diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2020-10-07 17:18:02 +0200 |
|---|---|---|
| committer | cgzones <cgzones@googlemail.com> | 2020-10-16 19:20:07 +0200 |
| commit | d744dac7ee6a651670387b6cc83878ef82202839 (patch) | |
| tree | 39b0ba571fe25ffb9ed11488db9d1a99825f4ddb /linux/SELinuxMeter.c | |
| parent | af4f58d0136fedca4894194daf89ab242167185d (diff) | |
Add SELinuxMeter
Diffstat (limited to 'linux/SELinuxMeter.c')
| -rw-r--r-- | linux/SELinuxMeter.c | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/linux/SELinuxMeter.c b/linux/SELinuxMeter.c new file mode 100644 index 00000000..8562215b --- /dev/null +++ b/linux/SELinuxMeter.c @@ -0,0 +1,91 @@ +/* +htop - SELinuxMeter.c +(C) 2020 Christian Goettsche +Released under the GNU GPLv2, see the COPYING file +in the source distribution for its full text. +*/ + +#include "SELinuxMeter.h" + +#include "CRT.h" + +#include <fcntl.h> +#include <linux/magic.h> +#include <sys/stat.h> +#include <sys/statvfs.h> +#include <sys/types.h> +#include <sys/vfs.h> +#include <unistd.h> + + +static const int SELinuxMeter_attributes[] = { + METER_TEXT, +}; + +static bool enabled = false; +static bool enforcing = false; + +static bool hasSELinuxMount(void) { + struct statfs sfbuf; + int r = statfs("/sys/fs/selinux", &sfbuf); + if (r != 0) + return false; + + if (sfbuf.f_type != SELINUX_MAGIC) + return false; + + struct statvfs vfsbuf; + r = statvfs("/sys/fs/selinux", &vfsbuf); + if (r != 0 || (vfsbuf.f_flag & ST_RDONLY)) + return false; + + return true; +} + +static bool isSelinuxEnabled(void) { + return hasSELinuxMount() && (0 == access("/etc/selinux/config", F_OK)); +} + +static bool isSelinuxEnforcing(void) { + if (!enabled) + return false; + + int fd = open("/sys/fs/selinux/enforce", O_RDONLY); + if (fd < 0) + return false; + + char buf[20] = {0}; + int r = read(fd, buf, sizeof(buf) - 1); + close(fd); + if (r < 0) + return false; + + int enforce = 0; + if (sscanf(buf, "%d", &enforce) != 1) + return false; + + return !!enforce; +} + +static void SELinuxMeter_updateValues(ATTR_UNUSED Meter* this, char* buffer, int len) { + enabled = isSelinuxEnabled(); + enforcing = isSelinuxEnforcing(); + + xSnprintf(buffer, len, "%s%s", enabled ? "enabled" : "disabled", enabled ? (enforcing ? "; mode: enforcing" : "; mode: permissive") : ""); +} + +const MeterClass SELinuxMeter_class = { + .super = { + .extends = Class(Meter), + .delete = Meter_delete, + }, + .updateValues = SELinuxMeter_updateValues, + .defaultMode = TEXT_METERMODE, + .maxItems = 0, + .total = 100.0, + .attributes = SELinuxMeter_attributes, + .name = "SELinux", + .uiName = "SELinux", + .description = "SELinux state overview", + .caption = "SELinux: " +}; |