USBGuard
Software framework that protects your computer against rogue USB devices by implementing basic whitelisting and blacklisting capabilities.
IPCServer.hpp
1 //
2 // Copyright (C) 2016 Red Hat, Inc.
3 //
4 // This program is free software; you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation; either version 2 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with this program. If not, see <http://www.gnu.org/licenses/>.
16 //
17 // Authors: Daniel Kopecek <dkopecek@redhat.com>
18 //
19 #pragma once
20 
21 #include "DeviceManager.hpp"
22 #include "Interface.hpp"
23 #include "Rule.hpp"
24 #include "Typedefs.hpp"
25 
26 #include <istream>
27 #include <ostream>
28 #include <string>
29 #include <unordered_map>
30 #include <memory>
31 
32 #include <cstddef>
33 #include <cstdint>
34 
35 #include <unistd.h>
36 #include <sys/types.h>
37 
38 namespace usbguard
39 {
40  class IPCServerPrivate;
41 
46  class DLL_PUBLIC IPCServer : public Interface
47  {
48  public:
49 
60  static void checkAccessControlName(const std::string& name);
61 
86  class AccessControl
87  {
88  public:
89 
93  enum class Section : uint8_t {
94  NONE = 0,
95  DEVICES = 1,
96  POLICY = 2,
97  PARAMETERS = 3,
98  EXCEPTIONS = 4,
99  ALL = 255
100  };
101 
110  static Section sectionFromString(const std::string& section_string);
111 
120  static std::string sectionToString(const Section section);
121 
125  enum class Privilege : uint8_t {
126  NONE = 0x00,
127  LIST = 0x01,
128  MODIFY = 0x02,
129  LISTEN = 0x08,
130  ALL = 0xff
131  };
132 
141  static Privilege privilegeFromString(const std::string& privilege_string);
142 
151  static std::string privilegeToString(const Privilege privilege);
152 
157  AccessControl();
158 
167  AccessControl(const std::string& access_control_string);
168 
177  AccessControl(Section section, Privilege privilege);
178 
185  AccessControl(const AccessControl& rhs);
186 
193  AccessControl& operator=(const AccessControl& rhs);
194 
203  bool hasPrivilege(Section section, Privilege privilege) const;
204 
212  void setPrivilege(Section section, Privilege privilege);
213 
220  void clear();
221 
232  void load(std::istream& stream);
233 
243  void save(std::ostream& stream) const;
244 
250  void merge(const AccessControl& rhs);
251 
259  void merge(const std::string& access_control_string);
260 
261  private:
262 
266  struct SectionHash {
267 
274  std::size_t operator()(Section value) const
275  {
276  return static_cast<std::size_t>(value);
277  }
278  };
279 
286  std::unordered_map<Section, uint8_t, SectionHash> _access_control;
287  };
288 
292  IPCServer();
293 
297  virtual ~IPCServer();
298 
302  void start();
303 
307  void stop();
308 
312  void DevicePresenceChanged(uint32_t id,
313  DeviceManager::EventType event,
314  Rule::Target target,
315  const std::string& device_rule);
316 
320  void DevicePolicyChanged(uint32_t id,
321  Rule::Target target_old,
322  Rule::Target target_new,
323  const std::string& device_rule,
324  uint32_t rule_id);
325 
329  void PropertyParameterChanged(const std::string& name,
330  const std::string& value_old,
331  const std::string& value_new);
332 
336  void ExceptionMessage(const std::string& context,
337  const std::string& object,
338  const std::string& reason);
339 
346  void addAllowedUID(uid_t uid, const IPCServer::AccessControl& ac);
347 
354  void addAllowedGID(gid_t gid, const IPCServer::AccessControl& ac);
355 
362  void addAllowedUsername(const std::string& username, const IPCServer::AccessControl& ac);
363 
371  void addAllowedGroupname(const std::string& groupname, const IPCServer::AccessControl& ac);
372 
373  private:
374  std::unique_ptr<IPCServerPrivate> d_pointer;
375  };
376 } /* namespace usbguard */
377 
378 /* vim: set ts=2 sw=2 et */
usbguard::Rule::Target
Target
Enumeration of possible rule targets.
Definition: Rule.hpp:86
usbguard::IPCServer
Receives messages from IPC clients. Provides USBGuard service.
Definition: IPCServer.hpp:46
usbguard::IPCServer::AccessControl::Privilege
Privilege
Possible privileges and their hexadecimal values.
Definition: IPCServer.hpp:125
usbguard::IPCServer::AccessControl::Section
Section
Possible sections for which privileges can be specified.
Definition: IPCServer.hpp:93
usbguard::IPCServer::AccessControl
Limits access to the USBGuard IPC interface.
Definition: IPCServer.hpp:86
usbguard::DeviceManager::EventType
EventType
Type of event that took place on the device.
Definition: DeviceManager.hpp:51
usbguard::Interface
Allows to receive signals and to communicate with the USBGuard daemon.
Definition: Interface.hpp:40
Generated by   doxygen 1.8.15