 |
USBGuard
Software framework that protects your computer against rogue USB devices by implementing basic whitelisting and blacklisting capabilities.
|
|
USBGuard
Software framework that protects your computer against rogue USB devices by implementing basic whitelisting and blacklisting capabilities.
|
Limits access to the USBGuard IPC interface. More...
#include <IPCServer.hpp>
Public Types | |
| enum | Section : uint8_t { NONE = 0, DEVICES = 1, POLICY = 2, PARAMETERS = 3, EXCEPTIONS = 4, Section::ALL = 255 } |
| Possible sections for which privileges can be specified. More... | |
| enum | Privilege : uint8_t { Privilege::NONE = 0x00, LIST = 0x01, MODIFY = 0x02, LISTEN = 0x08, Privilege::ALL = 0xff } |
| Possible privileges and their hexadecimal values. More... | |
Public Member Functions | |
| AccessControl () | |
| Constructs empty AccessControl object containing no privileges. | |
| AccessControl (const std::string &access_control_string) | |
Constructs AccessControl object by loading access control from given access_control_string. More... | |
| AccessControl (Section section, Privilege privilege) | |
| Constructs AccessControl object with given privilege. More... | |
| AccessControl (const AccessControl &rhs) | |
| Constructs AccessControl object that is a copy of rhs. More... | |
| AccessControl & | operator= (const AccessControl &rhs) |
| Assignes insides of object rhs to this. More... | |
| bool | hasPrivilege (Section section, Privilege privilege) const |
| Tests whether access control contains given privilege. More... | |
| void | setPrivilege (Section section, Privilege privilege) |
| Inserts privilege into access control. More... | |
| void | clear () |
| Clears access control. More... | |
| void | load (std::istream &stream) |
| Loads access control from given stream. More... | |
| void | save (std::ostream &stream) const |
| Writes access control to given output stream. More... | |
| void | merge (const AccessControl &rhs) |
| Merges all privileges of rhs with this. More... | |
| void | merge (const std::string &access_control_string) |
Merges all privileges contained in access_control_string with this. More... | |
Static Public Member Functions | |
| static Section | sectionFromString (const std::string §ion_string) |
| Returns section representation of given string. More... | |
| static std::string | sectionToString (const Section section) |
| Returns string representation of given section. More... | |
| static Privilege | privilegeFromString (const std::string &privilege_string) |
| Returns privilege representation of given string. More... | |
| static std::string | privilegeToString (const Privilege privilege) |
| Returns string representation of given privilege. More... | |
Limits access to the USBGuard IPC interface.
Available sections, privileges and their meaning:
-Devices -modify: change authorization state of devices including permanent changes (i.e. modification of device specific rules in the policy). -list : Ability to get a list of recognized devices and their attributes. -listen: Listen to device presence and device policy changes. -Policy -modify: Append rules to or remove any rules from the policy. -list : Ability to view the currently enforced policy. -Exceptions -listen: Receive exception messages. -Parameters -modify: Set values of run-time parameters.
There are also special sections and privileges NONE and ALL which can be used to represent none or all of the sections or privileges respectively.
|
strong |
|
strong |
| usbguard::IPCServer::AccessControl::AccessControl | ( | const std::string & | access_control_string | ) |
Constructs AccessControl object by loading access control from given access_control_string.
| access_control_string | String from which the access control should be loaded. |
Constructs AccessControl object with given privilege.
| section | Section for which the privilege should be set. |
| privilege | Privilege to be set. |
| usbguard::IPCServer::AccessControl::AccessControl | ( | const AccessControl & | rhs | ) |
Constructs AccessControl object that is a copy of rhs.
| rhs | Object to copy. |
| void usbguard::IPCServer::AccessControl::clear | ( | ) |
Clears access control.
In other words, removes all priviledes for all sections from access control and leaves it empty.
| bool usbguard::IPCServer::AccessControl::hasPrivilege | ( | Section | section, |
| Privilege | privilege | ||
| ) | const |
Tests whether access control contains given privilege.
| section | Section for which the privilege should be tested. |
| privilege | Privilege to test. |
| USBGUARD_BUG | If section is either ALL or NONE. |
| void usbguard::IPCServer::AccessControl::load | ( | std::istream & | stream | ) |
Loads access control from given stream.
Every line in given input stream is parsed for presence of tuple (Section, Privilege) which is then inserted into access control using setPrivilege().
| stream | Input stream to parse for access control. |
| void usbguard::IPCServer::AccessControl::merge | ( | const AccessControl & | rhs | ) |
Merges all privileges of rhs with this.
| rhs | Object whose privileges will be merged with this. |
| void usbguard::IPCServer::AccessControl::merge | ( | const std::string & | access_control_string | ) |
Merges all privileges contained in access_control_string with this.
| access_control_string | String containing privileges that should be merged with this. |
| IPCServer::AccessControl & usbguard::IPCServer::AccessControl::operator= | ( | const AccessControl & | rhs | ) |
Assignes insides of object rhs to this.
| rhs | Object to assign. |
|
static |
Returns privilege representation of given string.
| privilege_string | String to parse. |
| runtime_error | If given string is not a valid privilege. |
|
static |
Returns string representation of given privilege.
| privilege | Privilege to transform. |
| runtime_error | If given privilege is not a valid Privilege. |
| void usbguard::IPCServer::AccessControl::save | ( | std::ostream & | stream | ) | const |
Writes access control to given output stream.
Access control is saved in following format: <section>=<privilege1>[,<privilege2>[,<privilege3>]] where every section is on a separate line.
| stream | Stream to which this access control should be saved. |
|
static |
Returns section representation of given string.
| section_string | String to parse. |
| runtime_error | If given string is not a valid Section. |
|
static |
Returns string representation of given section.
| section | Section to transform. |
| runtime_error | If given section is not a valid Section. |
Inserts privilege into access control.
| section | Section for which the privilege should be set. |
| privilege | Privilede to be set. |
| USBGUARD_BUG | If section is NONE. |
1.8.15