Updated README.md with usage instructions

Updated README.md with build instructions
Implemented GUI with zenity
2025-02-10 11:35:27 +01:00 · 2025-02-10 11:30:03 +01:00 · 2025-02-07 12:42:51 +01:00 · 2025-02-07 12:38:36 +01:00 · 2025-02-03 18:13:34 +01:00 · 2025-02-03 18:12:10 +01:00
10 changed files with 408 additions and 103 deletions
--- a/7
+++ b/7
@@ -19,10 +19,10 @@ else
 	LDFLAGS +=
 endif

-SOURCES_DIR := ./sources
+SOURCES_DIR := ./src
 BUILD_DIR := ./build

-build: $(BUILD_DIR)/main.o $(BUILD_DIR)/sourcefs.o
+build: $(BUILD_DIR)/main.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o
 	$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/icfs

 $(BUILD_DIR)/main.o: $(SOURCES_DIR)/main.c
@@ -31,5 +31,8 @@ $(BUILD_DIR)/main.o: $(SOURCES_DIR)/main.c
 $(BUILD_DIR)/sourcefs.o: $(SOURCES_DIR)/sourcefs.c $(SOURCES_DIR)/sourcefs.h
 	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@

+$(BUILD_DIR)/ui-socket.o: $(SOURCES_DIR)/ui-socket.c $(SOURCES_DIR)/ui-socket.h
+	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
+
 clean:
 	rm $(BUILD_DIR)/*
--- a/README.md
+++ b/README.md
@@ -2,14 +2,7 @@

 ## Motivation

-Traditional access control mechanisms in operating systems allow the same level
-of access to all processes running on behalf of the same user. This typically
-enables malicious processes to read and/or modify all data accessible to the
-user running a vulnerable application. It can be dealt using various mandatory
-access control mechanisms, but these are often complicated to configure and are
-rarely used in common user oriented scenarios. This thesis focuses on design
-and implementation of a file system layer which delegates the decision to allow
-or deny access to a file system object by a specific process to the user.
+Traditional access control mechanisms in operating systems allow the same level of access to all processes running on behalf of the same user. This typically enables malicious processes to read and/or modify all data accessible to the user running a vulnerable application. It can be dealt using various mandatory access control mechanisms, but these are often complicated to configure and are rarely used in common user oriented scenarios. This thesis focuses on design and implementation of a file system layer which delegates the decision to allow or deny access to a file system object by a specific process to the user.

 ## Goals

@@ -17,6 +10,24 @@ or deny access to a file system object by a specific process to the user.
 - Implement the solution using the FUSE framework
 - Test the solution and demonstrate its benefits

+## Building
+
+* Install dependencies
+    + fuse, libfuse (v3 or later)
+        - Debian: `sudo apt install fuse3 libfuse3-dev`
+    + zenity
+        - Debian: `sudo apt install zenity`
+* Build using `make`:
+    + In the project directory: `make`
+    + Use `make DEBUG=1` for testing.
+* Resulting binaries should appear in the `build` directory.
+
+## Usage
+
+`icfs <FUSE arguments> [target directory]`
+
+The filesystem will be mounted over the target directory, and ask user permission every time a file in that directory is opened.
+
 ## Docs

 - [Initial idea and motivation](./docs/bc-thesis-idea.md)
--- a/sources/sourcefs.c
+++ b/sources/sourcefs.c
@@ -1,75 +0,0 @@
-#define _GNU_SOURCE
-
-#include "sourcefs.h"
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-static struct source_files_handle {
-  int root_fd;
-} handle;
-
-const char *source_fname_translate(const char *filename) {
-  if (strcmp("/", filename) == 0) {
-    return ".";
-  } else {
-    return filename + 1;
-  }
-}
-
-int source_init(const char *root_path) {
-  int root_fd = open(root_path, O_PATH);
-
-  if (root_fd == -1) {
-    return -1;
-  }
-
-  handle.root_fd = root_fd;
-
-  return 0;
-}
-
-int source_mkdir(const char *filename, mode_t mode) {
-  const char *relative_filename = source_fname_translate(filename);
-  return mkdirat(handle.root_fd, relative_filename, mode);
-}
-
-int source_unlink(const char *filename) {
-  const char *relative_filename = source_fname_translate(filename);
-  return unlinkat(handle.root_fd, relative_filename, 0);
-}
-
-int source_stat(const char *restrict filename, struct stat *restrict statbuf) {
-  const char *relative_filename = source_fname_translate(filename);
-  return fstatat(handle.root_fd, relative_filename, statbuf, 0);
-}
-
-int source_rmdir(const char *filename) {
-  const char *relative_filename = source_fname_translate(filename);
-  return unlinkat(handle.root_fd, relative_filename, AT_REMOVEDIR);
-}
-
-int source_symlink(const char *target, const char *linkpath) {
-  const char *relative_linkpath = source_fname_translate(linkpath);
-  return symlinkat(target, handle.root_fd, relative_linkpath);
-}
-
-DIR *source_opendir(const char *filename) {
-  const char *relative_filename = source_fname_translate(filename);
-  int fd = openat(handle.root_fd, relative_filename, NULL);
-  if (fd < 0) {
-    perror("Openat failed");
-    return NULL;
-  }
-  DIR *dir_pointer = fdopendir(fd);
-  return dir_pointer;
-}
-
-int source_rename(const char *oldpath, const char *newpath) {
-  printf("{\"%s\", \"%s\"}\n", oldpath, newpath);
-  return -1;
-}
--- a/src/gui/ui/icfs.cmb
+++ b/src/gui/ui/icfs.cmb
@@ -0,0 +1,37 @@
+<?xml version='1.0' encoding='UTF-8' standalone='no'?>
+<!DOCTYPE cambalache-project SYSTEM "cambalache-project.dtd">
+<cambalache-project version="0.94.0" target_tk="gtk-4.0">
+  <ui>
+	(1,None,"icfs.ui","start_window.ui",None,None,None,None,None,None,None),
+	(3,None,None,"open-dialog.ui",None,None,None,None,None,None,None)
+  </ui>
+  <object>
+	(1,1,"AdwApplicationWindow",None,None,None,None,None,0,None,None),
+	(1,2,"AdwToolbarView",None,1,None,None,None,0,None,None),
+	(1,3,"AdwHeaderBar",None,2,None,"top",None,0,None,None),
+	(1,4,"AdwPreferencesPage",None,2,None,None,None,1,None,None),
+	(1,5,"AdwPreferencesGroup",None,4,None,None,None,0,None,None),
+	(1,6,"AdwEntryRow",None,5,None,None,None,0,None,None),
+	(1,7,"GtkButton",None,6,None,None,None,0,None,None),
+	(1,8,"GtkButton",None,3,None,"start",None,0,None,None),
+	(3,1,"AdwMessageDialog",None,None,None,None,None,0,None,None)
+  </object>
+  <object_property>
+	(1,1,"AdwApplicationWindow","content","2",None,None,None,None,2,None,None,None,None),
+	(1,1,"GtkWindow","title","ICFS",None,None,None,None,None,None,None,None,None),
+	(1,2,"AdwToolbarView","content",None,None,None,None,None,4,None,None,None,None),
+	(1,6,"AdwEntryRow","input-hints","no-spellcheck",None,None,None,None,None,None,None,None,None),
+	(1,6,"AdwEntryRow","input-purpose","url",None,None,None,None,None,None,None,None,None),
+	(1,6,"AdwPreferencesRow","title","Mountpoint",None,None,None,None,None,None,None,None,None),
+	(1,7,"GtkButton","has-frame","False",None,None,None,None,None,None,None,None,None),
+	(1,7,"GtkButton","icon-name","folder-open-symbolic",None,None,None,None,None,None,None,None,None),
+	(1,8,"GtkButton","label","Start",None,None,None,None,None,None,None,None,None),
+	(3,1,"AdwMessageDialog","body","Allow this process to open the file?",None,None,None,None,None,None,None,None,None),
+	(3,1,"AdwMessageDialog","default-response","deny",None,None,None,None,None,None,None,None,None),
+	(3,1,"AdwMessageDialog","heading","Allow Access?",None,None,None,None,None,None,None,None,None)
+  </object_property>
+  <object_data>
+	(1,8,"GtkWidget",2,2,None,1,None,None,None,None),
+	(1,8,"GtkWidget",2,3,None,1,None,None,None,None)
+  </object_data>
+</cambalache-project>
--- a/src/gui/ui/start_window.ui
+++ b/src/gui/ui/start_window.ui
@@ -0,0 +1,44 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!-- Created with Cambalache 0.94.1 -->
+<interface>
+  <!-- interface-name icfs.ui -->
+  <requires lib="gtk" version="4.12"/>
+  <requires lib="libadwaita" version="1.6"/>
+  <object class="AdwApplicationWindow">
+    <property name="content">
+      <object class="AdwToolbarView">
+        <property name="content">
+          <object class="AdwPreferencesPage">
+            <child>
+              <object class="AdwPreferencesGroup">
+                <child>
+                  <object class="AdwEntryRow">
+                    <property name="input-hints">no-spellcheck</property>
+                    <property name="input-purpose">url</property>
+                    <property name="title">Mountpoint</property>
+                    <child>
+                      <object class="GtkButton">
+                        <property name="has-frame">False</property>
+                        <property name="icon-name">folder-open-symbolic</property>
+                      </object>
+                    </child>
+                  </object>
+                </child>
+              </object>
+            </child>
+          </object>
+        </property>
+        <child type="top">
+          <object class="AdwHeaderBar">
+            <child type="start">
+              <object class="GtkButton">
+                <property name="label">Start</property>
+              </object>
+            </child>
+          </object>
+        </child>
+      </object>
+    </property>
+    <property name="title">ICFS</property>
+  </object>
+</interface>
--- a/sources/main.c
+++ b/sources/main.c
@@ -49,6 +49,7 @@
 #include <sys/file.h> /* flock(2) */

 #include "sourcefs.h"
+#include "ui-socket.h"

 const char *mountpoint = NULL;

@@ -217,6 +218,7 @@ static int xmp_releasedir(const char *path, struct fuse_file_info *fi) {
  return 0;
 }

+/*
 // TODO: make this work
 static int xmp_mknod(const char *path, mode_t mode, dev_t rdev) {
  int res;
@@ -230,6 +232,7 @@ static int xmp_mknod(const char *path, mode_t mode, dev_t rdev) {

  return 0;
 }
+*/

 static int xmp_mkdir(const char *path, mode_t mode) {
  int res;
@@ -288,7 +291,7 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
 static int xmp_link(const char *from, const char *to) {
  int res;

-  res = link(from, to);
+  res = source_link(from, to);
  if (res == -1)
    return -errno;

@@ -301,7 +304,7 @@ static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) {
  if (fi)
    res = fchmod(fi->fh, mode);
  else
-    res = chmod(path, mode);
+    res = source_chmod(path, mode);
  if (res == -1)
    return -errno;

@@ -315,7 +318,7 @@ static int xmp_chown(const char *path, uid_t uid, gid_t gid,
  if (fi)
    res = fchown(fi->fh, uid, gid);
  else
-    res = lchown(path, uid, gid);
+    res = source_chown(path, uid, gid);
  if (res == -1)
    return -errno;

@@ -329,7 +332,7 @@ static int xmp_truncate(const char *path, off_t size,
  if (fi)
    res = ftruncate(fi->fh, size);
  else
-    res = truncate(path, size);
+    res = source_truncate(path, size);

  if (res == -1)
    return -errno;
@@ -354,11 +357,50 @@ static int xmp_utimens(const char *path, const struct timespec ts[2],
 }
 #endif

+// TODO: move this to other file
+const char *get_process_name_by_pid(const int pid) {
+  char *name = (char *)calloc(1024, sizeof(char));
+  if (name) {
+    sprintf(name, "/proc/%d/cmdline", pid);
+    FILE *f = fopen(name, "r");
+    if (f) {
+      size_t size;
+      size = fread(name, sizeof(char), 1024, f);
+      if (size > 0) {
+        if ('\n' == name[size - 1])
+          name[size - 1] = '\0';
+      }
+      fclose(f);
+    }
+  }
+  return name;
+}
+
+// TODO: move this somewhere else
+const char *real_filename(const char *filename) { return filename; }
+
 static int xmp_create(const char *path, mode_t mode,
                      struct fuse_file_info *fi) {
  int fd;

-  fd = open(path, fi->flags, mode);
+  struct process_info pi;
+
+  struct fuse_context *fc = fuse_get_context();
+
+  pi.PID = fc->pid;
+  pi.UID = fc->uid;
+  pi.name = get_process_name_by_pid(pi.PID);
+
+  // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+
+  if (ask_access(real_filename(path), pi)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  free(pi.name);
+
+  fd = source_create(path, fi->flags, mode);
  if (fd == -1)
    return -errno;

@@ -369,7 +411,23 @@ static int xmp_create(const char *path, mode_t mode,
 static int xmp_open(const char *path, struct fuse_file_info *fi) {
  int fd;

-  fd = open(path, fi->flags);
+  struct process_info pi;
+
+  struct fuse_context *fc = fuse_get_context();
+
+  pi.PID = fc->pid;
+  pi.UID = fc->uid;
+  pi.name = get_process_name_by_pid(pi.PID);
+
+  // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+  if (ask_access(real_filename(path), pi)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  free(pi.name);
+
+  fd = source_open(path, fi->flags);
  if (fd == -1)
    return -errno;

@@ -386,6 +444,7 @@ static int xmp_open(const char *path, struct fuse_file_info *fi) {
  return 0;
 }

+/* Complete copy of the example method(no need to modify anything so far) */
 static int xmp_read(const char *path, char *buf, size_t size, off_t offset,
                    struct fuse_file_info *fi) {
  int res;
@@ -398,6 +457,7 @@ static int xmp_read(const char *path, char *buf, size_t size, off_t offset,
  return res;
 }

+/* Complete copy of the example method(no need to modify anything so far) */
 static int xmp_read_buf(const char *path, struct fuse_bufvec **bufp,
                        size_t size, off_t offset, struct fuse_file_info *fi) {
  struct fuse_bufvec *src;
@@ -419,6 +479,7 @@ static int xmp_read_buf(const char *path, struct fuse_bufvec **bufp,
  return 0;
 }

+/* Complete copy of the example method(no need to modify anything so far) */
 static int xmp_write(const char *path, const char *buf, size_t size,
                     off_t offset, struct fuse_file_info *fi) {
  int res;
@@ -431,6 +492,7 @@ static int xmp_write(const char *path, const char *buf, size_t size,
  return res;
 }

+/* Complete copy of the example method(no need to modify anything so far) */
 static int xmp_write_buf(const char *path, struct fuse_bufvec *buf,
                         off_t offset, struct fuse_file_info *fi) {
  struct fuse_bufvec dst = FUSE_BUFVEC_INIT(fuse_buf_size(buf));
@@ -454,6 +516,7 @@ static int xmp_statfs(const char *path, struct statvfs *stbuf) {
  return 0;
 }

+/* Complete copy of the example method(no need to modify anything so far) */
 static int xmp_flush(const char *path, struct fuse_file_info *fi) {
  int res;

@@ -470,6 +533,7 @@ static int xmp_flush(const char *path, struct fuse_file_info *fi) {
  return 0;
 }

+/* Complete copy of the example method(no need to modify anything so far) */
 static int xmp_release(const char *path, struct fuse_file_info *fi) {
  (void)path;
  close(fi->fh);
@@ -477,6 +541,7 @@ static int xmp_release(const char *path, struct fuse_file_info *fi) {
  return 0;
 }

+/* Complete copy of the example method(no need to modify anything so far) */
 static int xmp_fsync(const char *path, int isdatasync,
                     struct fuse_file_info *fi) {
  int res;
@@ -551,6 +616,7 @@ static int xmp_lock(const char *path, struct fuse_file_info *fi, int cmd,
 }
 #endif

+/* Complete copy of the example method(no need to modify anything so far) */
 static int xmp_flock(const char *path, struct fuse_file_info *fi, int op) {
  int res;
  (void)path;
@@ -580,6 +646,7 @@ static ssize_t xmp_copy_file_range(const char *path_in,
 }
 #endif

+/* Complete copy of the example method(no need to modify anything so far) */
 static off_t xmp_lseek(const char *path, off_t off, int whence,
                       struct fuse_file_info *fi) {
  off_t res;
@@ -592,15 +659,16 @@ static off_t xmp_lseek(const char *path, off_t off, int whence,
  return res;
 }

+// TODO: look trough "optional"(commented out) operations.
 static const struct fuse_operations xmp_oper = {
    .init = xmp_init,
    .getattr = xmp_getattr,
-    .access = xmp_access,
+    // .access = xmp_access,
    .readlink = xmp_readlink,
    .opendir = xmp_opendir,
    .readdir = xmp_readdir,
    .releasedir = xmp_releasedir,
-    .mknod = xmp_mknod,
+    //    .mknod = xmp_mknod,
    .mkdir = xmp_mkdir,
    .symlink = xmp_symlink,
    .unlink = xmp_unlink,
@@ -611,7 +679,7 @@ static const struct fuse_operations xmp_oper = {
    .chown = xmp_chown,
    .truncate = xmp_truncate,
 #ifdef HAVE_UTIMENSAT
-    .utimens = xmp_utimens,
+// .utimens = xmp_utimens,
 #endif
    .create = xmp_create,
    .open = xmp_open,
@@ -624,20 +692,20 @@ static const struct fuse_operations xmp_oper = {
    .release = xmp_release,
    .fsync = xmp_fsync,
 #ifdef HAVE_POSIX_FALLOCATE
-    .fallocate = xmp_fallocate,
+// .fallocate = xmp_fallocate,
 #endif
 #ifdef HAVE_SETXATTR
-    .setxattr = xmp_setxattr,
-    .getxattr = xmp_getxattr,
-    .listxattr = xmp_listxattr,
-    .removexattr = xmp_removexattr,
+// .setxattr = xmp_setxattr,
+// .getxattr = xmp_getxattr,
+// .listxattr = xmp_listxattr,
+// .removexattr = xmp_removexattr,
 #endif
 #ifdef HAVE_LIBULOCKMGR
-    .lock = xmp_lock,
+// .lock = xmp_lock,
 #endif
    .flock = xmp_flock,
 #ifdef HAVE_COPY_FILE_RANGE
-    .copy_file_range = xmp_copy_file_range,
+// .copy_file_range = xmp_copy_file_range,
 #endif
    .lseek = xmp_lseek,
 };
@@ -651,9 +719,17 @@ int main(int argc, char *argv[]) {

  int ret = source_init(mountpoint);
  if (ret != 0) {
-    perror("Failed to initialize filesystem.");
+    perror("source_init");
    exit(EXIT_FAILURE);
  }

-  return fuse_main(argc, argv, &xmp_oper, NULL);
+  ret = init_ui_socket("/home/fedir/.icfs-sock");
+  if (ret != 0) {
+    perror("init_ui_socket");
+    exit(EXIT_FAILURE);
+  }
+
+  ret = fuse_main(argc, argv, &xmp_oper, NULL);
+  free(mountpoint);
+  return ret;
 }
--- a/src/sourcefs.c
+++ b/src/sourcefs.c
@@ -0,0 +1,116 @@
+#define _GNU_SOURCE
+
+#include "sourcefs.h"
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+static struct source_files_handle {
+  int root_fd;
+} handle;
+
+const char *source_filename_translate(const char *filename) {
+  if (strcmp("/", filename) == 0) {
+    return ".";
+  } else {
+    return filename + 1;
+  }
+}
+
+int source_init(const char *root_path) {
+  int root_fd = open(root_path, O_PATH);
+
+  if (root_fd == -1) {
+    return -1;
+  }
+
+  handle.root_fd = root_fd;
+
+  return 0;
+}
+
+int source_mkdir(const char *filename, mode_t mode) {
+  const char *relative_filename = source_filename_translate(filename);
+  return mkdirat(handle.root_fd, relative_filename, mode);
+}
+
+int source_unlink(const char *filename) {
+  const char *relative_filename = source_filename_translate(filename);
+  return unlinkat(handle.root_fd, relative_filename, 0);
+}
+
+int source_stat(const char *restrict filename, struct stat *restrict statbuf) {
+  const char *relative_filename = source_filename_translate(filename);
+  return fstatat(handle.root_fd, relative_filename, statbuf, 0);
+}
+
+int source_rmdir(const char *filename) {
+  const char *relative_filename = source_filename_translate(filename);
+  return unlinkat(handle.root_fd, relative_filename, AT_REMOVEDIR);
+}
+
+int source_symlink(const char *target, const char *linkpath) {
+  const char *relative_linkpath = source_filename_translate(linkpath);
+  return symlinkat(target, handle.root_fd, relative_linkpath);
+}
+
+DIR *source_opendir(const char *filename) {
+  const char *relative_filename = source_filename_translate(filename);
+  int fd = openat(handle.root_fd, relative_filename, NULL);
+  if (fd < 0) {
+    perror("Openat failed");
+    return NULL;
+  }
+  DIR *dir_pointer = fdopendir(fd);
+  return dir_pointer;
+}
+
+int source_rename(const char *oldpath, const char *newpath) {
+  const char *relative_oldpath = source_filename_translate(oldpath);
+  const char *relative_newpath = source_filename_translate(newpath);
+  return renameat(handle.root_fd, relative_oldpath, handle.root_fd,
+                  relative_newpath);
+}
+
+int source_link(const char *oldpath, const char *newpath) {
+  const char *relative_oldpath = source_filename_translate(oldpath);
+  const char *relative_newpath = source_filename_translate(newpath);
+  return linkat(handle.root_fd, relative_oldpath, handle.root_fd,
+                relative_newpath, 0);
+  // NOTE: perhaps the flags here need to be reevaluated.
+}
+
+int source_chmod(const char *filename, mode_t mode) {
+  const char *relative_filename = source_filename_translate(filename);
+  return fchmodat(handle.root_fd, relative_filename, mode, 0);
+  // NOTE: perhaps the flags here need to be reevaluated.
+}
+
+int source_chown(const char *filename, uid_t owner, gid_t group) {
+  const char *relative_filename = source_filename_translate(filename);
+  return fchownat(handle.root_fd, filename, owner, group, AT_SYMLINK_NOFOLLOW);
+}
+
+int source_truncate(const char *filename, off_t length) {
+  const char *relative_filename = source_filename_translate(filename);
+  int fd = openat(handle.root_fd, relative_filename, NULL);
+  if (fd < 0) {
+    perror("Openat failed");
+    return -1;
+  }
+  return ftruncate(fd, length);
+}
+
+int source_open(const char *filename, int flags) {
+  const char *relative_filename = source_filename_translate(filename);
+  return openat(handle.root_fd, relative_filename, flags);
+}
+
+int source_create(const char *filename, int flags, mode_t mode) {
+  const char *relative_filename = source_filename_translate(filename);
+  return openat(handle.root_fd, relative_filename, flags, mode);
+}
--- a/sources/sourcefs.h
+++ b/sources/sourcefs.h
@@ -33,4 +33,19 @@ int source_symlink(const char *target, const char *linkpath);

 int source_rename(const char *oldpath, const char *newpath);

+int source_link(const char *oldpath, const char *newpath);
+
+int source_chmod(const char *filename, mode_t mode);
+
+int source_chown(const char *filename, uid_t owner, gid_t group);
+
+int source_truncate(const char *filename, off_t length);
+
+/* `open` and `create` are designed to correspond to fuse operations, not the
+ * libc's `open(2)`. Both of them actually call `openat`. */
+
+int source_open(const char *filename, int flags);
+
+int source_create(const char *filename, int flags, mode_t mode);
+
 #endif // !SOURCEFS_H
--- a/src/ui-socket.c
+++ b/src/ui-socket.c
@@ -0,0 +1,56 @@
+#include <stddef.h>
+#include <sys/types.h>
+#define _GNU_SOURCE
+#include "ui-socket.h"
+#include <errno.h>
+#include <pthread.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+
+int init_ui_socket(const char *filename) {
+  char line[256];
+  FILE *fp;
+
+  // Test if Zenity is installed (get version)
+  fp = popen("zenity --version", "r");
+  if (fp == NULL) {
+    perror("Pipe returned a error");
+    return 1;
+  } else {
+    while (fgets(line, sizeof(line), fp))
+      printf("%s", line);
+    pclose(fp);
+    return 0;
+  }
+}
+
+/*
+ * This function is called from the FUSE operations functions. Those are called
+ * from separate threads. Therefore, there can be multiple threads that try to
+ * ask for access at the same time, but we have to
+ */
+
+int ask_access(const char *filename, struct process_info pi) {
+
+  FILE *fp;
+  size_t command_len =
+      139 + sizeof(pid_t) * 8 + strlen(pi.name) + strlen(filename);
+  char *command = (char *)malloc(command_len);
+  snprintf(command, command_len,
+           "zenity --question --title \"Allow Access?\" --text \"Allow process "
+           "<tt>%s</tt> with PID <tt>%d</tt> to access <tt>%s</tt>\"",
+           pi.name, pi.PID, filename);
+  // Zenity Question Message Popup
+  fp = popen(command, "r");
+  free(command);
+  if (fp == NULL) {
+    perror("Pipe returned a error");
+    return -1;
+  } else {
+    return WEXITSTATUS(pclose(fp));
+  }
+}
--- a/src/ui-socket.h
+++ b/src/ui-socket.h
@@ -0,0 +1,22 @@
+
+/*
+ * Interface for controlling communication with the UI.
+ */
+
+#ifndef UI_SOCKET_H
+#define UI_SOCKET_H
+
+#include <sys/types.h>
+
+struct process_info {
+  pid_t PID;
+  const char *name;
+  uid_t UID;
+};
+
+// For default socket location, set socket_path = NULL.
+int init_ui_socket(const char *socket_path);
+
+int ask_access(const char *filename, struct process_info pi);
+
+#endif // !UI_SOCKET_H
Author	SHA1	Message	Date
BritishTeapot	0719755ea1	Updated README.md with usage instructions	2025-02-10 11:35:27 +01:00
BritishTeapot	688048079f	Updated README.md with build instructions	2025-02-10 11:30:03 +01:00
fedir	93588036aa	Implemented GUI with zenity Now the program is completely functional and is using zenity dialogues. `sources` directory was renamed to `src`. UI related stuff was moved to `src/gui/ui`.	2025-02-07 12:42:51 +01:00
fedir	81a955888e	Updated Makefile	2025-02-07 12:38:36 +01:00
BritishTeapot	8f8841c7d9	Added start window description	2025-02-03 18:13:34 +01:00
BritishTeapot	1fa6c306db	Added Cambalache gui file	2025-02-03 18:12:10 +01:00
fedir	e0b69cfea1	Improved ui socket and made open and create send requests.	2024-12-25 17:07:52 +01:00
fedir	3cbe520916	Edited Makefile to compite ui socket.	2024-12-25 17:06:56 +01:00
fedir	e2014f03f1	Basic socket communication	2024-12-25 11:00:35 +01:00
fedir	dadcc6476b	Added the ui-socket.h. Two new issues to solve: * Should the ui communication component also be the one that manages permissions? * The format of data sent (protocol) needs definition.	2024-12-20 08:48:21 +01:00
fedir	1646b2fe3f	Resolved merge conflict in favor of `basic-passthrough`	2024-12-17 10:29:56 +01:00
fedir	bfc22c79e0	Implemented the passthrough. Passthrough is usable now. There have been issues with the `access` operation: it's unclear what it must return, since the answer isn't known at the time when it is called. If it always returns "denied", many applications would finish without trying to open a file, thinking the access would not be granted after `access` call. Although always returning "permitted" seems like a better choice, it still might cause unexpected behaviour. Perhaps one way to solve this, is actually asking user whether to allow access. In any case, this issue needs to be looked into.	2024-12-17 10:11:59 +01:00
fedir	ff6a8713d3	Removed useless comments from main.c.	2024-11-20 10:35:58 +01:00