--notv for #1446

author: startx2017 <vradu.startx@yandex.com> 2017-08-10 09:31:03 -0400
committer: startx2017 <vradu.startx@yandex.com> 2017-08-10 09:31:03 -0400
commit: be00aa351c1184ef7ac07a05190909d35d137c76 (patch)
tree: 6c30178875f38e0c269fcbd5ea02d38937d9f636 /src/firejail/fs_dev.c
parent: Merge pull request #1448 from da2x/patch-1 (diff)
download: firejail-be00aa351c1184ef7ac07a05190909d35d137c76.tar.gz
firejail-be00aa351c1184ef7ac07a05190909d35d137c76.tar.zst
firejail-be00aa351c1184ef7ac07a05190909d35d137c76.zip
1 files changed, 50 insertions, 33 deletions
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index 86ff0d4f9..45f4bcc1c 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -31,42 +31,50 @@
 #include <sys/sysmacros.h>
 #include <sys/types.h>
+// device type
+typedef enum {
+        DEV_NONE = 0,
+        DEV_SOUND,
+        DEV_3D,
+        DEV_VIDEO,
+        DEV_TV,
+} DEV_TYPE;
 typedef struct {
        const char *dev_fname;
        const char *run_fname;
-        int sound;
+        DEV_TYPE  type;
-        int hw3d;
-        int video;
 } DevEntry;
 static DevEntry dev[] = {
-        {"/dev/snd", RUN_DEV_DIR "/snd", 1, 0, 0},      // sound device
+        {"/dev/snd", RUN_DEV_DIR "/snd", DEV_SOUND},    // sound device
-        {"/dev/dri", RUN_DEV_DIR "/dri", 0, 1, 0},              // 3d device
+        {"/dev/dri", RUN_DEV_DIR "/dri", DEV_3D},               // 3d device
-        {"/dev/nvidia0", RUN_DEV_DIR "/nvidia0", 0, 1, 0},
+        {"/dev/nvidia0", RUN_DEV_DIR "/nvidia0", DEV_3D},
-        {"/dev/nvidia1", RUN_DEV_DIR "/nvidia1", 0, 1, 0},
+        {"/dev/nvidia1", RUN_DEV_DIR "/nvidia1", DEV_3D},
-        {"/dev/nvidia2", RUN_DEV_DIR "/nvidia2", 0, 1, 0},
+        {"/dev/nvidia2", RUN_DEV_DIR "/nvidia2", DEV_3D},
-        {"/dev/nvidia3", RUN_DEV_DIR "/nvidia3", 0, 1, 0},
+        {"/dev/nvidia3", RUN_DEV_DIR "/nvidia3", DEV_3D},
-        {"/dev/nvidia4", RUN_DEV_DIR "/nvidia4", 0, 1, 0},
+        {"/dev/nvidia4", RUN_DEV_DIR "/nvidia4", DEV_3D},
-        {"/dev/nvidia5", RUN_DEV_DIR "/nvidia5", 0, 1, 0},
+        {"/dev/nvidia5", RUN_DEV_DIR "/nvidia5", DEV_3D},
-        {"/dev/nvidia6", RUN_DEV_DIR "/nvidia6", 0, 1, 0},
+        {"/dev/nvidia6", RUN_DEV_DIR "/nvidia6", DEV_3D},
-        {"/dev/nvidia7", RUN_DEV_DIR "/nvidia7", 0, 1, 0},
+        {"/dev/nvidia7", RUN_DEV_DIR "/nvidia7", DEV_3D},
-        {"/dev/nvidia8", RUN_DEV_DIR "/nvidia8", 0, 1, 0},
+        {"/dev/nvidia8", RUN_DEV_DIR "/nvidia8", DEV_3D},
-        {"/dev/nvidia9", RUN_DEV_DIR "/nvidia9", 0, 1, 0},
+        {"/dev/nvidia9", RUN_DEV_DIR "/nvidia9", DEV_3D},
-        {"/dev/nvidiactl", RUN_DEV_DIR "/nvidiactl", 0, 1, 0},
+        {"/dev/nvidiactl", RUN_DEV_DIR "/nvidiactl", DEV_3D},
-        {"/dev/nvidia-modeset", RUN_DEV_DIR "/nvidia-modeset", 0, 1, 0},
+        {"/dev/nvidia-modeset", RUN_DEV_DIR "/nvidia-modeset", DEV_3D},
-        {"/dev/nvidia-uvm", RUN_DEV_DIR "/nvidia-uvm", 0, 1, 0},
+        {"/dev/nvidia-uvm", RUN_DEV_DIR "/nvidia-uvm", DEV_3D},
-        {"/dev/video0", RUN_DEV_DIR "/video0", 0, 0, 1}, // video camera devices
+        {"/dev/video0", RUN_DEV_DIR "/video0", DEV_VIDEO}, // video camera devices
-        {"/dev/video1", RUN_DEV_DIR "/video1", 0, 0, 1},
+        {"/dev/video1", RUN_DEV_DIR "/video1", DEV_VIDEO},
-        {"/dev/video2", RUN_DEV_DIR "/video2", 0, 0, 1},
+        {"/dev/video2", RUN_DEV_DIR "/video2", DEV_VIDEO},
-        {"/dev/video3", RUN_DEV_DIR "/video3", 0, 0, 1},
+        {"/dev/video3", RUN_DEV_DIR "/video3", DEV_VIDEO},
-        {"/dev/video4", RUN_DEV_DIR "/video4", 0, 0, 1},
+        {"/dev/video4", RUN_DEV_DIR "/video4", DEV_VIDEO},
-        {"/dev/video5", RUN_DEV_DIR "/video5", 0, 0, 1},
+        {"/dev/video5", RUN_DEV_DIR "/video5", DEV_VIDEO},
-        {"/dev/video6", RUN_DEV_DIR "/video6", 0, 0, 1},
+        {"/dev/video6", RUN_DEV_DIR "/video6", DEV_VIDEO},
-        {"/dev/video7", RUN_DEV_DIR "/video7", 0, 0, 1},
+        {"/dev/video7", RUN_DEV_DIR "/video7", DEV_VIDEO},
-        {"/dev/video8", RUN_DEV_DIR "/video8", 0, 0, 1},
+        {"/dev/video8", RUN_DEV_DIR "/video8", DEV_VIDEO},
-        {"/dev/video9", RUN_DEV_DIR "/video9", 0, 0, 1},
+        {"/dev/video9", RUN_DEV_DIR "/video9", DEV_VIDEO},
-        {"/dev/dvb", RUN_DEV_DIR "/dvb", 0, 0, 0}, // DVB (Digital Video Brodcasting) - TV device
+        {"/dev/dvb", RUN_DEV_DIR "/dvb", DEV_TV}, // DVB (Digital Video Brodcasting) - TV device
-        {NULL, NULL, 0, 0, 0}
+        {NULL, NULL, DEV_NONE}
 };
 static void deventry_mount(void) {
@@ -295,7 +303,7 @@ static void disable_file_or_dir(const char *fname) {
 void fs_dev_disable_sound(void) {
        int i = 0;
        while (dev[i].dev_fname != NULL) {
-                if (dev[i].sound)
+                if (dev[i].type == DEV_SOUND)
                        disable_file_or_dir(dev[i].dev_fname);
                i++;
        }
@@ -304,7 +312,7 @@ void fs_dev_disable_sound(void) {
 void fs_dev_disable_video(void) {
        int i = 0;
        while (dev[i].dev_fname != NULL) {
-                if (dev[i].video)
+                if (dev[i].type == DEV_VIDEO)
                        disable_file_or_dir(dev[i].dev_fname);
                i++;
        }
@@ -313,7 +321,16 @@ void fs_dev_disable_video(void) {
 void fs_dev_disable_3d(void) {
        int i = 0;
        while (dev[i].dev_fname != NULL) {
-                if (dev[i].hw3d)
+                if (dev[i].type == DEV_3D)
+                        disable_file_or_dir(dev[i].dev_fname);
+                i++;
+        }
+}
+void fs_dev_disable_tv(void) {
+        int i = 0;
+        while (dev[i].dev_fname != NULL) {
+                if (dev[i].type == DEV_TV)
                        disable_file_or_dir(dev[i].dev_fname);
                i++;
        }
author	startx2017 <vradu.startx@yandex.com>	2017-08-10 09:31:03 -0400
committer	startx2017 <vradu.startx@yandex.com>	2017-08-10 09:31:03 -0400
commit	be00aa351c1184ef7ac07a05190909d35d137c76 (patch)
tree	6c30178875f38e0c269fcbd5ea02d38937d9f636 /src/firejail/fs_dev.c
parent	Merge pull request #1448 from da2x/patch-1 (diff)
download	firejail-be00aa351c1184ef7ac07a05190909d35d137c76.tar.gz firejail-be00aa351c1184ef7ac07a05190909d35d137c76.tar.zst firejail-be00aa351c1184ef7ac07a05190909d35d137c76.zip

diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 86ff0d4f9..45f4bcc1c 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c
@@ -31,42 +31,50 @@
31	#include <sys/sysmacros.h>	31	#include <sys/sysmacros.h>
32	#include <sys/types.h>	32	#include <sys/types.h>
33		33
		34	// device type
		35	typedef enum {
		36	DEV_NONE = 0,
		37	DEV_SOUND,
		38	DEV_3D,
		39	DEV_VIDEO,
		40	DEV_TV,
		41	} DEV_TYPE;
		42
		43
34	typedef struct {	44	typedef struct {
35	const char *dev_fname;	45	const char *dev_fname;
36	const char *run_fname;	46	const char *run_fname;
37	int sound;	47	DEV_TYPE type;
38	int hw3d;
39	int video;
40	} DevEntry;	48	} DevEntry;
41		49
42	static DevEntry dev[] = {	50	static DevEntry dev[] = {
43	{"/dev/snd", RUN_DEV_DIR "/snd", 1, 0, 0}, // sound device	51	{"/dev/snd", RUN_DEV_DIR "/snd", DEV_SOUND}, // sound device
44	{"/dev/dri", RUN_DEV_DIR "/dri", 0, 1, 0}, // 3d device	52	{"/dev/dri", RUN_DEV_DIR "/dri", DEV_3D}, // 3d device
45	{"/dev/nvidia0", RUN_DEV_DIR "/nvidia0", 0, 1, 0},	53	{"/dev/nvidia0", RUN_DEV_DIR "/nvidia0", DEV_3D},
46	{"/dev/nvidia1", RUN_DEV_DIR "/nvidia1", 0, 1, 0},	54	{"/dev/nvidia1", RUN_DEV_DIR "/nvidia1", DEV_3D},
47	{"/dev/nvidia2", RUN_DEV_DIR "/nvidia2", 0, 1, 0},	55	{"/dev/nvidia2", RUN_DEV_DIR "/nvidia2", DEV_3D},
48	{"/dev/nvidia3", RUN_DEV_DIR "/nvidia3", 0, 1, 0},	56	{"/dev/nvidia3", RUN_DEV_DIR "/nvidia3", DEV_3D},
49	{"/dev/nvidia4", RUN_DEV_DIR "/nvidia4", 0, 1, 0},	57	{"/dev/nvidia4", RUN_DEV_DIR "/nvidia4", DEV_3D},
50	{"/dev/nvidia5", RUN_DEV_DIR "/nvidia5", 0, 1, 0},	58	{"/dev/nvidia5", RUN_DEV_DIR "/nvidia5", DEV_3D},
51	{"/dev/nvidia6", RUN_DEV_DIR "/nvidia6", 0, 1, 0},	59	{"/dev/nvidia6", RUN_DEV_DIR "/nvidia6", DEV_3D},
52	{"/dev/nvidia7", RUN_DEV_DIR "/nvidia7", 0, 1, 0},	60	{"/dev/nvidia7", RUN_DEV_DIR "/nvidia7", DEV_3D},
53	{"/dev/nvidia8", RUN_DEV_DIR "/nvidia8", 0, 1, 0},	61	{"/dev/nvidia8", RUN_DEV_DIR "/nvidia8", DEV_3D},
54	{"/dev/nvidia9", RUN_DEV_DIR "/nvidia9", 0, 1, 0},	62	{"/dev/nvidia9", RUN_DEV_DIR "/nvidia9", DEV_3D},
55	{"/dev/nvidiactl", RUN_DEV_DIR "/nvidiactl", 0, 1, 0},	63	{"/dev/nvidiactl", RUN_DEV_DIR "/nvidiactl", DEV_3D},
56	{"/dev/nvidia-modeset", RUN_DEV_DIR "/nvidia-modeset", 0, 1, 0},	64	{"/dev/nvidia-modeset", RUN_DEV_DIR "/nvidia-modeset", DEV_3D},
57	{"/dev/nvidia-uvm", RUN_DEV_DIR "/nvidia-uvm", 0, 1, 0},	65	{"/dev/nvidia-uvm", RUN_DEV_DIR "/nvidia-uvm", DEV_3D},
58	{"/dev/video0", RUN_DEV_DIR "/video0", 0, 0, 1}, // video camera devices	66	{"/dev/video0", RUN_DEV_DIR "/video0", DEV_VIDEO}, // video camera devices
59	{"/dev/video1", RUN_DEV_DIR "/video1", 0, 0, 1},	67	{"/dev/video1", RUN_DEV_DIR "/video1", DEV_VIDEO},
60	{"/dev/video2", RUN_DEV_DIR "/video2", 0, 0, 1},	68	{"/dev/video2", RUN_DEV_DIR "/video2", DEV_VIDEO},
61	{"/dev/video3", RUN_DEV_DIR "/video3", 0, 0, 1},	69	{"/dev/video3", RUN_DEV_DIR "/video3", DEV_VIDEO},
62	{"/dev/video4", RUN_DEV_DIR "/video4", 0, 0, 1},	70	{"/dev/video4", RUN_DEV_DIR "/video4", DEV_VIDEO},
63	{"/dev/video5", RUN_DEV_DIR "/video5", 0, 0, 1},	71	{"/dev/video5", RUN_DEV_DIR "/video5", DEV_VIDEO},
64	{"/dev/video6", RUN_DEV_DIR "/video6", 0, 0, 1},	72	{"/dev/video6", RUN_DEV_DIR "/video6", DEV_VIDEO},
65	{"/dev/video7", RUN_DEV_DIR "/video7", 0, 0, 1},	73	{"/dev/video7", RUN_DEV_DIR "/video7", DEV_VIDEO},
66	{"/dev/video8", RUN_DEV_DIR "/video8", 0, 0, 1},	74	{"/dev/video8", RUN_DEV_DIR "/video8", DEV_VIDEO},
67	{"/dev/video9", RUN_DEV_DIR "/video9", 0, 0, 1},	75	{"/dev/video9", RUN_DEV_DIR "/video9", DEV_VIDEO},
68	{"/dev/dvb", RUN_DEV_DIR "/dvb", 0, 0, 0}, // DVB (Digital Video Brodcasting) - TV device	76	{"/dev/dvb", RUN_DEV_DIR "/dvb", DEV_TV}, // DVB (Digital Video Brodcasting) - TV device
69	{NULL, NULL, 0, 0, 0}	77	{NULL, NULL, DEV_NONE}
70	};	78	};
71		79
72	static void deventry_mount(void) {	80	static void deventry_mount(void) {
@@ -295,7 +303,7 @@ static void disable_file_or_dir(const char *fname) {
295	void fs_dev_disable_sound(void) {	303	void fs_dev_disable_sound(void) {
296	int i = 0;	304	int i = 0;
297	while (dev[i].dev_fname != NULL) {	305	while (dev[i].dev_fname != NULL) {
298	if (dev[i].sound)	306	if (dev[i].type == DEV_SOUND)
299	disable_file_or_dir(dev[i].dev_fname);	307	disable_file_or_dir(dev[i].dev_fname);
300	i++;	308	i++;
301	}	309	}
@@ -304,7 +312,7 @@ void fs_dev_disable_sound(void) {
304	void fs_dev_disable_video(void) {	312	void fs_dev_disable_video(void) {
305	int i = 0;	313	int i = 0;
306	while (dev[i].dev_fname != NULL) {	314	while (dev[i].dev_fname != NULL) {
307	if (dev[i].video)	315	if (dev[i].type == DEV_VIDEO)
308	disable_file_or_dir(dev[i].dev_fname);	316	disable_file_or_dir(dev[i].dev_fname);
309	i++;	317	i++;
310	}	318	}
@@ -313,7 +321,16 @@ void fs_dev_disable_video(void) {
313	void fs_dev_disable_3d(void) {	321	void fs_dev_disable_3d(void) {
314	int i = 0;	322	int i = 0;
315	while (dev[i].dev_fname != NULL) {	323	while (dev[i].dev_fname != NULL) {
316	if (dev[i].hw3d)	324	if (dev[i].type == DEV_3D)
		325	disable_file_or_dir(dev[i].dev_fname);
		326	i++;
		327	}
		328	}
		329
		330	void fs_dev_disable_tv(void) {
		331	int i = 0;
		332	while (dev[i].dev_fname != NULL) {
		333	if (dev[i].type == DEV_TV)
317	disable_file_or_dir(dev[i].dev_fname);	334	disable_file_or_dir(dev[i].dev_fname);
318	i++;	335	i++;
319	}	336	}