From d744dac7ee6a651670387b6cc83878ef82202839 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 7 Oct 2020 17:18:02 +0200
Subject: Add SELinuxMeter

---
 linux/SELinuxMeter.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 linux/SELinuxMeter.c

(limited to 'linux/SELinuxMeter.c')

diff --git a/linux/SELinuxMeter.c b/linux/SELinuxMeter.c
new file mode 100644
index 00000000..8562215b
--- /dev/null
+++ b/linux/SELinuxMeter.c
@@ -0,0 +1,91 @@
+/*
+htop - SELinuxMeter.c
+(C) 2020 Christian Goettsche
+Released under the GNU GPLv2, see the COPYING file
+in the source distribution for its full text.
+*/
+
+#include "SELinuxMeter.h"
+
+#include "CRT.h"
+
+#include <fcntl.h>
+#include <linux/magic.h>
+#include <sys/stat.h>
+#include <sys/statvfs.h>
+#include <sys/types.h>
+#include <sys/vfs.h>
+#include <unistd.h>
+
+
+static const int SELinuxMeter_attributes[] = {
+   METER_TEXT,
+};
+
+static bool enabled = false;
+static bool enforcing = false;
+
+static bool hasSELinuxMount(void) {
+   struct statfs sfbuf;
+   int r = statfs("/sys/fs/selinux", &sfbuf);
+   if (r != 0)
+      return false;
+
+   if (sfbuf.f_type != SELINUX_MAGIC)
+      return false;
+
+   struct statvfs vfsbuf;
+   r = statvfs("/sys/fs/selinux", &vfsbuf);
+   if (r != 0 || (vfsbuf.f_flag & ST_RDONLY))
+      return false;
+
+   return true;
+}
+
+static bool isSelinuxEnabled(void) {
+   return hasSELinuxMount() && (0 == access("/etc/selinux/config", F_OK));
+}
+
+static bool isSelinuxEnforcing(void) {
+   if (!enabled)
+      return false;
+
+   int fd = open("/sys/fs/selinux/enforce", O_RDONLY);
+   if (fd < 0)
+      return false;
+
+   char buf[20] = {0};
+   int r = read(fd, buf, sizeof(buf) - 1);
+   close(fd);
+   if (r < 0)
+      return false;
+
+   int enforce = 0;
+   if (sscanf(buf, "%d", &enforce) != 1)
+      return false;
+
+   return !!enforce;
+}
+
+static void SELinuxMeter_updateValues(ATTR_UNUSED Meter* this, char* buffer, int len) {
+   enabled = isSelinuxEnabled();
+   enforcing = isSelinuxEnforcing();
+
+   xSnprintf(buffer, len, "%s%s", enabled ? "enabled" : "disabled", enabled ? (enforcing ? "; mode: enforcing" : "; mode: permissive") : "");
+}
+
+const MeterClass SELinuxMeter_class = {
+   .super = {
+      .extends = Class(Meter),
+      .delete = Meter_delete,
+   },
+   .updateValues = SELinuxMeter_updateValues,
+   .defaultMode = TEXT_METERMODE,
+   .maxItems = 0,
+   .total = 100.0,
+   .attributes = SELinuxMeter_attributes,
+   .name = "SELinux",
+   .uiName = "SELinux",
+   .description = "SELinux state overview",
+   .caption = "SELinux: "
+};
-- 
cgit v1.2.3