more --build

author: netblue30 <netblue30@protonmail.com> 2021-05-06 15:39:36 -0400
committer: netblue30 <netblue30@protonmail.com> 2021-05-06 15:39:36 -0400
commit: 43e47483ff94753655ade1e633e973725d8fb505 (patch)
tree: f4f69043bcb37fd62c6d60da57cad5b6027f46c5 /src/fbuilder/filedb.c
parent: some wireshark hardening (#4245) (diff)
download: firejail-43e47483ff94753655ade1e633e973725d8fb505.tar.gz
firejail-43e47483ff94753655ade1e633e973725d8fb505.tar.zst
firejail-43e47483ff94753655ade1e633e973725d8fb505.zip
1 files changed, 48 insertions, 1 deletions
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c
index 6e302a606..94a226cb7 100644
--- a/src/fbuilder/filedb.c
+++ b/src/fbuilder/filedb.c
@@ -20,7 +20,9 @@
 #include "fbuilder.h"
+// find exact name or an exact name in a parent directory
 FileDB *filedb_find(FileDB *head, const char *fname) {
+        assert(fname);
        FileDB *ptr = head;
        int found = 0;
        int len = strlen(fname);
@@ -52,6 +54,8 @@ FileDB *filedb_find(FileDB *head, const char *fname) {
 FileDB *filedb_add(FileDB *head, const char *fname) {
        assert(fname);
+        // todo: support fnames such as ${RUNUSER}/.mutter-Xwaylandauth.*
        // don't add it if it is already there or if the parent directory is already in the list
        if (filedb_find(head, fname))
                return head;
@@ -70,9 +74,52 @@ FileDB *filedb_add(FileDB *head, const char *fname) {
 };
 void filedb_print(FileDB *head, const char *prefix, FILE *fp) {
+        assert(head);
+        assert(prefix);
        FileDB *ptr = head;
        while (ptr) {
-                fprintf(fp, "%s%s\n", prefix, ptr->fname);
+                if (fp)
+                        fprintf(fp, "%s%s\n", prefix, ptr->fname);
+                else
+                        printf("%s%s\n", prefix, ptr->fname);
                ptr = ptr->next;
        }
 }
+FileDB *filedb_load_whitelist(FileDB *head, const char *fname, const char *prefix) {
+        assert(fname);
+        assert(prefix);
+        int len = strlen(prefix);
+        char *f;
+        if (asprintf(&f, "%s/%s", SYSCONFDIR, fname) == -1)
+                errExit("asprintf");
+        FILE *fp = fopen(f, "r");
+        if (!fp) {
+                fprintf(stderr, "Error: cannot open whitelist-common.inc\n");
+                free(f);
+                exit(1);
+        }
+        char buf[MAX_BUF];
+        while (fgets(buf, MAX_BUF, fp)) {
+                if (strncmp(buf, prefix, len) != 0)
+                        continue;
+                char *fn = buf + len;
+                char *ptr = strchr(buf, '\n');
+                if (!ptr)
+                        continue;
+                *ptr = '\0';
+                // add the file to skip list
+                head = filedb_add(head, fn);
+        }
+        fclose(fp);
+        free(f);
+//printf("***************************************************\n");
+//filedb_print(head, prefix, NULL);
+//printf("***************************************************\n");
+        return head;
+}
author	netblue30 <netblue30@protonmail.com>	2021-05-06 15:39:36 -0400
committer	netblue30 <netblue30@protonmail.com>	2021-05-06 15:39:36 -0400
commit	43e47483ff94753655ade1e633e973725d8fb505 (patch)
tree	f4f69043bcb37fd62c6d60da57cad5b6027f46c5 /src/fbuilder/filedb.c
parent	some wireshark hardening (#4245) (diff)
download	firejail-43e47483ff94753655ade1e633e973725d8fb505.tar.gz firejail-43e47483ff94753655ade1e633e973725d8fb505.tar.zst firejail-43e47483ff94753655ade1e633e973725d8fb505.zip

diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c index 6e302a606..94a226cb7 100644 --- a/src/fbuilder/filedb.c +++ b/src/fbuilder/filedb.c
@@ -20,7 +20,9 @@
20		20
21	#include "fbuilder.h"	21	#include "fbuilder.h"
22		22
		23	// find exact name or an exact name in a parent directory
23	FileDB filedb_find(FileDB head, const char *fname) {	24	FileDB filedb_find(FileDB head, const char *fname) {
		25	assert(fname);
24	FileDB *ptr = head;	26	FileDB *ptr = head;
25	int found = 0;	27	int found = 0;
26	int len = strlen(fname);	28	int len = strlen(fname);
@@ -52,6 +54,8 @@ FileDB filedb_find(FileDB head, const char *fname) {
52	FileDB filedb_add(FileDB head, const char *fname) {	54	FileDB filedb_add(FileDB head, const char *fname) {
53	assert(fname);	55	assert(fname);
54		56
		57	// todo: support fnames such as ${RUNUSER}/.mutter-Xwaylandauth.*
		58
55	// don't add it if it is already there or if the parent directory is already in the list	59	// don't add it if it is already there or if the parent directory is already in the list
56	if (filedb_find(head, fname))	60	if (filedb_find(head, fname))
57	return head;	61	return head;
@@ -70,9 +74,52 @@ FileDB filedb_add(FileDB head, const char *fname) {
70	};	74	};
71		75
72	void filedb_print(FileDB head, const char prefix, FILE *fp) {	76	void filedb_print(FileDB head, const char prefix, FILE *fp) {
		77	assert(head);
		78	assert(prefix);
		79
73	FileDB *ptr = head;	80	FileDB *ptr = head;
74	while (ptr) {	81	while (ptr) {
75	fprintf(fp, "%s%s\n", prefix, ptr->fname);	82	if (fp)
		83	fprintf(fp, "%s%s\n", prefix, ptr->fname);
		84	else
		85	printf("%s%s\n", prefix, ptr->fname);
76	ptr = ptr->next;	86	ptr = ptr->next;
77	}	87	}
78	}	88	}
		89
		90	FileDB filedb_load_whitelist(FileDB head, const char fname, const char prefix) {
		91	assert(fname);
		92	assert(prefix);
		93	int len = strlen(prefix);
		94	char *f;
		95	if (asprintf(&f, "%s/%s", SYSCONFDIR, fname) == -1)
		96	errExit("asprintf");
		97	FILE *fp = fopen(f, "r");
		98	if (!fp) {
		99	fprintf(stderr, "Error: cannot open whitelist-common.inc\n");
		100	free(f);
		101	exit(1);
		102	}
		103
		104	char buf[MAX_BUF];
		105	while (fgets(buf, MAX_BUF, fp)) {
		106	if (strncmp(buf, prefix, len) != 0)
		107	continue;
		108
		109	char *fn = buf + len;
		110	char *ptr = strchr(buf, '\n');
		111	if (!ptr)
		112	continue;
		113	*ptr = '\0';
		114
		115	// add the file to skip list
		116	head = filedb_add(head, fn);
		117	}
		118
		119	fclose(fp);
		120	free(f);
		121	//printf("***************************************************\n");
		122	//filedb_print(head, prefix, NULL);
		123	//printf("***************************************************\n");
		124	return head;
		125	}