#![allow(non_snake_case)]
#![allow(non_upper_case_globals)]
#![allow(dead_code)]
use libc::ssize_t;
use crate::ported::linux::compat::Compat_readfile;
use crate::ported::meter::Meter;
#[derive(Clone, Copy, PartialEq, Eq)]
enum EnforcingMode {
Permissive = 0,
Enforcing = 1,
Unknown = 2,
Disabled = 3,
}
const enforcingText: [&str; 4] = [
"enabled; mode: permissive",
"enabled; mode: enforcing",
"enabled; mode: unknown",
"disabled",
];
#[cfg(target_os = "linux")]
fn hasSELinuxMount() -> bool {
let mut sfbuf: libc::statfs = unsafe { std::mem::zeroed() };
let r = unsafe { libc::statfs(c"/sys/fs/selinux".as_ptr(), &mut sfbuf) };
if r != 0 {
return false;
}
if sfbuf.f_type as u32 != 0xf97cff8c {
return false;
}
let mut vfsbuf: libc::statvfs = unsafe { std::mem::zeroed() };
let r = unsafe { libc::statvfs(c"/sys/fs/selinux".as_ptr(), &mut vfsbuf) };
if r != 0 || (vfsbuf.f_flag & libc::ST_RDONLY) != 0 {
return false;
}
true
}
#[cfg(not(target_os = "linux"))]
fn hasSELinuxMount() -> bool {
false
}
fn isSelinuxEnabled() -> bool {
hasSELinuxMount()
}
pub fn isSelinuxEnforcing() {
todo!("SELinuxMeter.c: renamed to getSelinuxEnforcing (ported as a closure in SELinuxMeter_updateValues)")
}
pub fn SELinuxMeter_updateValues(this: &mut Meter) {
let get_selinux_enforcing = || -> EnforcingMode {
if !isSelinuxEnabled() {
return EnforcingMode::Disabled;
}
let mut buf = [0u8; 20];
let r = Compat_readfile(c"/sys/fs/selinux/enforce", &mut buf);
if r < 0 {
return if r == -(libc::ENOENT as ssize_t) {
EnforcingMode::Disabled
} else {
EnforcingMode::Unknown
};
}
let end = buf.iter().position(|&c| c == 0).unwrap_or(buf.len());
let s = &buf[..end];
let mut i = 0;
while i < s.len() && s[i].is_ascii_whitespace() {
i += 1;
}
let neg = i < s.len() && s[i] == b'-';
if i < s.len() && (s[i] == b'+' || s[i] == b'-') {
i += 1;
}
let digit_start = i;
let mut enforce: i64 = 0;
while i < s.len() && s[i].is_ascii_digit() {
enforce = enforce.wrapping_mul(10).wrapping_add((s[i] - b'0') as i64);
i += 1;
}
if i == digit_start {
return EnforcingMode::Unknown;
}
if neg {
enforce = -enforce;
}
if enforce != 0 {
EnforcingMode::Enforcing
} else {
EnforcingMode::Permissive
}
};
let enforcing = get_selinux_enforcing();
this.txtBuffer = enforcingText[enforcing as usize].to_string();
}