Receives messages from IPC clients. Provides USBGuard service. More...

#include <IPCServer.hpp>

Inheritance diagram for usbguard::IPCServer:

Classes
class	AccessControl
	Limits access to the USBGuard IPC interface. More...

Public Member Functions
	IPCServer ()
	Initializes main loop, creates IPC server and USBGuard service.

virtual	~IPCServer ()
	Default destructor.

void	start ()
	Starts the main loop if it is not already running.

void	stop ()
	Stops the main loop.

void	DevicePresenceChanged (uint32_t id, DeviceManager::EventType event, Rule::Target target, const std::string &device_rule)
	Notify that a USB device was already present when USBGuard was started. More...

void	DevicePolicyChanged (uint32_t id, Rule::Target target_old, Rule::Target target_new, const std::string &device_rule, uint32_t rule_id)
	Notify about a change of a USB device authorization target. More...

void	PropertyParameterChanged (const std::string &name, const std::string &value_old, const std::string &value_new)
	Notify about a change of a property parameter. More...

void	ExceptionMessage (const std::string &context, const std::string &object, const std::string &reason)
	Notify about an exception. More...

void	addAllowedUID (uid_t uid, const IPCServer::AccessControl &ac)
	Adds user to a set of allowed users by specifying his user ID. More...

void	addAllowedGID (gid_t gid, const IPCServer::AccessControl &ac)
	Adds group to a set of allowed groups by specifying its group ID. More...

void	addAllowedUsername (const std::string &username, const IPCServer::AccessControl &ac)
	Adds user to a set of allowed users by specifying his user name. More...

void	addAllowedGroupname (const std::string &groupname, const IPCServer::AccessControl &ac)
	Adds group to a set of allowed groups by specifying its group name. More...

Public Member Functions inherited from usbguard::Interface
virtual std::string	setParameter (const std::string &name, const std::string &value)=0
	Set value of a runtime parameter. More...

virtual std::string	getParameter (const std::string &name)=0
	Get value of a runtime parameter. More...

virtual uint32_t	appendRule (const std::string &rule_spec, uint32_t parent_id, bool permanent)=0
	Append a new rule to the current policy. More...

virtual void	removeRule (uint32_t id)=0
	Remove a rule from the current policy. More...

virtual const std::vector< Rule >	listRules (const std::string &query)=0
	List the current rule set (policy) used by the USBGuard daemon. More...

virtual uint32_t	applyDevicePolicy (uint32_t id, Rule::Target target, bool permanent)=0
	Apply an authorization target to a device. More...

virtual const std::vector< Rule >	listDevices (const std::string &query)=0
	List devices that match the specified query. More...

Static Public Member Functions
static void	checkAccessControlName (const std::string &name)
	Checks whether given name is a valid access control name. More...

Detailed Description

Receives messages from IPC clients. Provides USBGuard service.

Member Function Documentation

◆ addAllowedGID()

void usbguard::IPCServer::addAllowedGID	(	gid_t	gid,
		const IPCServer::AccessControl &	ac
	)

Adds group to a set of allowed groups by specifying its group ID.

Parameters

gid	Group ID of group to allow.
ac	Access control for given group.

◆ addAllowedGroupname()

void usbguard::IPCServer::addAllowedGroupname	(	const std::string &	groupname,
		const IPCServer::AccessControl &	ac
	)

Adds group to a set of allowed groups by specifying its group name.

Parameters

groupname	Group name of group to allow.
ac	Access control for given group.

◆ addAllowedUID()

void usbguard::IPCServer::addAllowedUID	(	uid_t	uid,
		const IPCServer::AccessControl &	ac
	)

Adds user to a set of allowed users by specifying his user ID.

Parameters

uid	User ID of user to allow.
ac	Access control for given user.

◆ addAllowedUsername()

void usbguard::IPCServer::addAllowedUsername	(	const std::string &	username,
		const IPCServer::AccessControl &	ac
	)

Adds user to a set of allowed users by specifying his user name.

Parameters

username	User name of user to allow.
ac	Access control for given user.

◆ checkAccessControlName()

void usbguard::IPCServer::checkAccessControlName ( const std::string & name )

static

Checks whether given name is a valid access control name.

Name is a valid access control name if and only if:

name is not longer then 32 characters.
name consists only from characters from set { A-Z, a-z, 0-9, _ }.

Parameters

name	Name to be verified.

Exceptions

Exception If name is not a valid access control name.

◆ DevicePolicyChanged()

void usbguard::IPCServer::DevicePolicyChanged	(	uint32_t	id,
		Rule::Target	target_old,
		Rule::Target	target_new,
		const std::string &	device_rule,
		uint32_t	rule_id
	)

virtual

Notify about a change of a USB device authorization target.

The device attribute dictionary contains the following attributes:

id (the USB device ID in the form VID:PID)
name
serial
via-port
hash
parent-hash
with-interface

Parameters

id	ID of the device.
target_old	Previous authorization target.
target_new	Current authorization target.
device_rule	Device specific rule.
rule_id	Rule ID of the matched rule. Otherwise a reserved rule ID value is used.

Implements usbguard::Interface.

◆ DevicePresenceChanged()

void usbguard::IPCServer::DevicePresenceChanged	(	uint32_t	id,
		DeviceManager::EventType	event,
		Rule::Target	target,
		const std::string &	device_rule
	)

virtual

Notify that a USB device was already present when USBGuard was started.

The device attribute dictionary contains the following attributes:

id (the USB device ID in the form VID:PID)
name
serial
via-port
hash
parent-hash
with-interface

The USB interface types are represented as strings of the form AA:BB:CC, where AA, BB and CC are hexadecimal numbers representing the class, subclass and protocol of the interface as defined by the USB standard.

Parameters

id	ID of the device.
event	Type of the presence change event.
target	The current authorization target of the device.
device_rule	Device specific rule.

Implements usbguard::Interface.

◆ ExceptionMessage()

void usbguard::IPCServer::ExceptionMessage	(	const std::string &	context,
		const std::string &	object,
		const std::string &	reason
	)

virtual

Notify about an exception.

Parameters

context	Description or identifier of the exception context.
object	Description or identifier of the object which caused the exception.
reason	Reason explaining why the exception was generated.

Implements usbguard::Interface.

◆ PropertyParameterChanged()

void usbguard::IPCServer::PropertyParameterChanged	(	const std::string &	name,
		const std::string &	value_old,
		const std::string &	value_new
	)

virtual

Notify about a change of a property parameter.

Parameters

name	Policy name.
value_old	Previous policy value.
value_new	Current policy value.

Implements usbguard::Interface.

The documentation for this class was generated from the following files:

IPCServer.hpp
IPCServer.cpp

Classes

Public Member Functions

Static Public Member Functions

Detailed Description

Member Function Documentation

◆ addAllowedGID()

◆ addAllowedGroupname()

◆ addAllowedUID()

◆ addAllowedUsername()

◆ checkAccessControlName()

◆ DevicePolicyChanged()

◆ DevicePresenceChanged()

◆ ExceptionMessage()

◆ PropertyParameterChanged()