+#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <cstdlib>
#include "dpm.h"
+#include "../nmlib/json_policy/inc/json_policy.h"
char s[1024];
DPM *dpm;
+char *id;
void print_menu(const char *state_s, const char *menu_s)
{
END;
}
+const char* pname[] = {
+ "camera",
+ "microphone",
+ "location",
+ "usb_mass_storage",
+ "clipboard",
+ "debugging",
+ "wifi",
+ "wifi_hotspot",
+ "bt_tethering",
+ "usb_tethering",
+ "bt_mode_change",
+ "bt_desktop_conn",
+ "bt_pairing",
+ "messaging",
+ "email",
+ "browser",
+
+ "pack_install",
+ "pack_reinstall",
+ "pack_uninstall",
+ "pack_move",
+
+ "add_ptobl", // add_privilege_to_blacklist
+ "remove_pfrombl", // remove_privilege_from_blacklist
+
+ "bt_bl_add_dev", // bluetooth_add_device_to_blacklist
+ "bt_bl_del_dev", // bluetooth_remove_device_from_blacklist
+ "bt_dev_restr", // bluetooth_set_device_restriction
+ "bt_bl_add_uuid", // bluetooth_add_uuid_to_blacklist
+ "bt_bl_del_uuid", // bluetooth_remove_uuid_from_blacklist
+ "bt_uuid_restr", // bluetooth_set_uuid_restriction
+
+ "lockout_screen", // lockout_screen();
+ "internal_storage_encryption", // set_internal_storage_encryption(bool encrypt);
+ "external_storage_encryption", // set_external_storage_encryption(bool encrypt);
+ "wipe_external_data", // wipe_external_data();
+ "wipe_internal_data", // wipe_internal_data();
+
+ "wifi_profile_change_restr", // wifi_set_profile_change_restriction(bool enable);
+ "wifi_network_access_restr", // wifi_set_network_access_restriction(bool enable);
+ "wifi_add_ssid_to_bl", // wifi_add_ssid_to_blocklist(const char* ssid);
+ "wifi_del_ssid_from_bl", // wifi_remove_ssid_from_blocklist(const char* ssid);
+
+};
+
+void process_policy(FILE *f)
+{
+ dpm_error err = DPM_OK;
+ static char param[1024];
+
+ try
+ {
+ if (fscanf(f, "%s", s) != 1) throw "can't read policy name";
+ if (fscanf(f, "%s", param) != 1) throw "can't read policy parameter";
+
+ bool allow = false;
+ if (!strcmp(param, "on")) allow = true;
+ else if (!strcmp(param, "allow")) allow = true;
+ else if (!strcmp(param, "enable")) allow = true;
+
+ printf("[%s] policy: %s %s (%s)\n", id, s, param, allow ? "true" : "false");
+
+ int c = 0;
+ if (!strcmp(s, pname[c++]))
+ err = dpm->set_camera_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_microphone_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_location_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_external_storage_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_clipboard_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_usb_debugging_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_wifi_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_wifi_hotspot_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_bluetooth_tethering_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_usb_tethering_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_bluetooth_mode_change_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_bluetooth_desktop_connectivity_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_bluetooth_pairing_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_messaging_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_popimap_email_state(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_browser_state(allow);
+
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_package_restriction(DPM::PACKAGE_INSTALL, allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_package_restriction(DPM::PACKAGE_UNINSTALL, allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_package_restriction(DPM::PACKAGE_REINSTALL, allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_package_restriction(DPM::PACKAGE_MOVE, allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_package_restriction(DPM::PACKAGE_ALL, allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->add_privilege_to_blacklist(param);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->remove_privilege_from_blacklist(param);
+
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->bluetooth_add_device_to_blacklist(param);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->bluetooth_remove_device_from_blacklist(param);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->bluetooth_set_device_restriction(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->bluetooth_add_uuid_to_blacklist(param);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->bluetooth_remove_uuid_from_blacklist(param);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->bluetooth_set_uuid_restriction(allow);
+
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->lockout_screen();
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_internal_storage_encryption(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->set_external_storage_encryption(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->wipe_external_data();
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->wipe_internal_data();
+
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->wifi_set_profile_change_restriction(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->wifi_set_network_access_restriction(allow);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->wifi_add_ssid_to_blocklist(param);
+ else if (!strcmp(s, pname[c++]))
+ err = dpm->wifi_remove_ssid_from_blocklist(param);
+
+ }
+ catch (const char *e)
+ {
+ printf("error: %s\n", e);
+ }
+}
int main(int argc, char* argv[])
{
dpm = new DPM;
+ if (argc == 3)
+ {
+ id = argv[1];
+ printf("ID: %s\n", id);
+
+ char *fname = argv[2];
+ FILE *f = fopen(fname, "r");
+ if (f)
+ {
+ while (feof(f) != EOF)
+ {
+ if (fscanf(f, "%s", s) != 1) break;
+ if (s[0] == '/')
+ {
+ // skip comment
+ while (feof(f) != EOF)
+ {
+ if (fgetc(f) == '\n') break;
+ }
+ continue;
+ }
+ else if (!strcmp(s, "-t"))
+ {
+ int t;
+ if (fscanf(f, "%i", &t) != 1) break;
+ printf("[%s] sleep(%i)\n", id, t);
+ usleep(t);
+ }
+ else if (!strcmp(s, "-p"))
+ process_policy(f);
+ else
+ printf("[%s] error: unknown command %s\n", id, s);
+ }
+ fclose(f);
+ }
+ else
+ printf("[%s] error: can't open file %s\n", id, fname);
+
+ return 0;
+ }
+
try
{
while (1)
projects / platform / core / security / suspicious-activity-monitor.git / commitdiff