], *pc[50], *cterm;
|
|
pid_t *pidList;
|
|
int i;
|
|
|
|
read_config(pc, ARRAY_SIZE(pc), fc, ARRAY_SIZE(fc));
|
|
|
|
/* process contexts */
|
|
puts("\nProcess contexts:");
|
|
|
|
/* current context */
|
|
if (getcon(&con) == 0) {
|
|
printf(COL_FMT "%s\n", "Current context:", con);
|
|
if (ENABLE_FEATURE_CLEAN_UP)
|
|
freecon(con);
|
|
}
|
|
/* /sbin/init context */
|
|
if (getpidcon(1, &con) == 0) {
|
|
printf(COL_FMT "%s\n", "Init context:", con);
|
|
if (ENABLE_FEATURE_CLEAN_UP)
|
|
freecon(con);
|
|
}
|
|
|
|
/* [process] context */
|
|
for (i = 0; pc[i] != NULL; i++) {
|
|
pidList = find_pid_by_name(bb_basename(pc[i]));
|
|
if (pidList[0] > 0 && getpidcon(pidList[0], &con) == 0) {
|
|
printf(COL_FMT "%s\n", pc[i], con);
|
|
if (ENABLE_FEATURE_CLEAN_UP)
|
|
freecon(con);
|
|
}
|
|
if (ENABLE_FEATURE_CLEAN_UP)
|
|
free(pidList);
|
|
}
|
|
|
|
/* files contexts */
|
|
puts("\nFile contexts:");
|
|
|
|
cterm = xmalloc_ttyname(0);
|
|
//FIXME: if cterm == NULL, we segfault!??
|
|
puts(cterm);
|
|
if (cterm && lgetfilecon(cterm, &con) >= 0) {
|
|
printf(COL_FMT "%s\n", "Controlling term:", con);
|
|
if (ENABLE_FEATURE_CLEAN_UP)
|
|
freecon(con);
|
|
}
|
|
|
|
for (i = 0; fc[i] != NULL; i++) {
|
|
struct stat stbuf;
|
|
|
|
if (lgetfilecon(fc[i], &con) < 0)
|
|
continue;
|
|
if (lstat(fc[i], &stbuf) == 0) {
|
|
if (S_ISLNK(stbuf.st_mode)) {
|
|
if (getfilecon(fc[i], &_con) >= 0) {
|
|
printf(COL_FMT "%s -> %s\n", fc[i], _con, con);
|
|
if (ENABLE_FEATURE_CLEAN_UP)
|
|
freecon(_con);
|
|
}
|
|
} else {
|
|
printf(COL_FMT "%s\n", fc[i], con);
|
|
}
|
|
}
|
|
if (ENABLE_FEATURE_CLEAN_UP)
|
|
freecon(con);
|
|
}
|
|
}
|
|
|
|
int sestatus_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
|
int sestatus_main(int argc UNUSED_PARAM, char **argv)
|
|
{
|
|
unsigned opts;
|
|
const char *pol_path;
|
|
int rc;
|
|
|
|
opts = getopt32(argv, "^" "vb" "\0" "=0"/*no arguments*/);
|
|
|
|
/* SELinux status: line */
|
|
rc = is_selinux_enabled();
|
|
if (rc < 0)
|
|
goto error;
|
|
printf(COL_FMT "%s\n", "SELinux status:",
|
|
rc == 1 ? "enabled" : "disabled");
|
|
|
|
/* SELinuxfs mount: line */
|
|
if (!selinux_mnt)
|
|
goto error;
|
|
printf(COL_FMT "%s\n", "SELinuxfs mount:",
|
|
selinux_mnt);
|
|
|
|
/* Current mode: line */
|
|
rc = security_getenforce();
|
|
if (rc < 0)
|
|
goto error;
|
|
printf(COL_FMT "%s\n", "Current mode:",
|
|
rc == 0 ? "permissive" : "enforcing");
|
|
|
|
/* Mode from config file: line */
|
|
if (selinux_getenforcemode(&rc) != 0)
|
|
goto error;
|
|
printf(COL_FMT "%s\n", "Mode from config file:",
|
|
rc < 0 ? "disabled" : (rc == 0 ? "permissive" : "enforcing"));
|
|
|
|
/* Policy version: line */
|
|
rc = security_policyvers();
|
|
if (rc < 0)
|
|
goto error;
|
|
printf(COL_FMT "%u\n", "Policy version:", rc);
|
|
|
|
/* Policy from config file: line */
|
|
pol_path = selinux_policy_root();
|
|
if (!pol_path)
|
|
goto error;
|
|
printf(COL_FMT "%s\n", "Policy from config file:",
|
|
bb_basename(pol_path));
|
|
|
|
if (opts & OPT_BOOLEAN)
|
|
display_boolean();
|
|
if (opts & OPT_VERBOSE)
|
|
display_verbose();
|
|
|
|
return 0;
|
|
|
|
error:
|
|
bb_perror_msg_and_die("libselinux returns unknown state");
|
|
}
|