diff --git a/src/perm_permissions_table.c b/src/perm_permissions_table.c index 04bcb37..58dfec7 100644 --- a/src/perm_permissions_table.c +++ b/src/perm_permissions_table.c @@ -9,6 +9,7 @@ #include "perm_permissions_table.h" #include "access_t.h" #include "process_info.h" +#include "set_mode_t.h" #include #include #include @@ -83,10 +84,21 @@ static int check_table_col_schema(void *notused, int argc, char **argv, } static int set_flag(void *flag, int argc, char **argv, char **colname) { - (void)argc; - (void)argv; (void)colname; - *(int *)flag = 1; + + if (argc < 3) { + fprintf(stderr, + "Unexpected amount of arguments given to the callback: %d.\n", + argc); + return 1; + } + + if (atoi(argv[2])) { + fprintf(stderr, "Third column was: %s\n", argv[2]); + *(int *)flag = 1; + } else { + *(int *)flag = -1; + } return 0; } @@ -182,7 +194,7 @@ int init_perm_permissions_table(const char *db_filename) { /** * Destroys the permanent permissions table. */ -void destroy_perm_permissions_table() { sqlite3_close(perm_database); } +void destroy_perm_permissions_table(void) { sqlite3_close(perm_database); } /** * Checks if the process has a permanent access to the file. @@ -197,7 +209,7 @@ access_t check_perm_access(const char *filename, struct process_info pi) { char *query = NULL; int ret = asprintf(&query, "SELECT * FROM %s WHERE executable = \'%s\' " - "AND filename = \'%s\' AND mode = TRUE;", + "AND filename = \'%s\';", table_name, pi.name, filename); if (ret < 0) { @@ -220,9 +232,12 @@ access_t check_perm_access(const char *filename, struct process_info pi) { return NDEF; } - if (flag) { + if (flag == 1) { return ALLOW; } + if (flag == -1) { + return DENY; + } return NDEF; } @@ -233,10 +248,19 @@ access_t check_perm_access(const char *filename, struct process_info pi) { * @param pi: The process information * @return: 0 on success, 1 on failure */ -int give_perm_access(const char *filename, struct process_info pi) { +int set_perm_access(const char *filename, struct process_info pi, + set_mode_t mode) { char *query = NULL; - int ret = asprintf(&query, "INSERT INTO %s VALUES (\'%s\', \'%s\', TRUE);", - table_name, pi.name, filename); + int ret = -1; + if (mode == SET_ALLOW) { + ret = asprintf(&query, "INSERT INTO %s VALUES (\'%s\', \'%s\', TRUE);", + table_name, pi.name, filename); + } else if (mode == SET_DENY) { + ret = asprintf(&query, "INSERT INTO %s VALUES (\'%s\', \'%s\', FALSE);", + table_name, pi.name, filename); + } else { + return 1; + } if (ret < 0) { // If asprintf fails, the contents of query are undefined (see man diff --git a/src/perm_permissions_table.h b/src/perm_permissions_table.h index f42b4fe..1dee36d 100644 --- a/src/perm_permissions_table.h +++ b/src/perm_permissions_table.h @@ -11,6 +11,7 @@ #include "access_t.h" #include "process_info.h" +#include "set_mode_t.h" /** * Initializes the permanent permissions table. @@ -40,8 +41,11 @@ access_t check_perm_access(const char *filename, struct process_info pi); * * @param filename: The file that the process is trying to access * @param pi: The process information + * @param mode: Kind of access rule to be set - SET_DENY to deny access, and + * SET_ALLOW to allow access. * @return: 0 on success, -1 on failure */ -int give_perm_access(const char *filename, struct process_info pi); +int set_perm_access(const char *filename, struct process_info pi, + set_mode_t mode); #endif // #ifdef PERM_PERMISSION_TABLE_H diff --git a/src/set_mode_t.h b/src/set_mode_t.h new file mode 100644 index 0000000..f0e7582 --- /dev/null +++ b/src/set_mode_t.h @@ -0,0 +1,5 @@ + +#ifndef SET_MODE_T_H +#define SET_MODE_T_H +typedef enum { SET_DENY, SET_ALLOW } set_mode_t; +#endif // !SET_MODE_T_H diff --git a/src/temp_permissions_table.h b/src/temp_permissions_table.h index 9320e27..1d62965 100644 --- a/src/temp_permissions_table.h +++ b/src/temp_permissions_table.h @@ -4,6 +4,7 @@ #include "access_t.h" #include "process_info.h" +#include "set_mode_t.h" /** * Initializes the temporary permissions table. @@ -35,8 +36,6 @@ void destroy_temp_permissions_table(void); */ access_t check_temp_access(const char *filename, struct process_info pi); -typedef enum { SET_DENY, SET_ALLOW } set_mode_t; - /** * Sets temporary access mode of the process to the file. * diff --git a/src/ui-socket.c b/src/ui-socket.c index 1daa9dd..95ab12c 100644 --- a/src/ui-socket.c +++ b/src/ui-socket.c @@ -49,7 +49,7 @@ int init_ui_socket(const char *perm_permissions_db_filename) { } // Test if Zenity is installed (get version) - fp = popen("zenity --version", "r"); + fp = popen("icfs_dialogue --version", "r"); if (fp == NULL) { perror("Pipe returned an error"); return 1; @@ -77,7 +77,7 @@ struct dialogue_response ask_access(const char *filename, struct process_info proc_info) { FILE *fp = NULL; char *command = NULL; - int ret = asprintf(&command, "zenity \"%d\" \"%s\" \"%s\" \"%s\"", + int ret = asprintf(&command, "icfs_dialogue \"%d\" \"%s\" \"%s\" \"%s\"", proc_info.PID, proc_info.name, get_mountpoint(), filename); struct dialogue_response response; @@ -142,8 +142,10 @@ struct dialogue_response ask_access(const char *filename, response.decision = ALLOW; } else if (zenity_exit_code == ZENITY_YES) { response.decision = ALLOW_TEMP; - } else { + } else if (zenity_exit_code == (ZENITY_NO | ZENITY_PERM)) { response.decision = DENY; + } else { + response.decision = DENY_TEMP; } return response; @@ -205,7 +207,7 @@ int interactive_access(const char *filename, struct process_info proc_info, if (opts & GRANT_PERM) { fprintf(stderr, "Permission granted permanently to %s.\n", proc_info.name); - give_perm_access(real_path, proc_info); + set_perm_access(real_path, proc_info, SET_ALLOW); free(real_path); return 1; } @@ -241,7 +243,7 @@ int interactive_access(const char *filename, struct process_info proc_info, fprintf(stderr, "Permission granted permanently to %s based on zenty response.\n", proc_info.name); - give_perm_access(real_path, proc_info); + set_perm_access(real_path, proc_info, SET_ALLOW); free(real_path); return 1; } @@ -255,7 +257,7 @@ int interactive_access(const char *filename, struct process_info proc_info, return 1; } - if (response.decision == DENY) { + if (response.decision == DENY_TEMP) { fprintf(stderr, "Permission denied temporarily to %s based on zenty response.\n", proc_info.name); @@ -264,6 +266,15 @@ int interactive_access(const char *filename, struct process_info proc_info, return 0; } + if (response.decision == DENY) { + fprintf(stderr, + "Permission denied permanently to %s based on zenty response.\n", + proc_info.name); + set_perm_access(real_path, proc_info, SET_DENY); + free(real_path); + return 0; + } + free(real_path); // deny on unknown options. return 0; diff --git a/test/mock/zenity b/test/mock/icfs_dialogue similarity index 74% rename from test/mock/zenity rename to test/mock/icfs_dialogue index 35270b4..92f8aff 100755 --- a/test/mock/zenity +++ b/test/mock/icfs_dialogue @@ -14,12 +14,14 @@ else FAKE_ZENITY_RESPONSE=$(cat ~/.fake_zenity_response) printf "%s" "$4" - if [[ $FAKE_ZENITY_RESPONSE == "yes_tmp" ]]; then + if [[ $FAKE_ZENITY_RESPONSE == "yes" ]]; then exit "$ZENITY_YES" elif [[ $FAKE_ZENITY_RESPONSE == "no" ]]; then exit "$ZENITY_NO" - elif [[ $FAKE_ZENITY_RESPONSE == "yes" ]]; then + elif [[ $FAKE_ZENITY_RESPONSE == "yes_perm" ]]; then exit "$((ZENITY_YES | ZENITY_PERM))" + elif [[ $FAKE_ZENITY_RESPONSE == "no_perm" ]]; then + exit "$((ZENITY_NO | ZENITY_PERM))" fi fi fi