From fe0f975f447d59977d90c3226cc8c623b31b20b3 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 5 Jul 2021 07:23:31 -0400 Subject: move whitelist/blacklist to allow/deny --- src/firejail/profile.c | 7 +++++ src/tools/profcleaner.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 src/tools/profcleaner.c (limited to 'src') diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 29bb5fbac..b7c7185a6 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -1751,6 +1751,13 @@ void profile_read(const char *fname) { free(ptr); ptr = tmp; } + else if (strncmp(ptr, "deny-nolog ", 11) == 0) { + char *tmp; + if (asprintf(&tmp, "blacklist-nolog %s", ptr + 11) == -1) + errExit("asprintf"); + free(ptr); + ptr = tmp; + } // translate noallow/nodeny to nowhitelist/noblacklist else if (strncmp(ptr, "noallow ", 8) == 0) { char *tmp; diff --git a/src/tools/profcleaner.c b/src/tools/profcleaner.c new file mode 100644 index 000000000..93bb3f73d --- /dev/null +++ b/src/tools/profcleaner.c @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2014-2021 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +//************************************************************* +// Small utility program to convert profiles from blacklist/whitelist to deny/allow +// Compile: +// gcc -o profcleaner profcleaner.c +// Usage: +// profcleaner *.profile +//************************************************************* + +#include +#include +#include +#include +#define MAXBUF 4096 + +int main(int argc, char **argv) { + printf("Usage: profcleaner files\n"); + int i; + + for (i = 1; i < argc; i++) { + FILE *fp = fopen(argv[i], "r"); + if (!fp) { + fprintf(stderr, "Error: cannot open %s\n", argv[i]); + return 1; + } + + FILE *fpout = fopen("profcleaner-tmp", "w"); + if (!fpout) { + fprintf(stderr, "Error: cannot open output file\n"); + return 1; + } + + char buf[MAXBUF]; + while (fgets(buf, MAXBUF, fp)) { + if (strncmp(buf, "blacklist-nolog", 15) == 0) + fprintf(fpout, "deny-nolog %s", buf + 15); + else if (strncmp(buf, "blacklist", 9) == 0) + fprintf(fpout, "deny %s", buf + 9); + else if (strncmp(buf, "noblacklist", 11) == 0) + fprintf(fpout, "nodeny %s", buf + 11); + else if (strncmp(buf, "whitelist", 9) == 0) + fprintf(fpout, "allow %s", buf + 9); + else if (strncmp(buf, "nowhitelist", 11) == 0) + fprintf(fpout, "noallow %s", buf + 11); + else + fprintf(fpout, "%s", buf); + } + + fclose(fp); + fclose(fpout); + unlink(argv[i]); + rename("profcleaner-tmp", argv[i]); + } + + return 0; +} \ No newline at end of file -- cgit v1.2.3-70-g09d2