diff options
author | netblue30 <netblue30@yahoo.com> | 2018-08-28 13:04:13 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-08-28 13:04:13 -0400 |
commit | 8ce3b7ab971d6ab02463fd6c7591a73465526cb1 (patch) | |
tree | 2df83450626433978a970dbae4fb38d84754600e /src/fbuilder/build_fs.c | |
parent | memory leaks (diff) | |
download | firejail-8ce3b7ab971d6ab02463fd6c7591a73465526cb1.tar.gz firejail-8ce3b7ab971d6ab02463fd6c7591a73465526cb1.tar.zst firejail-8ce3b7ab971d6ab02463fd6c7591a73465526cb1.zip |
fbuider cleanup
Diffstat (limited to 'src/fbuilder/build_fs.c')
-rw-r--r-- | src/fbuilder/build_fs.c | 101 |
1 files changed, 42 insertions, 59 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 2d63c6fb9..771dc94cb 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -21,20 +21,19 @@ | |||
21 | #include "fbuilder.h" | 21 | #include "fbuilder.h" |
22 | 22 | ||
23 | // common file processing function, using the callback for each line in the file | 23 | // common file processing function, using the callback for each line in the file |
24 | static void process_file(char *fname, FILE *fp, const char *dir, void (*callback)(char *)) { | 24 | static void process_file(const char *fname, const char *dir, void (*callback)(char *)) { |
25 | assert(fname); | 25 | assert(fname); |
26 | assert(fp); | ||
27 | assert(dir); | 26 | assert(dir); |
28 | assert(callback); | 27 | assert(callback); |
29 | 28 | ||
30 | int dir_len = strlen(dir); | 29 | int dir_len = strlen(dir); |
31 | 30 | ||
32 | // process trace file | 31 | // process trace file |
33 | /* FILE *fp = fdopen(fd, "r"); */ | 32 | FILE *fp = fopen(fname, "r"); |
34 | /* if (!fp) { */ | 33 | if (!fp) { |
35 | /* fprintf(stderr, "Error: cannot open %s\n", fname); */ | 34 | fprintf(stderr, "Error: cannot open %s\n", fname); |
36 | /* exit(1); */ | 35 | exit(1); |
37 | /* } */ | 36 | } |
38 | 37 | ||
39 | char buf[MAX_BUF]; | 38 | char buf[MAX_BUF]; |
40 | while (fgets(buf, MAX_BUF, fp)) { | 39 | while (fgets(buf, MAX_BUF, fp)) { |
@@ -83,18 +82,17 @@ static void process_file(char *fname, FILE *fp, const char *dir, void (*callback | |||
83 | callback(ptr); | 82 | callback(ptr); |
84 | } | 83 | } |
85 | 84 | ||
86 | /* fclose(fp); */ | 85 | fclose(fp); |
87 | } | 86 | } |
88 | 87 | ||
89 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 | 88 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 |
90 | static void process_files(char *fname, FILE *fp, const char *dir, void (*callback)(char *)) { | 89 | static void process_files(const char *fname, const char *dir, void (*callback)(char *)) { |
91 | assert(fname); | 90 | assert(fname); |
92 | assert(fp); | ||
93 | assert(dir); | 91 | assert(dir); |
94 | assert(callback); | 92 | assert(callback); |
95 | 93 | ||
96 | // run fname | 94 | // run fname |
97 | process_file(fname, fp, dir, callback); | 95 | process_file(fname, dir, callback); |
98 | 96 | ||
99 | // run all the rest | 97 | // run all the rest |
100 | struct stat s; | 98 | struct stat s; |
@@ -103,13 +101,8 @@ static void process_files(char *fname, FILE *fp, const char *dir, void (*callbac | |||
103 | char *newname; | 101 | char *newname; |
104 | if (asprintf(&newname, "%s.%d", fname, i) == -1) | 102 | if (asprintf(&newname, "%s.%d", fname, i) == -1) |
105 | errExit("asprintf"); | 103 | errExit("asprintf"); |
106 | if (stat(newname, &s) == 0) { | 104 | if (stat(newname, &s) == 0) |
107 | int nfd = open(newname, O_RDONLY); | 105 | process_file(newname, dir, callback); |
108 | FILE *nfp = fdopen(nfd, "r"); | ||
109 | process_file(newname, nfp, dir, callback); | ||
110 | fclose(nfp); | ||
111 | unlink(newname); | ||
112 | } | ||
113 | free(newname); | 106 | free(newname); |
114 | } | 107 | } |
115 | } | 108 | } |
@@ -132,23 +125,21 @@ static void etc_callback(char *ptr) { | |||
132 | etc_out = filedb_add(etc_out, ptr); | 125 | etc_out = filedb_add(etc_out, ptr); |
133 | } | 126 | } |
134 | 127 | ||
135 | void build_etc(char *fname, FILE *fp, FILE *fpo) { | 128 | void build_etc(const char *fname, FILE *fp) { |
136 | assert(fname); | 129 | assert(fname); |
137 | assert(fp); | ||
138 | assert(fpo); | ||
139 | 130 | ||
140 | process_files(fname, fp, "/etc", etc_callback); | 131 | process_files(fname, "/etc", etc_callback); |
141 | 132 | ||
142 | fprintf(fpo, "private-etc "); | 133 | fprintf(fp, "private-etc "); |
143 | if (etc_out == NULL) | 134 | if (etc_out == NULL) |
144 | fprintf(fpo, "none\n"); | 135 | fprintf(fp, "none\n"); |
145 | else { | 136 | else { |
146 | FileDB *ptr = etc_out; | 137 | FileDB *ptr = etc_out; |
147 | while (ptr) { | 138 | while (ptr) { |
148 | fprintf(fpo, "%s,", ptr->fname); | 139 | fprintf(fp, "%s,", ptr->fname); |
149 | ptr = ptr->next; | 140 | ptr = ptr->next; |
150 | } | 141 | } |
151 | fprintf(fpo, "\n"); | 142 | fprintf(fp, "\n"); |
152 | } | 143 | } |
153 | } | 144 | } |
154 | 145 | ||
@@ -169,17 +160,15 @@ static void var_callback(char *ptr) { | |||
169 | var_out = filedb_add(var_out, ptr); | 160 | var_out = filedb_add(var_out, ptr); |
170 | } | 161 | } |
171 | 162 | ||
172 | void build_var(char *fname, FILE *fp, FILE *fpo) { | 163 | void build_var(const char *fname, FILE *fp) { |
173 | assert(fname); | 164 | assert(fname); |
174 | assert(fp); | ||
175 | assert(fpo); | ||
176 | 165 | ||
177 | process_files(fname, fp, "/var", var_callback); | 166 | process_files(fname, "/var", var_callback); |
178 | 167 | ||
179 | if (var_out == NULL) | 168 | if (var_out == NULL) |
180 | fprintf(fpo, "blacklist /var\n"); | 169 | fprintf(fp, "blacklist /var\n"); |
181 | else | 170 | else |
182 | filedb_print(var_out, "whitelist ", fpo); | 171 | filedb_print(var_out, "whitelist ", fp); |
183 | } | 172 | } |
184 | 173 | ||
185 | 174 | ||
@@ -208,17 +197,15 @@ static void share_callback(char *ptr) { | |||
208 | share_out = filedb_add(share_out, ptr); | 197 | share_out = filedb_add(share_out, ptr); |
209 | } | 198 | } |
210 | 199 | ||
211 | void build_share(char *fname, FILE *fp, FILE *fpo) { | 200 | void build_share(const char *fname, FILE *fp) { |
212 | assert(fname); | 201 | assert(fname); |
213 | assert(fp); | ||
214 | assert(fpo); | ||
215 | 202 | ||
216 | process_files(fname, fp, "/usr/share", share_callback); | 203 | process_files(fname, "/usr/share", share_callback); |
217 | 204 | ||
218 | if (share_out == NULL) | 205 | if (share_out == NULL) |
219 | fprintf(fpo, "blacklist /usr/share\n"); | 206 | fprintf(fp, "blacklist /usr/share\n"); |
220 | else | 207 | else |
221 | filedb_print(share_out, "whitelist ", fpo); | 208 | filedb_print(share_out, "whitelist ", fp); |
222 | } | 209 | } |
223 | 210 | ||
224 | //******************************************* | 211 | //******************************************* |
@@ -229,23 +216,21 @@ static void tmp_callback(char *ptr) { | |||
229 | filedb_add(tmp_out, ptr); | 216 | filedb_add(tmp_out, ptr); |
230 | } | 217 | } |
231 | 218 | ||
232 | void build_tmp(char *fname, FILE *fp, FILE *fpo) { | 219 | void build_tmp(const char *fname, FILE *fp) { |
233 | assert(fname); | 220 | assert(fname); |
234 | assert(fp); | ||
235 | assert(fpo); | ||
236 | 221 | ||
237 | process_files(fname, fp, "/tmp", tmp_callback); | 222 | process_files(fname, "/tmp", tmp_callback); |
238 | 223 | ||
239 | if (tmp_out == NULL) | 224 | if (tmp_out == NULL) |
240 | fprintf(fpo, "private-tmp\n"); | 225 | fprintf(fp, "private-tmp\n"); |
241 | else { | 226 | else { |
242 | fprintf(fpo, "\n"); | 227 | fprintf(fp, "\n"); |
243 | fprintf(fpo, "# private-tmp\n"); | 228 | fprintf(fp, "# private-tmp\n"); |
244 | fprintf(fpo, "# File accessed in /tmp directory:\n"); | 229 | fprintf(fp, "# File accessed in /tmp directory:\n"); |
245 | fprintf(fpo, "# "); | 230 | fprintf(fp, "# "); |
246 | FileDB *ptr = tmp_out; | 231 | FileDB *ptr = tmp_out; |
247 | while (ptr) { | 232 | while (ptr) { |
248 | fprintf(fpo, "%s,", ptr->fname); | 233 | fprintf(fp, "%s,", ptr->fname); |
249 | ptr = ptr->next; | 234 | ptr = ptr->next; |
250 | } | 235 | } |
251 | printf("\n"); | 236 | printf("\n"); |
@@ -309,26 +294,24 @@ static void dev_callback(char *ptr) { | |||
309 | filedb_add(dev_out, ptr); | 294 | filedb_add(dev_out, ptr); |
310 | } | 295 | } |
311 | 296 | ||
312 | void build_dev(char *fname, FILE *fp, FILE *fpo) { | 297 | void build_dev(const char *fname, FILE *fp) { |
313 | assert(fname); | 298 | assert(fname); |
314 | assert(fp); | ||
315 | assert(fpo); | ||
316 | 299 | ||
317 | process_files(fname, fp, "/dev", dev_callback); | 300 | process_files(fname, "/dev", dev_callback); |
318 | 301 | ||
319 | if (dev_out == NULL) | 302 | if (dev_out == NULL) |
320 | fprintf(fpo, "private-dev\n"); | 303 | fprintf(fp, "private-dev\n"); |
321 | else { | 304 | else { |
322 | fprintf(fpo, "\n"); | 305 | fprintf(fp, "\n"); |
323 | fprintf(fpo, "# private-dev\n"); | 306 | fprintf(fp, "# private-dev\n"); |
324 | fprintf(fpo, "# This is the list of devices accessed (on top of regular private-dev devices:\n"); | 307 | fprintf(fp, "# This is the list of devices accessed (on top of regular private-dev devices:\n"); |
325 | fprintf(fpo, "# "); | 308 | fprintf(fp, "# "); |
326 | FileDB *ptr = dev_out; | 309 | FileDB *ptr = dev_out; |
327 | while (ptr) { | 310 | while (ptr) { |
328 | fprintf(fpo, "%s,", ptr->fname); | 311 | fprintf(fp, "%s,", ptr->fname); |
329 | ptr = ptr->next; | 312 | ptr = ptr->next; |
330 | } | 313 | } |
331 | fprintf(fpo, "\n"); | 314 | fprintf(fp, "\n"); |
332 | } | 315 | } |
333 | } | 316 | } |
334 | 317 | ||