2021-09-12 19:40:34 +00:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
|
|
#include <pthread.h>
|
|
|
|
|
#include <string_view>
|
|
|
|
|
#include <functional>
|
|
|
|
|
#include <map>
|
2021-09-16 12:27:34 +00:00
|
|
|
#include <atomic>
|
2021-09-12 19:40:34 +00:00
|
|
|
|
|
|
|
|
#include <daemon.hpp>
|
|
|
|
|
|
|
|
|
|
#define ISOLATED_MAGIC "isolated"
|
|
|
|
|
|
2022-02-12 15:43:36 +00:00
|
|
|
enum class DenyRequest : int {
|
|
|
|
|
ENFORCE,
|
|
|
|
|
DISABLE,
|
|
|
|
|
ADD,
|
|
|
|
|
REMOVE,
|
|
|
|
|
LIST,
|
|
|
|
|
STATUS,
|
|
|
|
|
|
|
|
|
|
END
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum class DenyResponse: int {
|
|
|
|
|
OK,
|
|
|
|
|
ENFORCED,
|
|
|
|
|
NOT_ENFORCED,
|
|
|
|
|
ITEM_EXIST,
|
|
|
|
|
ITEM_NOT_EXIST,
|
|
|
|
|
INVALID_PKG,
|
|
|
|
|
NO_NS,
|
|
|
|
|
ERROR,
|
|
|
|
|
|
|
|
|
|
END
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2021-09-12 19:40:34 +00:00
|
|
|
// CLI entries
|
2022-02-12 15:43:36 +00:00
|
|
|
DenyResponse enable_deny();
|
|
|
|
|
DenyResponse disable_deny();
|
|
|
|
|
DenyResponse add_list(int client);
|
|
|
|
|
DenyResponse rm_list(int client);
|
2021-09-12 19:40:34 +00:00
|
|
|
void ls_list(int client);
|
|
|
|
|
|
|
|
|
|
// Utility functions
|
|
|
|
|
bool is_deny_target(int uid, std::string_view process);
|
|
|
|
|
|
2021-10-27 10:54:48 +00:00
|
|
|
void revert_unmount();
|
2021-09-12 19:40:34 +00:00
|
|
|
|
2022-01-18 03:54:33 +00:00
|
|
|
extern std::atomic<bool> denylist_enforced;
|
2022-01-16 07:46:08 +00:00
|
|
|
extern std::atomic<int> cached_manager_app_id;
|
2021-09-16 12:27:34 +00:00
|
|
|
|
2022-02-12 15:43:36 +00:00
|
|
|
inline int deny_request(DenyRequest req) {
|
|
|
|
|
int fd = connect_daemon(DaemonRequest::DENYLIST);
|
|
|
|
|
write_int(fd, static_cast<std::underlying_type_t<DenyRequest>>(req));
|
|
|
|
|
return fd;
|
|
|
|
|
}
|
