summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2015-03-13 14:01:58 -0400
committerStephen Smalley <sds@tycho.nsa.gov>2015-03-13 14:01:58 -0400
commitd4b2d8923f9f85f5691aac1e230449052d56c1fd (patch)
treebb67e7a6f292b55e0310abc86cb7a28a8f76a8ca
parentbd518bce07094ccc2e91df67e072de94ca7db442 (diff)
downloadcore-d4b2d8923f9f85f5691aac1e230449052d56c1fd.tar.gz
core-d4b2d8923f9f85f5691aac1e230449052d56c1fd.tar.bz2
core-d4b2d8923f9f85f5691aac1e230449052d56c1fd.zip
Remove getsebool/setsebool from init and toolbox.
These were leftovers from the SELinux boolean support that was originally merged. Since Android prohibits SELinux policy booleans, we can just drop it. Change-Id: I02f646a7d8db65e153702205b082b87a73f60d73 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
-rw-r--r--init/builtins.cpp28
-rw-r--r--init/init_parser.cpp1
-rw-r--r--init/keywords.h2
-rw-r--r--init/readme.txt4
-rw-r--r--toolbox/Android.mk2
-rw-r--r--toolbox/getsebool.c104
-rw-r--r--toolbox/setsebool.c46
7 files changed, 0 insertions, 187 deletions
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 86c9c2e07..3d2e55263 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -854,34 +854,6 @@ int do_restorecon_recursive(int nargs, char **args) {
return ret;
}
-int do_setsebool(int nargs, char **args) {
- const char *name = args[1];
- const char *value = args[2];
- SELboolean b;
- int ret;
-
- if (is_selinux_enabled() <= 0)
- return 0;
-
- b.name = name;
- if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on"))
- b.value = 1;
- else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off"))
- b.value = 0;
- else {
- ERROR("setsebool: invalid value %s\n", value);
- return -EINVAL;
- }
-
- if (security_set_boolean_list(1, &b, 0) < 0) {
- ret = -errno;
- ERROR("setsebool: could not set %s to %s\n", name, value);
- return ret;
- }
-
- return 0;
-}
-
int do_loglevel(int nargs, char **args) {
int log_level;
char log_level_str[PROP_VALUE_MAX] = "";
diff --git a/init/init_parser.cpp b/init/init_parser.cpp
index 5cd46fa63..2ee4f866a 100644
--- a/init/init_parser.cpp
+++ b/init/init_parser.cpp
@@ -190,7 +190,6 @@ static int lookup_keyword(const char *s)
if (!strcmp(s, "etkey")) return K_setkey;
if (!strcmp(s, "etprop")) return K_setprop;
if (!strcmp(s, "etrlimit")) return K_setrlimit;
- if (!strcmp(s, "etsebool")) return K_setsebool;
if (!strcmp(s, "ocket")) return K_socket;
if (!strcmp(s, "tart")) return K_start;
if (!strcmp(s, "top")) return K_stop;
diff --git a/init/keywords.h b/init/keywords.h
index b203d2dc9..486e5364f 100644
--- a/init/keywords.h
+++ b/init/keywords.h
@@ -26,7 +26,6 @@ int do_setcon(int nargs, char **args);
int do_setkey(int nargs, char **args);
int do_setprop(int nargs, char **args);
int do_setrlimit(int nargs, char **args);
-int do_setsebool(int nargs, char **args);
int do_start(int nargs, char **args);
int do_stop(int nargs, char **args);
int do_swapon_all(int nargs, char **args);
@@ -87,7 +86,6 @@ enum {
KEYWORD(setkey, COMMAND, 0, do_setkey)
KEYWORD(setprop, COMMAND, 2, do_setprop)
KEYWORD(setrlimit, COMMAND, 3, do_setrlimit)
- KEYWORD(setsebool, COMMAND, 2, do_setsebool)
KEYWORD(socket, OPTION, 0, 0)
KEYWORD(start, COMMAND, 1, do_start)
KEYWORD(stop, COMMAND, 1, do_stop)
diff --git a/init/readme.txt b/init/readme.txt
index 3af79241f..fdcc9eb88 100644
--- a/init/readme.txt
+++ b/init/readme.txt
@@ -238,10 +238,6 @@ setprop <name> <value>
setrlimit <resource> <cur> <max>
Set the rlimit for a resource.
-setsebool <name> <value>
- Set SELinux boolean <name> to <value>.
- <value> may be 1|true|on or 0|false|off
-
start <service>
Start a service running if it is not already running.
diff --git a/toolbox/Android.mk b/toolbox/Android.mk
index 2c7544cd3..424ba23c7 100644
--- a/toolbox/Android.mk
+++ b/toolbox/Android.mk
@@ -44,7 +44,6 @@ OUR_TOOLS := \
df \
getevent \
getprop \
- getsebool \
iftop \
ioctl \
ionice \
@@ -64,7 +63,6 @@ OUR_TOOLS := \
schedtop \
sendevent \
setprop \
- setsebool \
smd \
start \
stop \
diff --git a/toolbox/getsebool.c b/toolbox/getsebool.c
deleted file mode 100644
index aab520020..000000000
--- a/toolbox/getsebool.c
+++ /dev/null
@@ -1,104 +0,0 @@
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <getopt.h>
-#include <errno.h>
-#include <string.h>
-#include <selinux/selinux.h>
-
-static void usage(const char *progname)
-{
- fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname);
- exit(1);
-}
-
-int getsebool_main(int argc, char **argv)
-{
- int i, get_all = 0, rc = 0, active, pending, len = 0, opt;
- char **names;
-
- while ((opt = getopt(argc, argv, "a")) > 0) {
- switch (opt) {
- case 'a':
- if (argc > 2)
- usage(argv[0]);
- if (is_selinux_enabled() <= 0) {
- fprintf(stderr, "%s: SELinux is disabled\n",
- argv[0]);
- return 1;
- }
- errno = 0;
- rc = security_get_boolean_names(&names, &len);
- if (rc) {
- fprintf(stderr,
- "%s: Unable to get boolean names: %s\n",
- argv[0], strerror(errno));
- return 1;
- }
- if (!len) {
- printf("No booleans\n");
- return 0;
- }
- get_all = 1;
- break;
- default:
- usage(argv[0]);
- }
- }
-
- if (is_selinux_enabled() <= 0) {
- fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
- return 1;
- }
- if (!len) {
- if (argc < 2)
- usage(argv[0]);
- len = argc - 1;
- names = malloc(sizeof(char *) * len);
- if (!names) {
- fprintf(stderr, "%s: out of memory\n", argv[0]);
- return 2;
- }
- for (i = 0; i < len; i++) {
- names[i] = strdup(argv[i + 1]);
- if (!names[i]) {
- fprintf(stderr, "%s: out of memory\n",
- argv[0]);
- return 2;
- }
- }
- }
-
- for (i = 0; i < len; i++) {
- active = security_get_boolean_active(names[i]);
- if (active < 0) {
- if (get_all && errno == EACCES)
- continue;
- fprintf(stderr, "Error getting active value for %s\n",
- names[i]);
- rc = -1;
- goto out;
- }
- pending = security_get_boolean_pending(names[i]);
- if (pending < 0) {
- fprintf(stderr, "Error getting pending value for %s\n",
- names[i]);
- rc = -1;
- goto out;
- }
- if (pending != active) {
- printf("%s --> %s pending: %s\n", names[i],
- (active ? "on" : "off"),
- (pending ? "on" : "off"));
- } else {
- printf("%s --> %s\n", names[i],
- (active ? "on" : "off"));
- }
- }
-
-out:
- for (i = 0; i < len; i++)
- free(names[i]);
- free(names);
- return rc;
-}
diff --git a/toolbox/setsebool.c b/toolbox/setsebool.c
deleted file mode 100644
index f79a6127c..000000000
--- a/toolbox/setsebool.c
+++ /dev/null
@@ -1,46 +0,0 @@
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <selinux/selinux.h>
-#include <errno.h>
-
-static int do_setsebool(int nargs, char **args) {
- const char *name = args[1];
- const char *value = args[2];
- SELboolean b;
-
- if (is_selinux_enabled() <= 0)
- return 0;
-
- b.name = name;
- if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on"))
- b.value = 1;
- else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off"))
- b.value = 0;
- else {
- fprintf(stderr, "setsebool: invalid value %s\n", value);
- return -1;
- }
-
- if (security_set_boolean_list(1, &b, 0) < 0)
- {
- fprintf(stderr, "setsebool: could not set %s to %s: %s", name, value, strerror(errno));
- return -1;
- }
-
- return 0;
-}
-
-int setsebool_main(int argc, char **argv)
-{
- if (argc != 3) {
- fprintf(stderr, "Usage: %s name value\n", argv[0]);
- exit(1);
- }
-
- return do_setsebool(argc, argv);
-}