|
|
|
|
@@ -14,8 +14,10 @@
|
|
|
|
|
#include "cc.h"
|
|
|
|
|
#include "perm_permissions_table.h"
|
|
|
|
|
#include "real_filename.h"
|
|
|
|
|
#include "sourcefs.h"
|
|
|
|
|
#include "temp_permissions_table.h"
|
|
|
|
|
#include "ui-socket.h"
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
#include <pthread.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
@@ -28,6 +30,11 @@
|
|
|
|
|
#define ZENITY_NO 1
|
|
|
|
|
#define ZENITY_PERM 2
|
|
|
|
|
|
|
|
|
|
struct dialogue_response {
|
|
|
|
|
access_t decision;
|
|
|
|
|
char *filename;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
int init_ui_socket(const char *perm_permissions_db_filename) {
|
|
|
|
|
FILE *fp = NULL;
|
|
|
|
|
|
|
|
|
|
@@ -66,11 +73,16 @@ void destroy_ui_socket(void) {
|
|
|
|
|
* @return: access status - ALLOW, DENY or ALLOW_TEMP
|
|
|
|
|
* allowed for the runtime of the process
|
|
|
|
|
*/
|
|
|
|
|
access_t ask_access(const char *filename, struct process_info proc_info) {
|
|
|
|
|
struct dialogue_response ask_access(const char *filename,
|
|
|
|
|
struct process_info proc_info) {
|
|
|
|
|
FILE *fp = NULL;
|
|
|
|
|
char *command = NULL;
|
|
|
|
|
int ret = asprintf(&command, "zenity \"%d\" \"%s\" \"%s\" \"%s\"",
|
|
|
|
|
proc_info.PID, proc_info.name, filename, get_mountpoint());
|
|
|
|
|
proc_info.PID, proc_info.name, get_mountpoint(), filename);
|
|
|
|
|
|
|
|
|
|
struct dialogue_response response;
|
|
|
|
|
response.decision = DENY;
|
|
|
|
|
response.filename = NULL;
|
|
|
|
|
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
// If asprintf fails, the contents of command are undefined (see man
|
|
|
|
|
@@ -79,7 +91,11 @@ access_t ask_access(const char *filename, struct process_info proc_info) {
|
|
|
|
|
// justify preparing for this.
|
|
|
|
|
fprintf(stderr, "Could not create query on rule insertion");
|
|
|
|
|
perror("");
|
|
|
|
|
return 1;
|
|
|
|
|
response.decision = DENY;
|
|
|
|
|
response.filename = malloc(2);
|
|
|
|
|
response.filename[0] = '.';
|
|
|
|
|
response.filename[1] = 0;
|
|
|
|
|
return response;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Zenity Question Message Popup
|
|
|
|
|
@@ -88,18 +104,20 @@ access_t ask_access(const char *filename, struct process_info proc_info) {
|
|
|
|
|
|
|
|
|
|
if (fp == NULL) {
|
|
|
|
|
perror("Pipe returned a error");
|
|
|
|
|
return DENY;
|
|
|
|
|
response.decision = DENY;
|
|
|
|
|
response.filename = malloc(2);
|
|
|
|
|
response.filename[0] = '.';
|
|
|
|
|
response.filename[1] = 0;
|
|
|
|
|
return response;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
str(char) zenity_output;
|
|
|
|
|
init(&zenity_output);
|
|
|
|
|
|
|
|
|
|
size_t total_read = 0;
|
|
|
|
|
char line[1024]; // Buffer to read individual lines
|
|
|
|
|
|
|
|
|
|
// Read the command output line by line
|
|
|
|
|
while (fgets(line, sizeof(line), fp)) {
|
|
|
|
|
size_t line_len = strlen(line);
|
|
|
|
|
push_fmt(&zenity_output, line);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -107,16 +125,28 @@ access_t ask_access(const char *filename, struct process_info proc_info) {
|
|
|
|
|
fprintf(stderr, "zenity wrote out %s\n", first(&zenity_output));
|
|
|
|
|
fprintf(stderr, "zenity returned %d\n", zenity_exit_code);
|
|
|
|
|
|
|
|
|
|
// if (size(&zenity_output) == 0) {
|
|
|
|
|
// push(&zenity_output, '.');
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
assert(strlen(first(&zenity_output)) == size(&zenity_output));
|
|
|
|
|
|
|
|
|
|
response.filename = malloc(size(&zenity_output) + 1);
|
|
|
|
|
strcpy(response.filename, first(&zenity_output));
|
|
|
|
|
// response.filename[size(&zenity_output)] = 0;
|
|
|
|
|
|
|
|
|
|
// assert(0 == strcmp(response.filename, first(&zenity_output)));
|
|
|
|
|
cleanup(&zenity_output);
|
|
|
|
|
|
|
|
|
|
if (zenity_exit_code == (ZENITY_YES | ZENITY_PERM)) {
|
|
|
|
|
return ALLOW;
|
|
|
|
|
}
|
|
|
|
|
if (zenity_exit_code == ZENITY_YES) {
|
|
|
|
|
return ALLOW_TEMP;
|
|
|
|
|
response.decision = ALLOW;
|
|
|
|
|
} else if (zenity_exit_code == ZENITY_YES) {
|
|
|
|
|
response.decision = ALLOW_TEMP;
|
|
|
|
|
} else {
|
|
|
|
|
response.decision = DENY;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return DENY;
|
|
|
|
|
return response;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@@ -136,20 +166,36 @@ int interactive_access(const char *filename, struct process_info proc_info,
|
|
|
|
|
|
|
|
|
|
access_t access = check_temp_access(real_path, proc_info);
|
|
|
|
|
if (access == ALLOW) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"Permission allowed to %s based on a rule present in the temp "
|
|
|
|
|
"permission table.\n",
|
|
|
|
|
proc_info.name);
|
|
|
|
|
free(real_path);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if (access == DENY) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"Permission denied to %s based on a rule present in the temp "
|
|
|
|
|
"permission table.\n",
|
|
|
|
|
proc_info.name);
|
|
|
|
|
free(real_path);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
access = check_perm_access(real_path, proc_info);
|
|
|
|
|
if (access == ALLOW) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"Permission allowed to %s based on a rule present in the perm "
|
|
|
|
|
"permission table.\n",
|
|
|
|
|
proc_info.name);
|
|
|
|
|
free(real_path);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if (access == DENY) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"Permission denied to %s based on a rule present in the perm "
|
|
|
|
|
"permission table.\n",
|
|
|
|
|
proc_info.name);
|
|
|
|
|
free(real_path);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
@@ -158,30 +204,61 @@ int interactive_access(const char *filename, struct process_info proc_info,
|
|
|
|
|
// permissions are granted
|
|
|
|
|
|
|
|
|
|
if (opts & GRANT_PERM) {
|
|
|
|
|
fprintf(stderr, "Permission granted permanently to %s.\n", proc_info.name);
|
|
|
|
|
give_perm_access(real_path, proc_info);
|
|
|
|
|
free(real_path);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if (opts & GRANT_TEMP) {
|
|
|
|
|
fprintf(stderr, "Permission granted temporarily to %s.\n", proc_info.name);
|
|
|
|
|
set_temp_access(real_path, proc_info, SET_ALLOW);
|
|
|
|
|
free(real_path);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
access_t user_response = ask_access(real_path, proc_info);
|
|
|
|
|
if (user_response == ALLOW) {
|
|
|
|
|
struct dialogue_response response = ask_access(filename, proc_info);
|
|
|
|
|
// fprintf(stderr, "%s", response.filename);
|
|
|
|
|
// assert(0 != strlen(response.filename));
|
|
|
|
|
|
|
|
|
|
// the user might specify a different file in the dialogue, so we need to
|
|
|
|
|
// check if it is valid
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
while (source_access(response.filename, F_OK)) {
|
|
|
|
|
// if it is invalid, just ask again.
|
|
|
|
|
fprintf(stderr, "Filename returned by zenty wasn't correct: %s\n",
|
|
|
|
|
response.filename);
|
|
|
|
|
free(response.filename);
|
|
|
|
|
response = ask_access(filename, proc_info);
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
free(real_path);
|
|
|
|
|
|
|
|
|
|
real_path = real_filename(response.filename);
|
|
|
|
|
free(response.filename);
|
|
|
|
|
|
|
|
|
|
if (response.decision == ALLOW) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"Permission granted permanently to %s based on zenty response.\n",
|
|
|
|
|
proc_info.name);
|
|
|
|
|
give_perm_access(real_path, proc_info);
|
|
|
|
|
free(real_path);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (user_response == ALLOW_TEMP) {
|
|
|
|
|
if (response.decision == ALLOW_TEMP) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"Permission granted temporarily to %s based on zenty response.\n",
|
|
|
|
|
proc_info.name);
|
|
|
|
|
set_temp_access(real_path, proc_info, SET_ALLOW);
|
|
|
|
|
free(real_path);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (user_response == DENY) {
|
|
|
|
|
if (response.decision == DENY) {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"Permission denied temporarily to %s based on zenty response.\n",
|
|
|
|
|
proc_info.name);
|
|
|
|
|
set_temp_access(real_path, proc_info, SET_DENY);
|
|
|
|
|
free(real_path);
|
|
|
|
|
return 0;
|
|
|
|
|
|
