1 files changed, 0 insertions, 317 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
deleted file mode 100644
index 771dc94cb..000000000
--- a/src/fbuilder/build_fs.c
+++ /dev/null
@@ -1,317 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "fbuilder.h"
-// common file processing function, using the callback for each line in the file
-static void process_file(const char *fname, const char *dir, void (*callback)(char *)) {
-        assert(fname);
-        assert(dir);
-        assert(callback);
-        int dir_len = strlen(dir);
-        // process trace file
-        FILE *fp = fopen(fname, "r");
-        if (!fp) {
-                fprintf(stderr, "Error: cannot open %s\n", fname);
-                exit(1);
-        }
-        char buf[MAX_BUF];
-        while (fgets(buf, MAX_BUF, fp)) {
-                // remove \n
-                char *ptr = strchr(buf, '\n');
-                if (ptr)
-                        *ptr = '\0';
-                // parse line: 4:galculator:access /etc/fonts/conf.d:0
-                // number followed by :
-                ptr = buf;
-                if (!isdigit(*ptr))
-                        continue;
-                while (isdigit(*ptr))
-                        ptr++;
-                if (*ptr != ':')
-                        continue;
-                ptr++;
-                // next :
-                ptr = strchr(ptr, ':');
-                if (!ptr)
-                        continue;
-                ptr++;
-                if (strncmp(ptr, "access ", 7) == 0)
-                        ptr +=  7;
-                else if (strncmp(ptr, "fopen ", 6) == 0)
-                        ptr += 6;
-                else if (strncmp(ptr, "fopen64 ", 8) == 0)
-                        ptr += 8;
-                else if (strncmp(ptr, "open64 ", 7) == 0)
-                        ptr += 7;
-                else if (strncmp(ptr, "open ", 5) == 0)
-                        ptr += 5;
-                else
-                        continue;
-                if (strncmp(ptr, dir, dir_len) != 0)
-                        continue;
-                // end of filename
-                char *ptr2 = strchr(ptr, ':');
-                if (!ptr2)
-                        continue;
-                *ptr2 = '\0';
-                callback(ptr);
-        }
-        fclose(fp);
-}
-// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
-static void process_files(const char *fname, const char *dir, void (*callback)(char *)) {
-        assert(fname);
-        assert(dir);
-        assert(callback);
-        // run fname
-        process_file(fname, dir, callback);
-        // run all the rest
-        struct stat s;
-        int i;
-        for (i = 1; i <= 5; i++) {
-                char *newname;
-                if (asprintf(&newname, "%s.%d", fname, i) == -1)
-                        errExit("asprintf");
-                if (stat(newname, &s) == 0)
-                        process_file(newname, dir, callback);
-                free(newname);
-        }
-}
-//*******************************************
-// etc directory
-//*******************************************
-static FileDB *etc_out = NULL;
-static void etc_callback(char *ptr) {
-        // skip firejail directory
-        if (strncmp(ptr, "/etc/firejail", 13) == 0)
-                return;
-        // add only top files and directories
-        ptr += 5;       // skip "/etc/"
-        char *end = strchr(ptr, '/');
-        if (end)
-                *end = '\0';
-        etc_out = filedb_add(etc_out, ptr);
-}
-void build_etc(const char *fname, FILE *fp) {
-        assert(fname);
-        process_files(fname, "/etc", etc_callback);
-        fprintf(fp, "private-etc ");
-        if (etc_out == NULL)
-                fprintf(fp, "none\n");
-        else {
-                FileDB *ptr = etc_out;
-                while (ptr) {
-                        fprintf(fp, "%s,", ptr->fname);
-                        ptr = ptr->next;
-                }
-                fprintf(fp, "\n");
-        }
-}
-//*******************************************
-// var directory
-//*******************************************
-static FileDB *var_out = NULL;
-static void var_callback(char *ptr) {
-        if (strcmp(ptr, "/var/lib") == 0)
-                ;
-        else if (strcmp(ptr, "/var/cache") == 0)
-                ;
-        else if (strncmp(ptr, "/var/lib/menu-xdg", 17) == 0)
-                var_out = filedb_add(var_out, "/var/lib/menu-xdg");
-        else if (strncmp(ptr, "/var/cache/fontconfig", 21) == 0)
-                var_out = filedb_add(var_out, "/var/cache/fontconfig");
-        else
-                var_out = filedb_add(var_out, ptr);
-}
-void build_var(const char *fname, FILE *fp) {
-        assert(fname);
-        process_files(fname, "/var", var_callback);
-        if (var_out == NULL)
-                fprintf(fp, "blacklist /var\n");
-        else
-                filedb_print(var_out, "whitelist ", fp);
-}
-//*******************************************
-// usr/share directory
-//*******************************************
-static FileDB *share_out = NULL;
-static void share_callback(char *ptr) {
-        // extract the directory:
-        assert(strncmp(ptr, "/usr/share", 10) == 0);
-        char *p1 = ptr + 10;
-        if (*p1 != '/')
-                return;
-        p1++;
-        if (*p1 == '/') // double '/'
-                p1++;
-        if (*p1 == '\0')
-                return;
-        // "/usr/share/bash-completion/bash_completion"  becomes "/usr/share/bash-completion"
-        char *p2 = strchr(p1, '/');
-        if (p2)
-                *p2 = '\0';
-        // store the file
-        share_out = filedb_add(share_out, ptr);
-}
-void build_share(const char *fname, FILE *fp) {
-        assert(fname);
-        process_files(fname, "/usr/share", share_callback);
-        if (share_out == NULL)
-                fprintf(fp, "blacklist /usr/share\n");
-        else
-                filedb_print(share_out, "whitelist ", fp);
-}
-//*******************************************
-// tmp directory
-//*******************************************
-static FileDB *tmp_out = NULL;
-static void tmp_callback(char *ptr) {
-        filedb_add(tmp_out, ptr);
-}
-void build_tmp(const char *fname, FILE *fp) {
-        assert(fname);
-        process_files(fname, "/tmp", tmp_callback);
-        if (tmp_out == NULL)
-                fprintf(fp, "private-tmp\n");
-        else {
-                fprintf(fp, "\n");
-                fprintf(fp, "# private-tmp\n");
-                fprintf(fp, "# File accessed in /tmp directory:\n");
-                fprintf(fp, "# ");
-                FileDB *ptr = tmp_out;
-                while (ptr) {
-                        fprintf(fp, "%s,", ptr->fname);
-                        ptr = ptr->next;
-                }
-                printf("\n");
-        }
-}
-//*******************************************
-// dev directory
-//*******************************************
-static char *dev_skip[] = {
-        "/dev/zero",
-        "/dev/null",
-        "/dev/full",
-        "/dev/random",
-        "/dev/urandom",
-        "/dev/tty",
-        "/dev/snd",
-        "/dev/dri",
-        "/dev/pts",
-        "/dev/nvidia0",
-        "/dev/nvidia1",
-        "/dev/nvidia2",
-        "/dev/nvidia3",
-        "/dev/nvidia4",
-        "/dev/nvidia5",
-        "/dev/nvidia6",
-        "/dev/nvidia7",
-        "/dev/nvidia8",
-        "/dev/nvidia9",
-        "/dev/nvidiactl",
-        "/dev/nvidia-modeset",
-        "/dev/nvidia-uvm",
-        "/dev/video0",
-        "/dev/video1",
-        "/dev/video2",
-        "/dev/video3",
-        "/dev/video4",
-        "/dev/video5",
-        "/dev/video6",
-        "/dev/video7",
-        "/dev/video8",
-        "/dev/video9",
-        "/dev/dvb",
-        "/dev/sr0",
-        NULL
-};
-static FileDB *dev_out = NULL;
-static void dev_callback(char *ptr) {
-        // skip private-dev devices
-        int i = 0;
-        int found = 0;
-        while (dev_skip[i]) {
-                if (strcmp(ptr, dev_skip[i]) == 0) {
-                        found = 1;
-                        break;
-                }
-                i++;
-        }
-        if (!found)
-                filedb_add(dev_out, ptr);
-}
-void build_dev(const char *fname, FILE *fp) {
-        assert(fname);
-        process_files(fname, "/dev", dev_callback);
-        if (dev_out == NULL)
-                fprintf(fp, "private-dev\n");
-        else {
-                fprintf(fp, "\n");
-                fprintf(fp, "# private-dev\n");
-                fprintf(fp, "# This is the list of devices accessed (on top of regular private-dev devices:\n");
-                fprintf(fp, "# ");
-                FileDB *ptr = dev_out;
-                while (ptr) {
-                        fprintf(fp, "%s,", ptr->fname);
-                        ptr = ptr->next;
-                }
-                fprintf(fp, "\n");
-        }
-}

diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c deleted file mode 100644 index 771dc94cb..000000000 --- a/src/fbuilder/build_fs.c +++ /dev/null
@@ -1,317 +0,0 @@
1	/*
2	* Copyright (C) 2014-2018 Firejail Authors
3	*
4	* This file is part of firejail project
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 2 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License along
17	* with this program; if not, write to the Free Software Foundation, Inc.,
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/
20
21	#include "fbuilder.h"
22
23	// common file processing function, using the callback for each line in the file
24	static void process_file(const char fname, const char dir, void (callback)(char )) {
25	assert(fname);
26	assert(dir);
27	assert(callback);
28
29	int dir_len = strlen(dir);
30
31	// process trace file
32	FILE *fp = fopen(fname, "r");
33	if (!fp) {
34	fprintf(stderr, "Error: cannot open %s\n", fname);
35	exit(1);
36	}
37
38	char buf[MAX_BUF];
39	while (fgets(buf, MAX_BUF, fp)) {
40	// remove \n
41	char *ptr = strchr(buf, '\n');
42	if (ptr)
43	*ptr = '\0';
44
45	// parse line: 4:galculator:access /etc/fonts/conf.d:0
46	// number followed by :
47	ptr = buf;
48	if (!isdigit(*ptr))
49	continue;
50	while (isdigit(*ptr))
51	ptr++;
52	if (*ptr != ':')
53	continue;
54	ptr++;
55
56	// next :
57	ptr = strchr(ptr, ':');
58	if (!ptr)
59	continue;
60	ptr++;
61	if (strncmp(ptr, "access ", 7) == 0)
62	ptr += 7;
63	else if (strncmp(ptr, "fopen ", 6) == 0)
64	ptr += 6;
65	else if (strncmp(ptr, "fopen64 ", 8) == 0)
66	ptr += 8;
67	else if (strncmp(ptr, "open64 ", 7) == 0)
68	ptr += 7;
69	else if (strncmp(ptr, "open ", 5) == 0)
70	ptr += 5;
71	else
72	continue;
73	if (strncmp(ptr, dir, dir_len) != 0)
74	continue;
75
76	// end of filename
77	char *ptr2 = strchr(ptr, ':');
78	if (!ptr2)
79	continue;
80	*ptr2 = '\0';
81
82	callback(ptr);
83	}
84
85	fclose(fp);
86	}
87
88	// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
89	static void process_files(const char fname, const char dir, void (callback)(char )) {
90	assert(fname);
91	assert(dir);
92	assert(callback);
93
94	// run fname
95	process_file(fname, dir, callback);
96
97	// run all the rest
98	struct stat s;
99	int i;
100	for (i = 1; i <= 5; i++) {
101	char *newname;
102	if (asprintf(&newname, "%s.%d", fname, i) == -1)
103	errExit("asprintf");
104	if (stat(newname, &s) == 0)
105	process_file(newname, dir, callback);
106	free(newname);
107	}
108	}
109
110	//*******************************************
111	// etc directory
112	//*******************************************
113	static FileDB *etc_out = NULL;
114
115	static void etc_callback(char *ptr) {
116	// skip firejail directory
117	if (strncmp(ptr, "/etc/firejail", 13) == 0)
118	return;
119
120	// add only top files and directories
121	ptr += 5; // skip "/etc/"
122	char *end = strchr(ptr, '/');
123	if (end)
124	*end = '\0';
125	etc_out = filedb_add(etc_out, ptr);
126	}
127
128	void build_etc(const char fname, FILE fp) {
129	assert(fname);
130
131	process_files(fname, "/etc", etc_callback);
132
133	fprintf(fp, "private-etc ");
134	if (etc_out == NULL)
135	fprintf(fp, "none\n");
136	else {
137	FileDB *ptr = etc_out;
138	while (ptr) {
139	fprintf(fp, "%s,", ptr->fname);
140	ptr = ptr->next;
141	}
142	fprintf(fp, "\n");
143	}
144	}
145
146	//*******************************************
147	// var directory
148	//*******************************************
149	static FileDB *var_out = NULL;
150	static void var_callback(char *ptr) {
151	if (strcmp(ptr, "/var/lib") == 0)
152	;
153	else if (strcmp(ptr, "/var/cache") == 0)
154	;
155	else if (strncmp(ptr, "/var/lib/menu-xdg", 17) == 0)
156	var_out = filedb_add(var_out, "/var/lib/menu-xdg");
157	else if (strncmp(ptr, "/var/cache/fontconfig", 21) == 0)
158	var_out = filedb_add(var_out, "/var/cache/fontconfig");
159	else
160	var_out = filedb_add(var_out, ptr);
161	}
162
163	void build_var(const char fname, FILE fp) {
164	assert(fname);
165
166	process_files(fname, "/var", var_callback);
167
168	if (var_out == NULL)
169	fprintf(fp, "blacklist /var\n");
170	else
171	filedb_print(var_out, "whitelist ", fp);
172	}
173
174
175	//*******************************************
176	// usr/share directory
177	//*******************************************
178	static FileDB *share_out = NULL;
179	static void share_callback(char *ptr) {
180	// extract the directory:
181	assert(strncmp(ptr, "/usr/share", 10) == 0);
182	char *p1 = ptr + 10;
183	if (*p1 != '/')
184	return;
185	p1++;
186	if (*p1 == '/') // double '/'
187	p1++;
188	if (*p1 == '\0')
189	return;
190
191	// "/usr/share/bash-completion/bash_completion" becomes "/usr/share/bash-completion"
192	char *p2 = strchr(p1, '/');
193	if (p2)
194	*p2 = '\0';
195
196	// store the file
197	share_out = filedb_add(share_out, ptr);
198	}
199
200	void build_share(const char fname, FILE fp) {
201	assert(fname);
202
203	process_files(fname, "/usr/share", share_callback);
204
205	if (share_out == NULL)
206	fprintf(fp, "blacklist /usr/share\n");
207	else
208	filedb_print(share_out, "whitelist ", fp);
209	}
210
211	//*******************************************
212	// tmp directory
213	//*******************************************
214	static FileDB *tmp_out = NULL;
215	static void tmp_callback(char *ptr) {
216	filedb_add(tmp_out, ptr);
217	}
218
219	void build_tmp(const char fname, FILE fp) {
220	assert(fname);
221
222	process_files(fname, "/tmp", tmp_callback);
223
224	if (tmp_out == NULL)
225	fprintf(fp, "private-tmp\n");
226	else {
227	fprintf(fp, "\n");
228	fprintf(fp, "# private-tmp\n");
229	fprintf(fp, "# File accessed in /tmp directory:\n");
230	fprintf(fp, "# ");
231	FileDB *ptr = tmp_out;
232	while (ptr) {
233	fprintf(fp, "%s,", ptr->fname);
234	ptr = ptr->next;
235	}
236	printf("\n");
237	}
238	}
239
240	//*******************************************
241	// dev directory
242	//*******************************************
243	static char *dev_skip[] = {
244	"/dev/zero",
245	"/dev/null",
246	"/dev/full",
247	"/dev/random",
248	"/dev/urandom",
249	"/dev/tty",
250	"/dev/snd",
251	"/dev/dri",
252	"/dev/pts",
253	"/dev/nvidia0",
254	"/dev/nvidia1",
255	"/dev/nvidia2",
256	"/dev/nvidia3",
257	"/dev/nvidia4",
258	"/dev/nvidia5",
259	"/dev/nvidia6",
260	"/dev/nvidia7",
261	"/dev/nvidia8",
262	"/dev/nvidia9",
263	"/dev/nvidiactl",
264	"/dev/nvidia-modeset",
265	"/dev/nvidia-uvm",
266	"/dev/video0",
267	"/dev/video1",
268	"/dev/video2",
269	"/dev/video3",
270	"/dev/video4",
271	"/dev/video5",
272	"/dev/video6",
273	"/dev/video7",
274	"/dev/video8",
275	"/dev/video9",
276	"/dev/dvb",
277	"/dev/sr0",
278	NULL
279	};
280
281	static FileDB *dev_out = NULL;
282	static void dev_callback(char *ptr) {
283	// skip private-dev devices
284	int i = 0;
285	int found = 0;
286	while (dev_skip[i]) {
287	if (strcmp(ptr, dev_skip[i]) == 0) {
288	found = 1;
289	break;
290	}
291	i++;
292	}
293	if (!found)
294	filedb_add(dev_out, ptr);
295	}
296
297	void build_dev(const char fname, FILE fp) {
298	assert(fname);
299
300	process_files(fname, "/dev", dev_callback);
301
302	if (dev_out == NULL)
303	fprintf(fp, "private-dev\n");
304	else {
305	fprintf(fp, "\n");
306	fprintf(fp, "# private-dev\n");
307	fprintf(fp, "# This is the list of devices accessed (on top of regular private-dev devices:\n");
308	fprintf(fp, "# ");
309	FileDB *ptr = dev_out;
310	while (ptr) {
311	fprintf(fp, "%s,", ptr->fname);
312	ptr = ptr->next;
313	}
314	fprintf(fp, "\n");
315	}
316	}
317