diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2015-03-13 14:01:58 -0400 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2015-03-13 14:01:58 -0400 |
commit | d4b2d8923f9f85f5691aac1e230449052d56c1fd (patch) | |
tree | bb67e7a6f292b55e0310abc86cb7a28a8f76a8ca | |
parent | bd518bce07094ccc2e91df67e072de94ca7db442 (diff) | |
download | core-d4b2d8923f9f85f5691aac1e230449052d56c1fd.tar.gz core-d4b2d8923f9f85f5691aac1e230449052d56c1fd.tar.bz2 core-d4b2d8923f9f85f5691aac1e230449052d56c1fd.zip |
Remove getsebool/setsebool from init and toolbox.
These were leftovers from the SELinux boolean support that
was originally merged. Since Android prohibits SELinux policy
booleans, we can just drop it.
Change-Id: I02f646a7d8db65e153702205b082b87a73f60d73
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
-rw-r--r-- | init/builtins.cpp | 28 | ||||
-rw-r--r-- | init/init_parser.cpp | 1 | ||||
-rw-r--r-- | init/keywords.h | 2 | ||||
-rw-r--r-- | init/readme.txt | 4 | ||||
-rw-r--r-- | toolbox/Android.mk | 2 | ||||
-rw-r--r-- | toolbox/getsebool.c | 104 | ||||
-rw-r--r-- | toolbox/setsebool.c | 46 |
7 files changed, 0 insertions, 187 deletions
diff --git a/init/builtins.cpp b/init/builtins.cpp index 86c9c2e07..3d2e55263 100644 --- a/init/builtins.cpp +++ b/init/builtins.cpp @@ -854,34 +854,6 @@ int do_restorecon_recursive(int nargs, char **args) { return ret; } -int do_setsebool(int nargs, char **args) { - const char *name = args[1]; - const char *value = args[2]; - SELboolean b; - int ret; - - if (is_selinux_enabled() <= 0) - return 0; - - b.name = name; - if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on")) - b.value = 1; - else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off")) - b.value = 0; - else { - ERROR("setsebool: invalid value %s\n", value); - return -EINVAL; - } - - if (security_set_boolean_list(1, &b, 0) < 0) { - ret = -errno; - ERROR("setsebool: could not set %s to %s\n", name, value); - return ret; - } - - return 0; -} - int do_loglevel(int nargs, char **args) { int log_level; char log_level_str[PROP_VALUE_MAX] = ""; diff --git a/init/init_parser.cpp b/init/init_parser.cpp index 5cd46fa63..2ee4f866a 100644 --- a/init/init_parser.cpp +++ b/init/init_parser.cpp @@ -190,7 +190,6 @@ static int lookup_keyword(const char *s) if (!strcmp(s, "etkey")) return K_setkey; if (!strcmp(s, "etprop")) return K_setprop; if (!strcmp(s, "etrlimit")) return K_setrlimit; - if (!strcmp(s, "etsebool")) return K_setsebool; if (!strcmp(s, "ocket")) return K_socket; if (!strcmp(s, "tart")) return K_start; if (!strcmp(s, "top")) return K_stop; diff --git a/init/keywords.h b/init/keywords.h index b203d2dc9..486e5364f 100644 --- a/init/keywords.h +++ b/init/keywords.h @@ -26,7 +26,6 @@ int do_setcon(int nargs, char **args); int do_setkey(int nargs, char **args); int do_setprop(int nargs, char **args); int do_setrlimit(int nargs, char **args); -int do_setsebool(int nargs, char **args); int do_start(int nargs, char **args); int do_stop(int nargs, char **args); int do_swapon_all(int nargs, char **args); @@ -87,7 +86,6 @@ enum { KEYWORD(setkey, COMMAND, 0, do_setkey) KEYWORD(setprop, COMMAND, 2, do_setprop) KEYWORD(setrlimit, COMMAND, 3, do_setrlimit) - KEYWORD(setsebool, COMMAND, 2, do_setsebool) KEYWORD(socket, OPTION, 0, 0) KEYWORD(start, COMMAND, 1, do_start) KEYWORD(stop, COMMAND, 1, do_stop) diff --git a/init/readme.txt b/init/readme.txt index 3af79241f..fdcc9eb88 100644 --- a/init/readme.txt +++ b/init/readme.txt @@ -238,10 +238,6 @@ setprop <name> <value> setrlimit <resource> <cur> <max> Set the rlimit for a resource. -setsebool <name> <value> - Set SELinux boolean <name> to <value>. - <value> may be 1|true|on or 0|false|off - start <service> Start a service running if it is not already running. diff --git a/toolbox/Android.mk b/toolbox/Android.mk index 2c7544cd3..424ba23c7 100644 --- a/toolbox/Android.mk +++ b/toolbox/Android.mk @@ -44,7 +44,6 @@ OUR_TOOLS := \ df \ getevent \ getprop \ - getsebool \ iftop \ ioctl \ ionice \ @@ -64,7 +63,6 @@ OUR_TOOLS := \ schedtop \ sendevent \ setprop \ - setsebool \ smd \ start \ stop \ diff --git a/toolbox/getsebool.c b/toolbox/getsebool.c deleted file mode 100644 index aab520020..000000000 --- a/toolbox/getsebool.c +++ /dev/null @@ -1,104 +0,0 @@ -#include <unistd.h> -#include <stdlib.h> -#include <stdio.h> -#include <getopt.h> -#include <errno.h> -#include <string.h> -#include <selinux/selinux.h> - -static void usage(const char *progname) -{ - fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname); - exit(1); -} - -int getsebool_main(int argc, char **argv) -{ - int i, get_all = 0, rc = 0, active, pending, len = 0, opt; - char **names; - - while ((opt = getopt(argc, argv, "a")) > 0) { - switch (opt) { - case 'a': - if (argc > 2) - usage(argv[0]); - if (is_selinux_enabled() <= 0) { - fprintf(stderr, "%s: SELinux is disabled\n", - argv[0]); - return 1; - } - errno = 0; - rc = security_get_boolean_names(&names, &len); - if (rc) { - fprintf(stderr, - "%s: Unable to get boolean names: %s\n", - argv[0], strerror(errno)); - return 1; - } - if (!len) { - printf("No booleans\n"); - return 0; - } - get_all = 1; - break; - default: - usage(argv[0]); - } - } - - if (is_selinux_enabled() <= 0) { - fprintf(stderr, "%s: SELinux is disabled\n", argv[0]); - return 1; - } - if (!len) { - if (argc < 2) - usage(argv[0]); - len = argc - 1; - names = malloc(sizeof(char *) * len); - if (!names) { - fprintf(stderr, "%s: out of memory\n", argv[0]); - return 2; - } - for (i = 0; i < len; i++) { - names[i] = strdup(argv[i + 1]); - if (!names[i]) { - fprintf(stderr, "%s: out of memory\n", - argv[0]); - return 2; - } - } - } - - for (i = 0; i < len; i++) { - active = security_get_boolean_active(names[i]); - if (active < 0) { - if (get_all && errno == EACCES) - continue; - fprintf(stderr, "Error getting active value for %s\n", - names[i]); - rc = -1; - goto out; - } - pending = security_get_boolean_pending(names[i]); - if (pending < 0) { - fprintf(stderr, "Error getting pending value for %s\n", - names[i]); - rc = -1; - goto out; - } - if (pending != active) { - printf("%s --> %s pending: %s\n", names[i], - (active ? "on" : "off"), - (pending ? "on" : "off")); - } else { - printf("%s --> %s\n", names[i], - (active ? "on" : "off")); - } - } - -out: - for (i = 0; i < len; i++) - free(names[i]); - free(names); - return rc; -} diff --git a/toolbox/setsebool.c b/toolbox/setsebool.c deleted file mode 100644 index f79a6127c..000000000 --- a/toolbox/setsebool.c +++ /dev/null @@ -1,46 +0,0 @@ -#include <unistd.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <errno.h> -#include <selinux/selinux.h> -#include <errno.h> - -static int do_setsebool(int nargs, char **args) { - const char *name = args[1]; - const char *value = args[2]; - SELboolean b; - - if (is_selinux_enabled() <= 0) - return 0; - - b.name = name; - if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on")) - b.value = 1; - else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off")) - b.value = 0; - else { - fprintf(stderr, "setsebool: invalid value %s\n", value); - return -1; - } - - if (security_set_boolean_list(1, &b, 0) < 0) - { - fprintf(stderr, "setsebool: could not set %s to %s: %s", name, value, strerror(errno)); - return -1; - } - - return 0; -} - -int setsebool_main(int argc, char **argv) -{ - if (argc != 3) { - fprintf(stderr, "Usage: %s name value\n", argv[0]); - exit(1); - } - - return do_setsebool(argc, argv); -} |