/usr/bin/dpkg -s busybox | $EXECPWR awk '/^Version:/ {print $2}'
}
-# Get the current device mode in Harmattan. Returns "open" or "normal"
-GETDEVICEMODE() {
- /usr/bin/accli -I | $EXECPWR awk '/^Current mode:/ {print $3}'
-}
-
# Get the enforcement status of aegis' source origin check. Returns "1" when
# the check is active, otherwise "0"
GETORIGINCHECK_STATUS() {
- /usr/sbin/aegisctl | $EXECPWR sed 's/,.*//' | $EXECPWR grep "s" | $EXECPWR wc -l
+ ENFORCE="/sys/kernel/security/validator/enforce"
+ ENFORCE_HEX=`$EXECPWR cat $ENFORCE`
+ SID_CHECK_BIT="2"
+
+ if test "$ENFORCE_HEX" == ""; then exit 1; fi
+ RETVAL="1"
+ if test `echo $(($ENFORCE_HEX & $SID_CHECK_BIT))` -eq 0; then
+ RETVAL="0"
+ fi
+ echo $RETVAL
+}
+
+# Set the enforcement status of aegis' source origin check. The check will be
+# enabled when passed "1"; passing "0" will disable it.
+# Works in both normal and open mode via aegisctl, and in patched open mode via
+# via writing to sysfs entries directly
+SETORIGINCHECK_STATUS() {
+ ENABLE=$1
+
+ ENFORCE="/sys/kernel/security/validator/enforce"
+ ENFORCE_HEX=`$EXECPWR cat $ENFORCE`
+ SID_CHECK_BIT="2"
+
+ if test $ENABLE -gt 0; then
+ if test `GETORIGINCHECK_STATUS` -eq 1; then return; fi # Already on
+ ENFORCE_NEW_DEC=`echo $(($ENFORCE_HEX | $SID_CHECK_BIT))`
+ ENFORCE_NEW_HEX=`printf "0x%02x" $ENFORCE_NEW_DEC`
+ echo $ENFORCE_NEW_HEX > $ENFORCE 2> /dev/null
+ if test $? -gt 0; then
+ # Do not exit 1 on failure to re-enable the origincheck; not fatal for
+ # (un)installation of busybox-power
+ /usr/sbin/aegisctl +s > /dev/null
+ fi
+ else
+ if test `GETORIGINCHECK_STATUS` -eq 0; then return; fi # Already off
+ ENFORCE_NEW_DEC=`echo $(($ENFORCE_HEX ^ $SID_CHECK_BIT))`
+ ENFORCE_NEW_HEX=`printf "0x%02x" $ENFORCE_NEW_DEC`
+ echo $ENFORCE_NEW_HEX > $ENFORCE 2> /dev/null
+ if test $? -gt 0; then
+ /usr/sbin/aegisctl @s > /dev/null || exit 1
+ fi
+ fi
+
+ ECHO_VERBOSE "new origincheck: $ENABLE ($ENFORCE_NEW_HEX)"
}
projects / busybox-power / blobdiff