diff options
Diffstat (limited to 'src/fbuilder/build_fs.c')
| -rw-r--r-- | src/fbuilder/build_fs.c | 100 |
1 files changed, 58 insertions, 42 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 771dc94cb..5ef47979e 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
| @@ -21,19 +21,20 @@ | |||
| 21 | #include "fbuilder.h" | 21 | #include "fbuilder.h" |
| 22 | 22 | ||
| 23 | // common file processing function, using the callback for each line in the file | 23 | // common file processing function, using the callback for each line in the file |
| 24 | static void process_file(const char *fname, const char *dir, void (*callback)(char *)) { | 24 | static void process_file(char *fname, FILE *fp, const char *dir, void (*callback)(char *)) { |
| 25 | assert(fname); | 25 | assert(fname); |
| 26 | assert(fp); | ||
| 26 | assert(dir); | 27 | assert(dir); |
| 27 | assert(callback); | 28 | assert(callback); |
| 28 | 29 | ||
| 29 | int dir_len = strlen(dir); | 30 | int dir_len = strlen(dir); |
| 30 | 31 | ||
| 31 | // process trace file | 32 | // process trace file |
| 32 | FILE *fp = fopen(fname, "r"); | 33 | /* FILE *fp = fdopen(fd, "r"); */ |
| 33 | if (!fp) { | 34 | /* if (!fp) { */ |
| 34 | fprintf(stderr, "Error: cannot open %s\n", fname); | 35 | /* fprintf(stderr, "Error: cannot open %s\n", fname); */ |
| 35 | exit(1); | 36 | /* exit(1); */ |
| 36 | } | 37 | /* } */ |
| 37 | 38 | ||
| 38 | char buf[MAX_BUF]; | 39 | char buf[MAX_BUF]; |
| 39 | while (fgets(buf, MAX_BUF, fp)) { | 40 | while (fgets(buf, MAX_BUF, fp)) { |
| @@ -82,17 +83,18 @@ static void process_file(const char *fname, const char *dir, void (*callback)(ch | |||
| 82 | callback(ptr); | 83 | callback(ptr); |
| 83 | } | 84 | } |
| 84 | 85 | ||
| 85 | fclose(fp); | 86 | /* fclose(fp); */ |
| 86 | } | 87 | } |
| 87 | 88 | ||
| 88 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 | 89 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 |
| 89 | static void process_files(const char *fname, const char *dir, void (*callback)(char *)) { | 90 | static void process_files(char *fname, FILE *fp, const char *dir, void (*callback)(char *)) { |
| 90 | assert(fname); | 91 | assert(fname); |
| 92 | assert(fp); | ||
| 91 | assert(dir); | 93 | assert(dir); |
| 92 | assert(callback); | 94 | assert(callback); |
| 93 | 95 | ||
| 94 | // run fname | 96 | // run fname |
| 95 | process_file(fname, dir, callback); | 97 | process_file(fname, fp, dir, callback); |
| 96 | 98 | ||
| 97 | // run all the rest | 99 | // run all the rest |
| 98 | struct stat s; | 100 | struct stat s; |
| @@ -101,8 +103,12 @@ static void process_files(const char *fname, const char *dir, void (*callback)(c | |||
| 101 | char *newname; | 103 | char *newname; |
| 102 | if (asprintf(&newname, "%s.%d", fname, i) == -1) | 104 | if (asprintf(&newname, "%s.%d", fname, i) == -1) |
| 103 | errExit("asprintf"); | 105 | errExit("asprintf"); |
| 104 | if (stat(newname, &s) == 0) | 106 | if (stat(newname, &s) == 0) { |
| 105 | process_file(newname, dir, callback); | 107 | int nfd = open(newname, O_RDONLY); |
| 108 | FILE *nfp = fdopen(nfd, "r"); | ||
| 109 | process_file(newname, nfp, dir, callback); | ||
| 110 | fclose(nfp); | ||
| 111 | } | ||
| 106 | free(newname); | 112 | free(newname); |
| 107 | } | 113 | } |
| 108 | } | 114 | } |
| @@ -125,21 +131,23 @@ static void etc_callback(char *ptr) { | |||
| 125 | etc_out = filedb_add(etc_out, ptr); | 131 | etc_out = filedb_add(etc_out, ptr); |
| 126 | } | 132 | } |
| 127 | 133 | ||
| 128 | void build_etc(const char *fname, FILE *fp) { | 134 | void build_etc(char *fname, FILE *fp, FILE *fpo) { |
| 129 | assert(fname); | 135 | assert(fname); |
| 136 | assert(fp); | ||
| 137 | assert(fpo); | ||
| 130 | 138 | ||
| 131 | process_files(fname, "/etc", etc_callback); | 139 | process_files(fname, fp, "/etc", etc_callback); |
| 132 | 140 | ||
| 133 | fprintf(fp, "private-etc "); | 141 | fprintf(fpo, "private-etc "); |
| 134 | if (etc_out == NULL) | 142 | if (etc_out == NULL) |
| 135 | fprintf(fp, "none\n"); | 143 | fprintf(fpo, "none\n"); |
| 136 | else { | 144 | else { |
| 137 | FileDB *ptr = etc_out; | 145 | FileDB *ptr = etc_out; |
| 138 | while (ptr) { | 146 | while (ptr) { |
| 139 | fprintf(fp, "%s,", ptr->fname); | 147 | fprintf(fpo, "%s,", ptr->fname); |
| 140 | ptr = ptr->next; | 148 | ptr = ptr->next; |
| 141 | } | 149 | } |
| 142 | fprintf(fp, "\n"); | 150 | fprintf(fpo, "\n"); |
| 143 | } | 151 | } |
| 144 | } | 152 | } |
| 145 | 153 | ||
| @@ -160,15 +168,17 @@ static void var_callback(char *ptr) { | |||
| 160 | var_out = filedb_add(var_out, ptr); | 168 | var_out = filedb_add(var_out, ptr); |
| 161 | } | 169 | } |
| 162 | 170 | ||
| 163 | void build_var(const char *fname, FILE *fp) { | 171 | void build_var(char *fname, FILE *fp, FILE *fpo) { |
| 164 | assert(fname); | 172 | assert(fname); |
| 173 | assert(fp); | ||
| 174 | assert(fpo); | ||
| 165 | 175 | ||
| 166 | process_files(fname, "/var", var_callback); | 176 | process_files(fname, fp, "/var", var_callback); |
| 167 | 177 | ||
| 168 | if (var_out == NULL) | 178 | if (var_out == NULL) |
| 169 | fprintf(fp, "blacklist /var\n"); | 179 | fprintf(fpo, "blacklist /var\n"); |
| 170 | else | 180 | else |
| 171 | filedb_print(var_out, "whitelist ", fp); | 181 | filedb_print(var_out, "whitelist ", fpo); |
| 172 | } | 182 | } |
| 173 | 183 | ||
| 174 | 184 | ||
| @@ -197,15 +207,17 @@ static void share_callback(char *ptr) { | |||
| 197 | share_out = filedb_add(share_out, ptr); | 207 | share_out = filedb_add(share_out, ptr); |
| 198 | } | 208 | } |
| 199 | 209 | ||
| 200 | void build_share(const char *fname, FILE *fp) { | 210 | void build_share(char *fname, FILE *fp, FILE *fpo) { |
| 201 | assert(fname); | 211 | assert(fname); |
| 212 | assert(fp); | ||
| 213 | assert(fpo); | ||
| 202 | 214 | ||
| 203 | process_files(fname, "/usr/share", share_callback); | 215 | process_files(fname, fp, "/usr/share", share_callback); |
| 204 | 216 | ||
| 205 | if (share_out == NULL) | 217 | if (share_out == NULL) |
| 206 | fprintf(fp, "blacklist /usr/share\n"); | 218 | fprintf(fpo, "blacklist /usr/share\n"); |
| 207 | else | 219 | else |
| 208 | filedb_print(share_out, "whitelist ", fp); | 220 | filedb_print(share_out, "whitelist ", fpo); |
| 209 | } | 221 | } |
| 210 | 222 | ||
| 211 | //******************************************* | 223 | //******************************************* |
| @@ -216,21 +228,23 @@ static void tmp_callback(char *ptr) { | |||
| 216 | filedb_add(tmp_out, ptr); | 228 | filedb_add(tmp_out, ptr); |
| 217 | } | 229 | } |
| 218 | 230 | ||
| 219 | void build_tmp(const char *fname, FILE *fp) { | 231 | void build_tmp(char *fname, FILE *fp, FILE *fpo) { |
| 220 | assert(fname); | 232 | assert(fname); |
| 233 | assert(fp); | ||
| 234 | assert(fpo); | ||
| 221 | 235 | ||
| 222 | process_files(fname, "/tmp", tmp_callback); | 236 | process_files(fname, fp, "/tmp", tmp_callback); |
| 223 | 237 | ||
| 224 | if (tmp_out == NULL) | 238 | if (tmp_out == NULL) |
| 225 | fprintf(fp, "private-tmp\n"); | 239 | fprintf(fpo, "private-tmp\n"); |
| 226 | else { | 240 | else { |
| 227 | fprintf(fp, "\n"); | 241 | fprintf(fpo, "\n"); |
| 228 | fprintf(fp, "# private-tmp\n"); | 242 | fprintf(fpo, "# private-tmp\n"); |
| 229 | fprintf(fp, "# File accessed in /tmp directory:\n"); | 243 | fprintf(fpo, "# File accessed in /tmp directory:\n"); |
| 230 | fprintf(fp, "# "); | 244 | fprintf(fpo, "# "); |
| 231 | FileDB *ptr = tmp_out; | 245 | FileDB *ptr = tmp_out; |
| 232 | while (ptr) { | 246 | while (ptr) { |
| 233 | fprintf(fp, "%s,", ptr->fname); | 247 | fprintf(fpo, "%s,", ptr->fname); |
| 234 | ptr = ptr->next; | 248 | ptr = ptr->next; |
| 235 | } | 249 | } |
| 236 | printf("\n"); | 250 | printf("\n"); |
| @@ -294,24 +308,26 @@ static void dev_callback(char *ptr) { | |||
| 294 | filedb_add(dev_out, ptr); | 308 | filedb_add(dev_out, ptr); |
| 295 | } | 309 | } |
| 296 | 310 | ||
| 297 | void build_dev(const char *fname, FILE *fp) { | 311 | void build_dev(char *fname, FILE *fp, FILE *fpo) { |
| 298 | assert(fname); | 312 | assert(fname); |
| 313 | assert(fp); | ||
| 314 | assert(fpo); | ||
| 299 | 315 | ||
| 300 | process_files(fname, "/dev", dev_callback); | 316 | process_files(fname, fp, "/dev", dev_callback); |
| 301 | 317 | ||
| 302 | if (dev_out == NULL) | 318 | if (dev_out == NULL) |
| 303 | fprintf(fp, "private-dev\n"); | 319 | fprintf(fpo, "private-dev\n"); |
| 304 | else { | 320 | else { |
| 305 | fprintf(fp, "\n"); | 321 | fprintf(fpo, "\n"); |
| 306 | fprintf(fp, "# private-dev\n"); | 322 | fprintf(fpo, "# private-dev\n"); |
| 307 | fprintf(fp, "# This is the list of devices accessed (on top of regular private-dev devices:\n"); | 323 | fprintf(fpo, "# This is the list of devices accessed (on top of regular private-dev devices:\n"); |
| 308 | fprintf(fp, "# "); | 324 | fprintf(fpo, "# "); |
| 309 | FileDB *ptr = dev_out; | 325 | FileDB *ptr = dev_out; |
| 310 | while (ptr) { | 326 | while (ptr) { |
| 311 | fprintf(fp, "%s,", ptr->fname); | 327 | fprintf(fpo, "%s,", ptr->fname); |
| 312 | ptr = ptr->next; | 328 | ptr = ptr->next; |
| 313 | } | 329 | } |
| 314 | fprintf(fp, "\n"); | 330 | fprintf(fpo, "\n"); |
| 315 | } | 331 | } |
| 316 | } | 332 | } |
| 317 | 333 | ||