From 71a3b97ce5c6990b06ec674e4739ce6dfcab6b40 Mon Sep 17 00:00:00 2001
From: Chiraag Nataraj <chiraag.nataraj@gmail.com>
Date: Tue, 12 Jun 2018 14:03:24 -0400
Subject: Change --nousb to --nou2f per suggestion on last commit.

---
 src/firejail/firejail.h      |  4 ++--
 src/firejail/fs_dev.c        | 30 +++++++++++++++---------------
 src/firejail/main.c          |  6 +++---
 src/firejail/profile.c       |  4 ++--
 src/firejail/sandbox.c       |  4 ++--
 src/firejail/usage.c         |  1 +
 src/man/firejail-profile.txt |  4 ++--
 src/man/firejail.txt         |  6 +++---
 8 files changed, 30 insertions(+), 29 deletions(-)

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 565983341..d18cd112f 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -383,7 +383,7 @@ extern int arg_noprofile;	// use default.profile if none other found/specified
 extern int arg_memory_deny_write_execute;	// block writable and executable memory
 extern int arg_notv;	// --notv
 extern int arg_nodvd;	// --nodvd
-extern int arg_nousb;   // --nousb
+extern int arg_nou2f;   // --nou2f
 extern int arg_nodbus; // -nodbus
 
 extern int login_shell;
@@ -558,7 +558,7 @@ void fs_dev_disable_3d(void);
 void fs_dev_disable_video(void);
 void fs_dev_disable_tv(void);
 void fs_dev_disable_dvd(void);
-void fs_dev_disable_usb(void);
+void fs_dev_disable_u2f(void);
 
 // fs_home.c
 // private mode (--private)
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index f58ebe399..9e287bf27 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -39,7 +39,7 @@ typedef enum {
 	DEV_VIDEO,
 	DEV_TV,
 	DEV_DVD,
-	DEV_USB,
+	DEV_U2F,
 } DEV_TYPE;
 
 
@@ -77,17 +77,17 @@ static DevEntry dev[] = {
 	{"/dev/video9", RUN_DEV_DIR "/video9", DEV_VIDEO},
 	{"/dev/dvb", RUN_DEV_DIR "/dvb", DEV_TV}, // DVB (Digital Video Broadcasting) - TV device
 	{"/dev/sr0", RUN_DEV_DIR "/sr0", DEV_DVD}, // for DVD and audio CD players
-	{"/dev/hidraw0", RUN_DEV_DIR "/hidraw0", DEV_USB},
-	{"/dev/hidraw1", RUN_DEV_DIR "/hidraw1", DEV_USB},
-	{"/dev/hidraw2", RUN_DEV_DIR "/hidraw2", DEV_USB},
-	{"/dev/hidraw3", RUN_DEV_DIR "/hidraw3", DEV_USB},
-	{"/dev/hidraw4", RUN_DEV_DIR "/hidraw4", DEV_USB},
-	{"/dev/hidraw5", RUN_DEV_DIR "/hidraw5", DEV_USB},
-	{"/dev/hidraw6", RUN_DEV_DIR "/hidraw6", DEV_USB},
-	{"/dev/hidraw7", RUN_DEV_DIR "/hidraw7", DEV_USB},
-	{"/dev/hidraw8", RUN_DEV_DIR "/hidraw8", DEV_USB},
-	{"/dev/hidraw9", RUN_DEV_DIR "/hidraw9", DEV_USB},
-	{"/dev/usb", RUN_DEV_DIR "/usb", DEV_USB},	// USB devices such as Yubikey, U2F
+	{"/dev/hidraw0", RUN_DEV_DIR "/hidraw0", DEV_U2F},
+	{"/dev/hidraw1", RUN_DEV_DIR "/hidraw1", DEV_U2F},
+	{"/dev/hidraw2", RUN_DEV_DIR "/hidraw2", DEV_U2F},
+	{"/dev/hidraw3", RUN_DEV_DIR "/hidraw3", DEV_U2F},
+	{"/dev/hidraw4", RUN_DEV_DIR "/hidraw4", DEV_U2F},
+	{"/dev/hidraw5", RUN_DEV_DIR "/hidraw5", DEV_U2F},
+	{"/dev/hidraw6", RUN_DEV_DIR "/hidraw6", DEV_U2F},
+	{"/dev/hidraw7", RUN_DEV_DIR "/hidraw7", DEV_U2F},
+	{"/dev/hidraw8", RUN_DEV_DIR "/hidraw8", DEV_U2F},
+	{"/dev/hidraw9", RUN_DEV_DIR "/hidraw9", DEV_U2F},
+	{"/dev/usb", RUN_DEV_DIR "/usb", DEV_U2F},	// USB devices such as Yubikey, U2F
 	{NULL, NULL, DEV_NONE}
 };
 
@@ -102,7 +102,7 @@ static void deventry_mount(void) {
 			    (dev[i].type == DEV_VIDEO && arg_novideo == 0) ||
 			    (dev[i].type == DEV_TV && arg_notv == 0) ||
 			    (dev[i].type == DEV_DVD && arg_nodvd == 0) ||
-			    (dev[i].type == DEV_USB && arg_nousb == 0)) {
+			    (dev[i].type == DEV_U2F && arg_nou2f == 0)) {
 
 				int dir = is_dir(dev[i].run_fname);
 				if (arg_debug)
@@ -371,10 +371,10 @@ void fs_dev_disable_dvd(void) {
 	}
 }
 
-void fs_dev_disable_usb(void) {
+void fs_dev_disable_u2f(void) {
 	int i = 0;
 	while (dev[i].dev_fname != NULL) {
-		if (dev[i].type == DEV_USB)
+		if (dev[i].type == DEV_U2F)
 			disable_file_or_dir(dev[i].dev_fname);
 		i++;
 	}
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 51f875e91..ce28c62da 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -123,7 +123,7 @@ int arg_memory_deny_write_execute = 0;		// block writable and executable memory
 int arg_notv = 0;	// --notv
 int arg_nodvd = 0; // --nodvd
 int arg_nodbus = 0; // -nodbus
-int arg_nousb = 0; // --nousb
+int arg_nou2f = 0; // --nou2f
 int login_shell = 0;
 
 
@@ -1723,8 +1723,8 @@ int main(int argc, char **argv) {
 			arg_notv = 1;
 		else if (strcmp(argv[i], "--nodvd") == 0)
 			arg_nodvd = 1;
-		else if (strcmp(argv[i], "--nousb") == 0)
-			arg_nousb = 1;
+		else if (strcmp(argv[i], "--nou2f") == 0)
+			arg_nou2f = 1;
 		else if (strcmp(argv[i], "--nodbus") == 0)
 			arg_nodbus = 1;
 
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 8c393cab5..7d03a7c34 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -257,8 +257,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 		arg_nodbus = 1;
 		return 0;
 	}
-	else if (strcmp(ptr, "nousb") == 0) {
-	        arg_nousb = 1;
+	else if (strcmp(ptr, "nou2f") == 0) {
+	        arg_nou2f = 1;
 		return 0;
 	}
 	else if (strcmp(ptr, "netfilter") == 0) {
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index c22d65122..a1400db34 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -908,8 +908,8 @@ int sandbox(void* sandbox_arg) {
 	if (arg_nodvd)
 		fs_dev_disable_dvd();
 
-	if (arg_nousb)
-	        fs_dev_disable_usb();
+	if (arg_nou2f)
+	        fs_dev_disable_u2f();
 
 	if (arg_novideo)
 		fs_dev_disable_video();
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 88614298e..0289278d2 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -138,6 +138,7 @@ static char *usage_str =
 	"    --nosound - disable sound system.\n"
 	"    --noautopulse - disable automatic ~/.config/pulse init.\n"
 	"    --novideo - disable video devices.\n"
+	"    --nou2f - disable U2F devices.\n"
 	"    --nowhitelist=filename - disable whitelist for file or directory .\n"
 	"    --output=logfile - stdout logging and log rotation.\n"
 	"    --output-stderr=logfile - stdout and stderr logging and log rotation.\n"
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 76a13c7cc..c32fdf8f4 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -468,8 +468,8 @@ pulse servers or non-standard socket paths.
 \fBnotv
 Disable DVB (Digital Video Broadcasting) TV devices.
 .TP
-\fBnousb
-Disable USB devices.
+\fBnou2f
+Disable U2F devices.
 .TP
 \fBnovideo
 Disable video devices.
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 2ea39aed4..760249e70 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1174,14 +1174,14 @@ Example:
 $ firejail \-\-notv vlc
 
 .TP
-\fB\-\-nousb
-Disable USB devices.
+\fB\-\-nou2f
+Disable U2F devices.
 .br
 
 .br
 Example:
 .br
-$ firejail \-\-nousb
+$ firejail \-\-nou2f
 
 .TP
 \fB\-\-novideo
-- 
cgit v1.2.3-54-g00ecf