add private-bin support to profile builder

author: netblue30 <netblue30@yahoo.com> 2017-09-19 09:47:26 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-09-19 09:47:26 -0400
commit: cbbc90381b41156c16bcb30934a10c843c8298c0 (patch)
tree: e21319a023b5883eb3aa5a50b4bd27e19e047a49 /src/fbuilder/build_bin.c
parent: update KDE whitelist (diff)
download: firejail-cbbc90381b41156c16bcb30934a10c843c8298c0.tar.gz
firejail-cbbc90381b41156c16bcb30934a10c843c8298c0.tar.zst
firejail-cbbc90381b41156c16bcb30934a10c843c8298c0.zip
1 files changed, 121 insertions, 0 deletions
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c
new file mode 100644
index 000000000..7d0e2cb7c
--- /dev/null
+++ b/src/fbuilder/build_bin.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2014-2017 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "fbuilder.h"
+static FileDB *bin_out = NULL;
+static void process_bin(const char *fname) {
+        assert(fname);
+        
+        // process trace file
+        FILE *fp = fopen(fname, "r");
+        if (!fp) {
+                fprintf(stderr, "Error: cannot open %s\n", fname);
+                exit(1);
+        }
+        
+        char buf[MAX_BUF];
+        while (fgets(buf, MAX_BUF, fp)) {
+                // remove \n
+                char *ptr = strchr(buf, '\n');
+                if (ptr)
+                        *ptr = '\0';
+        
+                // parse line: 4:galculator:access /etc/fonts/conf.d:0
+                // number followed by :
+                ptr = buf;
+                if (!isdigit(*ptr))
+                        continue;
+                while (isdigit(*ptr))
+                        ptr++;
+                if (*ptr != ':')
+                        continue;
+                ptr++;
+                // next :
+                ptr = strchr(ptr, ':');
+                if (!ptr)
+                        continue;
+                ptr++;
+                if (strncmp(ptr, "exec ", 5) == 0)
+                        ptr +=  5;
+                else
+                        continue;
+                if (strncmp(ptr, "/bin/", 5) == 0)
+                        ptr += 5;
+                else if (strncmp(ptr, "/sbin/", 6) == 0)
+                        ptr += 6;
+                else if (strncmp(ptr, "/usr/bin/", 9) == 0)
+                        ptr += 9;
+                else if (strncmp(ptr, "/usr/sbin/", 10) == 0)
+                        ptr += 10;
+                else if (strncmp(ptr, "/usr/local/bin/", 15) == 0)
+                        ptr += 15;
+                else if (strncmp(ptr, "/usr/local/sbin/", 16) == 0)
+                        ptr += 16;
+                else if (strncmp(ptr, "/usr/games/", 11) == 0)
+                        ptr += 12;
+                else if (strncmp(ptr, "/usr/local/games/", 17) == 0)
+                        ptr += 17;
+                else
+                        continue;
+                // end of filename
+                char *ptr2 = strchr(ptr, ':');
+                if (!ptr2)
+                        continue;
+                *ptr2 = '\0';
+                
+                bin_out = filedb_add(bin_out, ptr);
+        }
+        
+        fclose(fp);
+}
+// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
+void build_bin(const char *fname) {
+        assert(fname);
+        
+        // run fname
+        process_bin(fname);
+        
+        // run all the rest
+        struct stat s;
+        int i;
+        for (i = 1; i <= 5; i++) {
+                char *newname;
+                if (asprintf(&newname, "%s.%d", fname, i) == -1)
+                        errExit("asprintf");
+                if (stat(newname, &s) == 0)
+                        process_bin(newname);
+                free(newname);
+        }
+        if (bin_out) {
+                printf("# private-bin ");
+                FileDB *ptr = bin_out;
+                while (ptr) {
+                        printf("%s,", ptr->fname);
+                        ptr = ptr->next;
+                }
+                printf("\n");
+        }
+}
author	netblue30 <netblue30@yahoo.com>	2017-09-19 09:47:26 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-09-19 09:47:26 -0400
commit	cbbc90381b41156c16bcb30934a10c843c8298c0 (patch)
tree	e21319a023b5883eb3aa5a50b4bd27e19e047a49 /src/fbuilder/build_bin.c
parent	update KDE whitelist (diff)
download	firejail-cbbc90381b41156c16bcb30934a10c843c8298c0.tar.gz firejail-cbbc90381b41156c16bcb30934a10c843c8298c0.tar.zst firejail-cbbc90381b41156c16bcb30934a10c843c8298c0.zip

diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c new file mode 100644 index 000000000..7d0e2cb7c --- /dev/null +++ b/src/fbuilder/build_bin.c
@@ -0,0 +1,121 @@
	1	/*
	2	* Copyright (C) 2014-2017 Firejail Authors
	3	*
	4	* This file is part of firejail project
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	19	*/
	20	#include "fbuilder.h"
	21
	22	static FileDB *bin_out = NULL;
	23
	24	static void process_bin(const char *fname) {
	25	assert(fname);
	26
	27	// process trace file
	28	FILE *fp = fopen(fname, "r");
	29	if (!fp) {
	30	fprintf(stderr, "Error: cannot open %s\n", fname);
	31	exit(1);
	32	}
	33
	34	char buf[MAX_BUF];
	35	while (fgets(buf, MAX_BUF, fp)) {
	36	// remove \n
	37	char *ptr = strchr(buf, '\n');
	38	if (ptr)
	39	*ptr = '\0';
	40
	41	// parse line: 4:galculator:access /etc/fonts/conf.d:0
	42	// number followed by :
	43	ptr = buf;
	44	if (!isdigit(*ptr))
	45	continue;
	46	while (isdigit(*ptr))
	47	ptr++;
	48	if (*ptr != ':')
	49	continue;
	50	ptr++;
	51
	52	// next :
	53	ptr = strchr(ptr, ':');
	54	if (!ptr)
	55	continue;
	56	ptr++;
	57	if (strncmp(ptr, "exec ", 5) == 0)
	58	ptr += 5;
	59	else
	60	continue;
	61	if (strncmp(ptr, "/bin/", 5) == 0)
	62	ptr += 5;
	63	else if (strncmp(ptr, "/sbin/", 6) == 0)
	64	ptr += 6;
	65	else if (strncmp(ptr, "/usr/bin/", 9) == 0)
	66	ptr += 9;
	67	else if (strncmp(ptr, "/usr/sbin/", 10) == 0)
	68	ptr += 10;
	69	else if (strncmp(ptr, "/usr/local/bin/", 15) == 0)
	70	ptr += 15;
	71	else if (strncmp(ptr, "/usr/local/sbin/", 16) == 0)
	72	ptr += 16;
	73	else if (strncmp(ptr, "/usr/games/", 11) == 0)
	74	ptr += 12;
	75	else if (strncmp(ptr, "/usr/local/games/", 17) == 0)
	76	ptr += 17;
	77	else
	78	continue;
	79
	80	// end of filename
	81	char *ptr2 = strchr(ptr, ':');
	82	if (!ptr2)
	83	continue;
	84	*ptr2 = '\0';
	85
	86	bin_out = filedb_add(bin_out, ptr);
	87	}
	88
	89	fclose(fp);
	90	}
	91
	92
	93	// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
	94	void build_bin(const char *fname) {
	95	assert(fname);
	96
	97	// run fname
	98	process_bin(fname);
	99
	100	// run all the rest
	101	struct stat s;
	102	int i;
	103	for (i = 1; i <= 5; i++) {
	104	char *newname;
	105	if (asprintf(&newname, "%s.%d", fname, i) == -1)
	106	errExit("asprintf");
	107	if (stat(newname, &s) == 0)
	108	process_bin(newname);
	109	free(newname);
	110	}
	111
	112	if (bin_out) {
	113	printf("# private-bin ");
	114	FileDB *ptr = bin_out;
	115	while (ptr) {
	116	printf("%s,", ptr->fname);
	117	ptr = ptr->next;
	118	}
	119	printf("\n");
	120	}
	121	}