1 /* setenforce.c - Set the current SELinux mode
2  *
3  * Copyright 2014 The Android Open Source Project
4 
5 USE_SETENFORCE(NEWTOY(setenforce, "<1>1", TOYFLAG_USR|TOYFLAG_SBIN))
6 
7 config SETENFORCE
8   bool "setenforce"
9   default y
10   depends on TOYBOX_SELINUX
11   help
12     usage: setenforce [enforcing|permissive|1|0]
13 
14     Sets whether SELinux is enforcing (1) or permissive (0).
15 */
16 
17 #define FOR_setenforce
18 #include "toys.h"
19 
setenforce_main(void)20 void setenforce_main(void)
21 {
22   char *new = *toys.optargs;
23   int state, ret;
24 
25   if (!is_selinux_enabled()) error_exit("SELinux is disabled");
26   else if (!strcmp(new, "1") || !strcasecmp(new, "enforcing")) state = 1;
27   else if (!strcmp(new, "0") || !strcasecmp(new, "permissive")) state = 0;
28   else error_exit("Invalid state: %s", new);
29 
30   ret = security_setenforce(state);
31   if (ret == -1) perror_msg("Couldn't set enforcing status to '%s'", new);
32 }
33