From df23f09376386fbdefb4bcc049c1c81a9a893baf Mon Sep 17 00:00:00 2001 From: David Rheinsberg Date: Mon, 12 Jun 2023 12:04:47 +0200 Subject: [PATCH] util/selinux: provide helper to check enforcing mode Add a new helper to check the selinux enforcing mode. This will be used in follow-ups to avoid AVC denials in permissive mode. Signed-off-by: David Rheinsberg --- src/util/selinux-fallback.c | 4 ++++ src/util/selinux.c | 16 ++++++++++++++++ src/util/selinux.h | 1 + 3 files changed, 21 insertions(+) diff --git a/src/util/selinux-fallback.c b/src/util/selinux-fallback.c index ec4d458..0654a07 100644 --- a/src/util/selinux-fallback.c +++ b/src/util/selinux-fallback.c @@ -16,6 +16,10 @@ bool bus_selinux_is_enabled(void) { return false; } +bool bus_selinux_is_enforcing(void) { + return false; +} + const char *bus_selinux_policy_root(void) { return NULL; } diff --git a/src/util/selinux.c b/src/util/selinux.c index f8b4c8a..4b61ec7 100644 --- a/src/util/selinux.c +++ b/src/util/selinux.c @@ -38,6 +38,22 @@ bool bus_selinux_is_enabled(void) { return is_selinux_enabled(); } +/** + * bus_selinux_is_enforcing() - checks if SELinux is in enforcing mode + * + * If selinux is not enabled or otherwise unavailable, this will return true. + * That is, this will only return false, if selinux is enabled and in + * permissive mode. + * + * Returns: true if SELinux is in enforcing mode, false otherwise. + */ +bool bus_selinux_is_enforcing(void) { + if (bus_selinux_status_open) + return selinux_status_getenforce() != 0; + else + return security_getenforce() != 0; +} + /** * bus_selinux_policy_root() - the root directory where the current SELinux policy can be found * diff --git a/src/util/selinux.h b/src/util/selinux.h index 9a71e90..435c8a8 100644 --- a/src/util/selinux.h +++ b/src/util/selinux.h @@ -16,6 +16,7 @@ enum { }; bool bus_selinux_is_enabled(void); +bool bus_selinux_is_enforcing(void); const char *bus_selinux_policy_root(void); int bus_selinux_registry_new(BusSELinuxRegistry **registryp, const char *fallback_context); -- 2.33.0