Commits

Stephen Smalley  committed cff7b4b

Change setsebool syntax to be consistent with other init built-ins.

Change setsebool syntax from name=value to name value.
This is to make it consistent with setprop and similar commands.
Update both the init built-in command and the toolbox command
for consistency.

Change-Id: I2c8e016ba26731c4a2ad4a49ae3b89362bf8f8a8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Conflicts:
init/builtins.c

  • Participants
  • Parent commits 974f1b4
  • Branches seandroid-4.1.2

Comments (0)

Files changed (4)

File init/builtins.c

 
 int do_setsebool(int nargs, char **args) {
 #ifdef HAVE_SELINUX
-    SELboolean *b = alloca(nargs * sizeof(SELboolean));
-    char *v;
-    int i;
+    const char *name = args[1];
+    const char *value = args[2];
+    SELboolean b;
+    int ret;
 
     if (is_selinux_enabled() <= 0)
         return 0;
 
-    for (i = 1; i < nargs; i++) {
-        char *name = args[i];
-        v = strchr(name, '=');
-        if (!v) {
-            ERROR("setsebool: argument %s had no =\n", name);
-            return -EINVAL;
-        }
-        *v++ = 0;
-        b[i-1].name = name;
-        if (!strcmp(v, "1") || !strcasecmp(v, "true") || !strcasecmp(v, "on"))
-            b[i-1].value = 1;
-        else if (!strcmp(v, "0") || !strcasecmp(v, "false") || !strcasecmp(v, "off"))
-            b[i-1].value = 0;
-        else {
-            ERROR("setsebool: invalid value %s\n", v);
-            return -EINVAL;
-        }
+    b.name = name;
+    if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on"))
+        b.value = 1;
+    else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off"))
+        b.value = 0;
+    else {
+        ERROR("setsebool: invalid value %s\n", value);
+        return -EINVAL;
     }
 
-    if (security_set_boolean_list(nargs - 1, b, 0) < 0)
-        return -errno;
+    if (security_set_boolean_list(1, &b, 0) < 0) {
+        ret = -errno;
+        ERROR("setsebool: could not set %s to %s\n", name, value);
+        return ret;
+    }
 #endif
     return 0;
 }

File init/keywords.h

     KEYWORD(setkey,      COMMAND, 0, do_setkey)
     KEYWORD(setprop,     COMMAND, 2, do_setprop)
     KEYWORD(setrlimit,   COMMAND, 3, do_setrlimit)
-    KEYWORD(setsebool,   COMMAND, 1, do_setsebool)
+    KEYWORD(setsebool,   COMMAND, 2, do_setsebool)
     KEYWORD(socket,      OPTION,  0, 0)
     KEYWORD(start,       COMMAND, 1, do_start)
     KEYWORD(stop,        COMMAND, 1, do_stop)

File init/readme.txt

 setrlimit <resource> <cur> <max>
    Set the rlimit for a resource.
 
-setsebool <name>=<value>
+setsebool <name> <value>
    Set SELinux boolean <name> to <value>.
    <value> may be 1|true|on or 0|false|off
 

File toolbox/setsebool.c

 #include <errno.h>
 
 static int do_setsebool(int nargs, char **args) {
-    SELboolean *b = alloca(nargs * sizeof(SELboolean));
-    char *v;
-    int i;
+    const char *name = args[1];
+    const char *value = args[2];
+    SELboolean b;
 
     if (is_selinux_enabled() <= 0)
         return 0;
 
-    for (i = 1; i < nargs; i++) {
-        char *name = args[i];
-        v = strchr(name, '=');
-        if (!v) {
-            fprintf(stderr, "setsebool: argument %s had no =\n", name);
-            return -1;
-        }
-        *v++ = 0;
-        b[i-1].name = name;
-        if (!strcmp(v, "1") || !strcasecmp(v, "true") || !strcasecmp(v, "on"))
-            b[i-1].value = 1;
-        else if (!strcmp(v, "0") || !strcasecmp(v, "false") || !strcasecmp(v, "off"))
-            b[i-1].value = 0;
-        else {
-            fprintf(stderr, "setsebool: invalid value %s\n", v);
-            return -1;
-        }
+    b.name = name;
+    if (!strcmp(value, "1") || !strcasecmp(value, "true") || !strcasecmp(value, "on"))
+        b.value = 1;
+    else if (!strcmp(value, "0") || !strcasecmp(value, "false") || !strcasecmp(value, "off"))
+        b.value = 0;
+    else {
+        fprintf(stderr, "setsebool: invalid value %s\n", value);
+        return -1;
     }
 
-    if (security_set_boolean_list(nargs - 1, b, 0) < 0)
+    if (security_set_boolean_list(1, &b, 0) < 0)
     {
-        fprintf(stderr, "setsebool: unable to set booleans: %s", strerror(errno));
+        fprintf(stderr, "setsebool: could not set %s to %s:  %s", name, value, strerror(errno));
         return -1;
     }
 
 
 int setsebool_main(int argc, char **argv)
 {
-    if (argc < 2) {
-        fprintf(stderr, "Usage:  %s name=value...\n", argv[0]);
+    if (argc != 3) {
+        fprintf(stderr, "Usage:  %s name value\n", argv[0]);
         exit(1);
     }