1 /*
2  * Copyright 2009-2017 Citrix Ltd and other contributors
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU Lesser General Public License as published
6  * by the Free Software Foundation; version 2.1 only. with the special
7  * exception on linking described in file LICENSE.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU Lesser General Public License for more details.
13  */
14 
15 #include <fcntl.h>
16 #include <stdio.h>
17 #include <stdlib.h>
18 #include <sys/types.h>
19 #include <sys/stat.h>
20 #include <unistd.h>
21 
22 #include <libxl.h>
23 
24 #include "xl.h"
25 
main_getenforce(int argc,char ** argv)26 int main_getenforce(int argc, char **argv)
27 {
28     int ret;
29 
30     ret = libxl_flask_getenforce(ctx);
31 
32     if (ret < 0) {
33         if (errno == ENOSYS)
34             printf("Flask XSM Disabled\n");
35         else
36             fprintf(stderr, "Failed to get enforcing mode\n");
37     }
38     else if (ret == 1)
39         printf("Enforcing\n");
40     else if (ret == 0)
41         printf("Permissive\n");
42 
43     return ret;
44 }
45 
main_setenforce(int argc,char ** argv)46 int main_setenforce(int argc, char **argv)
47 {
48     int ret, mode;
49     const char *p = NULL;
50 
51     if (optind >= argc) {
52         help("setenforce");
53         return 2;
54     }
55 
56     p = argv[optind];
57 
58     if (!strcmp(p, "0"))
59         mode = 0;
60     else if (!strcmp(p, "1"))
61         mode = 1;
62     else if (!strcasecmp(p, "permissive"))
63         mode = 0;
64     else if (!strcasecmp(p, "enforcing"))
65         mode = 1;
66     else {
67         help("setenforce");
68         return 2;
69     }
70 
71     ret = libxl_flask_setenforce(ctx, mode);
72 
73     if (ret) {
74         if (errno == ENOSYS) {
75             fprintf(stderr, "Flask XSM disabled\n");
76         }
77         else
78             fprintf(stderr, "error occurred while setting enforcing mode (%i)\n", ret);
79     }
80 
81     return ret;
82 }
83 
main_loadpolicy(int argc,char ** argv)84 int main_loadpolicy(int argc, char **argv)
85 {
86     const char *polFName;
87     int polFd = -1;
88     void *polMemCp = NULL;
89     struct stat info;
90     int ret;
91 
92     if (optind >= argc) {
93         help("loadpolicy");
94         return 2;
95     }
96 
97     polFName = argv[optind];
98     polFd = open(polFName, O_RDONLY);
99     if (polFd < 0) {
100         fprintf(stderr, "Error occurred opening policy file '%s': %s\n",
101                 polFName, strerror(errno));
102         ret = -1;
103         goto done;
104     }
105 
106     ret = stat(polFName, &info);
107     if (ret < 0) {
108         fprintf(stderr, "Error occurred retrieving information about"
109                 "policy file '%s': %s\n", polFName, strerror(errno));
110         goto done;
111     }
112 
113     polMemCp = malloc(info.st_size);
114 
115     ret = read(polFd, polMemCp, info.st_size);
116     if ( ret < 0 ) {
117         fprintf(stderr, "Unable to read new Flask policy file: %s\n",
118                 strerror(errno));
119         goto done;
120     }
121 
122     ret = libxl_flask_loadpolicy(ctx, polMemCp, info.st_size);
123 
124     if (ret < 0) {
125         if (errno == ENOSYS) {
126             fprintf(stderr, "Flask XSM disabled\n");
127         } else {
128             errno = -ret;
129             fprintf(stderr, "Unable to load new Flask policy: %s\n",
130                     strerror(errno));
131             ret = -1;
132         }
133     } else {
134         printf("Successfully loaded policy.\n");
135     }
136 
137 done:
138     free(polMemCp);
139     if (polFd >= 0)
140         close(polFd);
141 
142     return ret;
143 }
144 
145 /*
146  * Local variables:
147  * mode: C
148  * c-basic-offset: 4
149  * indent-tabs-mode: nil
150  * End:
151  */
152