Finished the new dialogue functionality

2025-05-04 17:09:28 +02:00 · 2025-05-04 17:09:28 +02:00 · c4ae40c7bd
commit c4ae40c7bd
parent ecedbbb4ce
6 changed files with 65 additions and 20 deletions
--- a/src/perm_permissions_table.c
+++ b/src/perm_permissions_table.c
@ -9,6 +9,7 @@
 #include "perm_permissions_table.h"
 #include "access_t.h"
 #include "process_info.h"
+#include "set_mode_t.h"
 #include <fcntl.h>
 #include <pthread.h>
 #include <sqlite3.h>
@ -83,10 +84,21 @@ static int check_table_col_schema(void *notused, int argc, char **argv,
 }

 static int set_flag(void *flag, int argc, char **argv, char **colname) {
-  (void)argc;
-  (void)argv;
  (void)colname;
+
+  if (argc < 3) {
+    fprintf(stderr,
+            "Unexpected amount of arguments given to the callback: %d.\n",
+            argc);
+    return 1;
+  }
+
+  if (atoi(argv[2])) {
+    fprintf(stderr, "Third column was: %s\n", argv[2]);
    *(int *)flag = 1;
+  } else {
+    *(int *)flag = -1;
+  }
  return 0;
 }

@ -182,7 +194,7 @@ int init_perm_permissions_table(const char *db_filename) {
 /**
 * Destroys the permanent permissions table.
 */
-void destroy_perm_permissions_table() { sqlite3_close(perm_database); }
+void destroy_perm_permissions_table(void) { sqlite3_close(perm_database); }

 /**
 * Checks if the process has a permanent access to the file.
@ -197,7 +209,7 @@ access_t check_perm_access(const char *filename, struct process_info pi) {
  char *query = NULL;
  int ret = asprintf(&query,
                     "SELECT * FROM %s WHERE executable = \'%s\' "
-                     "AND filename = \'%s\' AND mode = TRUE;",
+                     "AND filename = \'%s\';",
                     table_name, pi.name, filename);

  if (ret < 0) {
@ -220,9 +232,12 @@ access_t check_perm_access(const char *filename, struct process_info pi) {
    return NDEF;
  }

-  if (flag) {
+  if (flag == 1) {
    return ALLOW;
  }
+  if (flag == -1) {
+    return DENY;
+  }
  return NDEF;
 }

@ -233,10 +248,19 @@ access_t check_perm_access(const char *filename, struct process_info pi) {
 * @param pi: The process information
 * @return: 0 on success, 1 on failure
 */
-int give_perm_access(const char *filename, struct process_info pi) {
+int set_perm_access(const char *filename, struct process_info pi,
+                    set_mode_t mode) {
  char *query = NULL;
-  int ret = asprintf(&query, "INSERT INTO %s VALUES (\'%s\', \'%s\', TRUE);",
+  int ret = -1;
+  if (mode == SET_ALLOW) {
+    ret = asprintf(&query, "INSERT INTO %s VALUES (\'%s\', \'%s\', TRUE);",
                   table_name, pi.name, filename);
+  } else if (mode == SET_DENY) {
+    ret = asprintf(&query, "INSERT INTO %s VALUES (\'%s\', \'%s\', FALSE);",
+                   table_name, pi.name, filename);
+  } else {
+    return 1;
+  }

  if (ret < 0) {
    // If asprintf fails, the contents of query are undefined (see man
--- a/src/perm_permissions_table.h
+++ b/src/perm_permissions_table.h
@ -11,6 +11,7 @@

 #include "access_t.h"
 #include "process_info.h"
+#include "set_mode_t.h"

 /**
 * Initializes the permanent permissions table.
@ -40,8 +41,11 @@ access_t check_perm_access(const char *filename, struct process_info pi);
 *
 * @param filename: The file that the process is trying to access
 * @param pi: The process information
+ * @param mode: Kind of access rule to be set - SET_DENY to deny access, and
+ * SET_ALLOW to allow access.
 * @return: 0 on success, -1 on failure
 */
-int give_perm_access(const char *filename, struct process_info pi);
+int set_perm_access(const char *filename, struct process_info pi,
+                    set_mode_t mode);

 #endif // #ifdef PERM_PERMISSION_TABLE_H
--- a/src/set_mode_t.h
+++ b/src/set_mode_t.h
@ -0,0 +1,5 @@
+
+#ifndef SET_MODE_T_H
+#define SET_MODE_T_H
+typedef enum { SET_DENY, SET_ALLOW } set_mode_t;
+#endif // !SET_MODE_T_H
--- a/src/temp_permissions_table.h
+++ b/src/temp_permissions_table.h
@ -4,6 +4,7 @@

 #include "access_t.h"
 #include "process_info.h"
+#include "set_mode_t.h"

 /**
 * Initializes the temporary permissions table.
@ -35,8 +36,6 @@ void destroy_temp_permissions_table(void);
 */
 access_t check_temp_access(const char *filename, struct process_info pi);

-typedef enum { SET_DENY, SET_ALLOW } set_mode_t;
-
 /**
 * Sets temporary access mode of the process to the file.
 *
--- a/src/ui-socket.c
+++ b/src/ui-socket.c
@ -49,7 +49,7 @@ int init_ui_socket(const char *perm_permissions_db_filename) {
  }

  // Test if Zenity is installed (get version)
-  fp = popen("zenity --version", "r");
+  fp = popen("icfs_dialogue --version", "r");
  if (fp == NULL) {
    perror("Pipe returned an error");
    return 1;
@ -77,7 +77,7 @@ struct dialogue_response ask_access(const char *filename,
                                    struct process_info proc_info) {
  FILE *fp = NULL;
  char *command = NULL;
-  int ret = asprintf(&command, "zenity \"%d\" \"%s\" \"%s\" \"%s\"",
+  int ret = asprintf(&command, "icfs_dialogue \"%d\" \"%s\" \"%s\" \"%s\"",
                     proc_info.PID, proc_info.name, get_mountpoint(), filename);

  struct dialogue_response response;
@ -142,8 +142,10 @@ struct dialogue_response ask_access(const char *filename,
    response.decision = ALLOW;
  } else if (zenity_exit_code == ZENITY_YES) {
    response.decision = ALLOW_TEMP;
-  } else {
+  } else if (zenity_exit_code == (ZENITY_NO | ZENITY_PERM)) {
    response.decision = DENY;
+  } else {
+    response.decision = DENY_TEMP;
  }

  return response;
@ -205,7 +207,7 @@ int interactive_access(const char *filename, struct process_info proc_info,

  if (opts & GRANT_PERM) {
    fprintf(stderr, "Permission granted permanently to %s.\n", proc_info.name);
-    give_perm_access(real_path, proc_info);
+    set_perm_access(real_path, proc_info, SET_ALLOW);
    free(real_path);
    return 1;
  }
@ -241,7 +243,7 @@ int interactive_access(const char *filename, struct process_info proc_info,
    fprintf(stderr,
            "Permission granted permanently to %s based on zenty response.\n",
            proc_info.name);
-    give_perm_access(real_path, proc_info);
+    set_perm_access(real_path, proc_info, SET_ALLOW);
    free(real_path);
    return 1;
  }
@ -255,7 +257,7 @@ int interactive_access(const char *filename, struct process_info proc_info,
    return 1;
  }

-  if (response.decision == DENY) {
+  if (response.decision == DENY_TEMP) {
    fprintf(stderr,
            "Permission denied temporarily to %s based on zenty response.\n",
            proc_info.name);
@ -264,6 +266,15 @@ int interactive_access(const char *filename, struct process_info proc_info,
    return 0;
  }

+  if (response.decision == DENY) {
+    fprintf(stderr,
+            "Permission denied permanently to %s based on zenty response.\n",
+            proc_info.name);
+    set_perm_access(real_path, proc_info, SET_DENY);
+    free(real_path);
+    return 0;
+  }
+
  free(real_path);
  // deny on unknown options.
  return 0;
--- a/test/mock/icfs_dialogue
+++ b/test/mock/icfs_dialogue
@ -14,12 +14,14 @@ else
    FAKE_ZENITY_RESPONSE=$(cat ~/.fake_zenity_response)

    printf "%s" "$4"
-    if [[ $FAKE_ZENITY_RESPONSE == "yes_tmp" ]]; then
+    if [[ $FAKE_ZENITY_RESPONSE == "yes" ]]; then
      exit "$ZENITY_YES"
    elif [[ $FAKE_ZENITY_RESPONSE == "no" ]]; then
      exit "$ZENITY_NO"
-    elif [[ $FAKE_ZENITY_RESPONSE == "yes" ]]; then
+    elif [[ $FAKE_ZENITY_RESPONSE == "yes_perm" ]]; then
      exit "$((ZENITY_YES | ZENITY_PERM))"
+    elif [[ $FAKE_ZENITY_RESPONSE == "no_perm" ]]; then
+      exit "$((ZENITY_NO | ZENITY_PERM))"
    fi
  fi
 fi