Add information about SELinux and other LSMs

2 files changed, 39 insertions, 1 deletions

diff --git a/modules/computer.c b/modules/computer.c
index 61a75ec5..2a8c56b5 100644
--- a/modules/computer.c
+++ b/modules/computer.c
@@ -534,13 +534,24 @@ gchar *callback_security(void)
 {
     struct Info *info = info_new();
 
-    info_add_group(info, _("Security"),
+    info_add_group(info, _("HardInfo"),
         info_field(_("HardInfo running as"), (getuid() == 0) ? _("Superuser") : _("User")),
+        info_field_last());
+
+    info_add_group(info, _("Health"),
         info_field_update(_("Available entropy in /dev/random"), 1000),
+        info_field_last());
+
+    info_add_group(info, _("Hardening Features"),
         info_field(_("ASLR"), idle_free(computer_get_aslr())),
         info_field(_("dmesg"), idle_free(computer_get_dmesg_status())),
         info_field_last());
 
+    info_add_group(info, _("Linux Security Modules"),
+        info_field(_("Modules available"), idle_free(computer_get_lsm())),
+        info_field(_("SELinux status"), computer_get_selinux()),
+        info_field_last());
+
     return info_flatten(info);
 }
 
diff --git a/modules/computer/os.c b/modules/computer/os.c
index 49210307..5872ff82 100644
--- a/modules/computer/os.c
+++ b/modules/computer/os.c
@@ -490,3 +490,30 @@ computer_get_os(void)
 
     return os;
 }
+
+const gchar *
+computer_get_selinux(void)
+{
+    int r;
+    gboolean spawned = g_spawn_command_line_sync("selinuxenabled",
+                                                 NULL, NULL, &r, NULL);
+
+    if (!spawned)
+        return _("Not installed");
+
+    if (r == 0)
+        return _("Enabled");
+
+    return _("Disabled");
+}
+
+gchar *
+computer_get_lsm(void)
+{
+    gchar *contents;
+
+    if (!g_file_get_contents("/sys/kernel/security/lsm", &contents, NULL, NULL))
+        return g_strdup(_("Unknown"));
+
+    return contents;
+}