2020-10-07 15:18:02 +00:00
|
|
|
/*
|
|
|
|
htop - SELinuxMeter.c
|
|
|
|
(C) 2020 Christian Goettsche
|
|
|
|
Released under the GNU GPLv2, see the COPYING file
|
|
|
|
in the source distribution for its full text.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "SELinuxMeter.h"
|
|
|
|
|
|
|
|
#include "CRT.h"
|
|
|
|
|
|
|
|
#include <fcntl.h>
|
2020-09-19 11:55:23 +00:00
|
|
|
#include <stdbool.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <unistd.h>
|
2020-10-07 15:18:02 +00:00
|
|
|
#include <linux/magic.h>
|
2020-09-19 11:55:23 +00:00
|
|
|
#include <sys/statfs.h>
|
2020-10-07 15:18:02 +00:00
|
|
|
#include <sys/statvfs.h>
|
2020-09-19 11:55:23 +00:00
|
|
|
|
|
|
|
#include "Macros.h"
|
|
|
|
#include "Object.h"
|
|
|
|
#include "XUtils.h"
|
2020-10-07 15:18:02 +00:00
|
|
|
|
|
|
|
|
|
|
|
static const int SELinuxMeter_attributes[] = {
|
|
|
|
METER_TEXT,
|
|
|
|
};
|
|
|
|
|
|
|
|
static bool enabled = false;
|
|
|
|
static bool enforcing = false;
|
|
|
|
|
|
|
|
static bool hasSELinuxMount(void) {
|
|
|
|
struct statfs sfbuf;
|
|
|
|
int r = statfs("/sys/fs/selinux", &sfbuf);
|
2020-11-01 00:09:51 +00:00
|
|
|
if (r != 0) {
|
2020-10-07 15:18:02 +00:00
|
|
|
return false;
|
2020-11-01 00:09:51 +00:00
|
|
|
}
|
2020-10-07 15:18:02 +00:00
|
|
|
|
2020-11-01 00:09:51 +00:00
|
|
|
if (sfbuf.f_type != SELINUX_MAGIC) {
|
2020-10-07 15:18:02 +00:00
|
|
|
return false;
|
2020-11-01 00:09:51 +00:00
|
|
|
}
|
2020-10-07 15:18:02 +00:00
|
|
|
|
|
|
|
struct statvfs vfsbuf;
|
|
|
|
r = statvfs("/sys/fs/selinux", &vfsbuf);
|
2020-11-01 00:09:51 +00:00
|
|
|
if (r != 0 || (vfsbuf.f_flag & ST_RDONLY)) {
|
2020-10-07 15:18:02 +00:00
|
|
|
return false;
|
2020-11-01 00:09:51 +00:00
|
|
|
}
|
2020-10-07 15:18:02 +00:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool isSelinuxEnabled(void) {
|
|
|
|
return hasSELinuxMount() && (0 == access("/etc/selinux/config", F_OK));
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool isSelinuxEnforcing(void) {
|
2020-11-01 00:09:51 +00:00
|
|
|
if (!enabled) {
|
2020-10-07 15:18:02 +00:00
|
|
|
return false;
|
2020-11-01 00:09:51 +00:00
|
|
|
}
|
2020-10-07 15:18:02 +00:00
|
|
|
|
|
|
|
int fd = open("/sys/fs/selinux/enforce", O_RDONLY);
|
2020-11-01 00:09:51 +00:00
|
|
|
if (fd < 0) {
|
2020-10-07 15:18:02 +00:00
|
|
|
return false;
|
2020-11-01 00:09:51 +00:00
|
|
|
}
|
2020-10-07 15:18:02 +00:00
|
|
|
|
|
|
|
char buf[20] = {0};
|
|
|
|
int r = read(fd, buf, sizeof(buf) - 1);
|
|
|
|
close(fd);
|
2020-11-01 00:09:51 +00:00
|
|
|
if (r < 0) {
|
2020-10-07 15:18:02 +00:00
|
|
|
return false;
|
2020-11-01 00:09:51 +00:00
|
|
|
}
|
2020-10-07 15:18:02 +00:00
|
|
|
|
|
|
|
int enforce = 0;
|
2020-11-01 00:09:51 +00:00
|
|
|
if (sscanf(buf, "%d", &enforce) != 1) {
|
2020-10-07 15:18:02 +00:00
|
|
|
return false;
|
2020-11-01 00:09:51 +00:00
|
|
|
}
|
2020-10-07 15:18:02 +00:00
|
|
|
|
|
|
|
return !!enforce;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void SELinuxMeter_updateValues(ATTR_UNUSED Meter* this, char* buffer, int len) {
|
|
|
|
enabled = isSelinuxEnabled();
|
|
|
|
enforcing = isSelinuxEnforcing();
|
|
|
|
|
|
|
|
xSnprintf(buffer, len, "%s%s", enabled ? "enabled" : "disabled", enabled ? (enforcing ? "; mode: enforcing" : "; mode: permissive") : "");
|
|
|
|
}
|
|
|
|
|
|
|
|
const MeterClass SELinuxMeter_class = {
|
|
|
|
.super = {
|
|
|
|
.extends = Class(Meter),
|
|
|
|
.delete = Meter_delete,
|
|
|
|
},
|
|
|
|
.updateValues = SELinuxMeter_updateValues,
|
|
|
|
.defaultMode = TEXT_METERMODE,
|
|
|
|
.maxItems = 0,
|
|
|
|
.total = 100.0,
|
|
|
|
.attributes = SELinuxMeter_attributes,
|
|
|
|
.name = "SELinux",
|
|
|
|
.uiName = "SELinux",
|
|
|
|
.description = "SELinux state overview",
|
|
|
|
.caption = "SELinux: "
|
|
|
|
};
|