-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <cstdlib>
-#include "dpm.h"
+#include <string>
+#include <vector>
+#include <iostream>
+#include <stdexcept>
+#include <cctype>
+#include "tvpolicy.h"
-char s[1024];
+// #include "dpm.h"
-DPM *dpm;
-char *id = (char*)"agent";
+using namespace std;
-void print_menu(const char *state_s, const char *menu_s)
+enum class State
{
- printf("\n=================\n");
- printf("%s", state_s);
- printf("Select operation:\n");
- printf("%s", menu_s);
- printf(" q - Back\n");
-}
-
-//##################
-int res;
-#define BEGIN(state_s, menu_s) \
- print_menu(state_s, menu_s); \
- while(1) \
- {\
- res = scanf("%s", s);\
- if (!strcmp(s, "q")) return;
-
-//##################
-
-#define END else printf("Wrong input\n");}
-//##################
-
-bool prest[4];
-
-void pack_restrict(int mode, bool on)
-{
- DPM::package_mode pmod;
-
- if (mode == 0) pmod = DPM::PACKAGE_INSTALL;
- if (mode == 1) pmod = DPM::PACKAGE_UNINSTALL;
- if (mode == 2) pmod = DPM::PACKAGE_REINSTALL;
- if (mode == 3) pmod = DPM::PACKAGE_MOVE;
- if (mode == 4) pmod = DPM::PACKAGE_ALL;
-
- dpm_error err;
- err = dpm->set_package_restriction(pmod, on);
-
- if (err == DPM_OK)
- printf("%s\n", on ? "Restricted" : "Allowed");
- else
- printf("Error: %s\n", dpm->get_error_string(err));
-
- if (mode == 4)
- {
- prest[0] = on;
- prest[1] = on;
- prest[2] = on;
- prest[3] = on;
-
-// if (on)
-// printf("All restricted\n");
-// else
-// printf("All allowed\n");
- }
- else if (mode >= 0 && mode < 4)
- {
- prest[mode] = on;
-
-// if (mode == 0) printf("Package install ");
-// if (mode == 1) printf("Package uninstall ");
-// if (mode == 2) printf("Package reinstall ");
-// if (mode == 3) printf("Package move ");
-// printf("%s\n", on ? "restricted" : "allowed");
- }
-}
-
-void priv_list(const char *name, bool add)
-{
- dpm_error err;
-
- if (add)
- err = dpm->add_privilege_to_blacklist(name);
- else
- err = dpm->remove_privilege_from_blacklist(name);
-
- if (err == DPM_OK)
- {
- if (add)
- printf("Privilege <%s> added\n", name);
- else
- printf("Privilege <%s> removed\n", name);
- }
- else
- printf("Error: %s\n", dpm->get_error_string(err));
-}
-
-void pack_state(char *st)
-{
- sprintf(st, " %s: %s\n %s: %s\n %s: %s\n %s: %s\n",
- "Package install", prest[0] ? "restricted" : "allowed",
- "Package uninstall", prest[1] ? "restricted" : "allowed",
- "Package reinstall", prest[2] ? "restricted" : "allowed",
- "Package move", prest[3] ? "restricted" : "allowed"
- );
-}
-
-//##################
-
-void menu_package()
-{
- char st[256];
-
- pack_state(st);
-
- BEGIN(st,
- " 1 - Package install restriction on\n"
- " 2 - Package install restriction off\n"
- " 3 - Package uninstall restriction on\n"
- " 4 - Package uninstall restriction off\n"
- " 5 - Package reinstall restriction on\n"
- " 6 - Package reinstall restriction off\n"
- " 7 - Package move restriction on\n"
- " 8 - Package move restriction off\n"
- " 9 - All package restrictions on\n"
- " 0 - All package restrictions off\n"
- )
- else if (!strcmp(s, "1")) pack_restrict(0, true);
- else if (!strcmp(s, "2")) pack_restrict(0, false);
- else if (!strcmp(s, "3")) pack_restrict(1, true);
- else if (!strcmp(s, "4")) pack_restrict(1, false);
- else if (!strcmp(s, "5")) pack_restrict(2, true);
- else if (!strcmp(s, "6")) pack_restrict(2, false);
- else if (!strcmp(s, "7")) pack_restrict(3, true);
- else if (!strcmp(s, "8")) pack_restrict(3, false);
- else if (!strcmp(s, "9")) pack_restrict(4, true);
- else if (!strcmp(s, "0")) pack_restrict(4, false);
- else printf("Wrong input\n");
- pack_state(st);
- printf("State:\n%s\n", st);
- }
-}
-
-void menu_app()
-{
- while(1)
- {
- BEGIN("", " 1 - package restrictions menu\n"
- " 2 - add privilege to blacklist\n"
- " 3 - remove privilege from blacklist\n")
- else if (!strcmp(s, "1"))
- {
- menu_package();
- break;
- }
- else if (!strcmp(s, "2"))
- {
- printf("Enter the privilege name: ");
- res = scanf("%s", s);
- priv_list(s, true);
- }
- else if (!strcmp(s, "3"))
- {
- printf("Enter the privilege name: ");
- res = scanf("%s", s);
- priv_list(s, false);
- }
- END;
- }
-}
-
-//----------------------------------------------
-void dev_bl(const char *mac, bool add)
-{
- dpm_error err;
- if (add)
- err = dpm->bluetooth_add_device_to_blacklist(mac);
- else
- err = dpm->bluetooth_remove_device_from_blacklist(mac);
-
- if (err == DPM_OK)
- printf("MAC %s %s\n", mac, add ? "added" : "removed");
- else
- printf("Error: %s\n", dpm->get_error_string(err));
-}
-
-void uuid_bl(const char *uuid, bool add)
-{
- dpm_error err;
- if (add)
- err = dpm->bluetooth_add_uuid_to_blacklist(uuid);
- else
- err = dpm->bluetooth_remove_uuid_from_blacklist(uuid);
-
- if (err == DPM_OK)
- printf("UUID %s %s\n", uuid, add ? "added" : "removed");
- else
- printf("Error: %s\n", dpm->get_error_string(err));
-}
-
-bool device_restriction;
-bool uuid_restriction;
-
-void menu_bt()
-{
- char st[256];
-
- dpm_error err;
- err = dpm->bluetooth_is_device_restricted(device_restriction);
- if (err != DPM_OK)
- printf("bluetooth_is_device_restricted() error: %s\n", dpm->get_error_string(err));
- err = dpm->bluetooth_is_uuid_restricted(uuid_restriction);
- if (err != DPM_OK)
- printf("bluetooth_is_uuid_restricted() error: %s\n", dpm->get_error_string(err));
-
- sprintf(st, "Bluetooth restrictions:\n %s: %s\n %s: %s\n",
- "Device restriction", device_restriction ? "on" : "off",
- "UUID restriction", uuid_restriction ? "on" : "off"
- );
-
- BEGIN(st,
- " 1 - add device to blacklist\n"
- " 2 - remove device from blacklist\n"
- " 3 - enable device restriction\n"
- " 4 - disable device restriction\n"
- " 5 - add UUID to blacklist\n"
- " 6 - remove UUID from blacklist\n"
- " 7 - enable UUID restriction\n"
- " 8 - disable UUID restriction\n"
- )
-
- else if (!strcmp(s, "1"))
- {
- printf("Enter MAC address: ");
- res = scanf("%s", s);
- dev_bl(s, true);
- }
- else if (!strcmp(s, "2"))
- {
- printf("Enter MAC address: ");
- res = scanf("%s", s);
- dev_bl(s, false);
- }
- else if (!strcmp(s, "3"))
- {
- device_restriction = true;
- printf("device restriction on\n");
- }
- else if (!strcmp(s, "4"))
- {
- device_restriction = false;
- printf("device restriction off\n");
- }
- else if (!strcmp(s, "5"))
- {
- printf("Enter UUID: ");
- res = scanf("%s", s);
- dev_bl(s, true);
- }
- else if (!strcmp(s, "6"))
- {
- printf("Enter UUID: ");
- res = scanf("%s", s);
- dev_bl(s, false);
- }
- else if (!strcmp(s, "7"))
- {
- uuid_restriction = true;
- printf("UUID restriction on\n");
- }
- else if (!strcmp(s, "8"))
- {
- uuid_restriction = false;
- printf("UUID restriction off\n");
- }
- END;
-}
-
-//----------------------------------------------
-bool rst[32]; // restricted
-
-const char* item[] = {
- "Camera ",
- "Microphone ",
- "Location ",
- "USB mass storage ",
- "Clipboard ",
- "Debugging ",
- "WiFi ",
- "WiFi hotspot ",
- "Bluetooth tethering ",
- "USB tethering ",
- "Bluetooth mode change ",
- "Bluetooth desktop conn ",
- "Bluetooth pairing ",
- "SMS or text messaging ",
- "POP or IMAP email ",
- "WEB browser "
+ Main,
+ Show,
+ Usb,
+ ScreenCapture,
+ Bluetooth,
+ Iptables,
+ IptablesAdd,
+ IptablesRemove
};
-void get_rst_state(char *str)
+void applyPolicy(const TvPolicy& /*policy*/)
{
- char *p = str;
- bool allow = false;
- dpm_error err;
- int i = 0;
-
- err = dpm->get_camera_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_microphone_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_location_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_external_storage_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_clipboard_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_usb_debugging_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_wifi_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_wifi_hotspot_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_bluetooth_tethering_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_usb_tethering_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_bluetooth_mode_change_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_bluetooth_desktop_connectivity_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_bluetooth_pairing_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_messaging_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_popimap_email_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
- err = dpm->get_browser_state(allow);
- if (err == DPM_OK)
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], allow ? "allowed" : "disallowed");
- else
- p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], dpm->get_error_string(err));
- rst[i++] = allow;
-
-// for(int i = 0; i < 16; i++)
-// p += sprintf(p, " %i) %s: %s\n", i + 1, item[i], rst[i] ? "disallowed" : "allowed");
}
-void menu_restrict()
+void read_line(istream& is, string& out)
{
- static char st[1024];
- static char items[1024];
- char *p = items;
- dpm_error err = DPM_OK;
-
- get_rst_state(st);
-
- for(int i = 0; i < 16; i++)
- p += sprintf(p, " %i - %s\n", i + 1, item[i]);
-
- BEGIN(st, items)
- else if (atoi(s) > 0 && atoi(s) <= 16)
- {
- int n = atoi(s);
- rst[n - 1] = !rst[n - 1];
-
- if (n == 1) err = dpm->set_camera_state(rst[n - 1]);
- else if (n == 2) err = dpm->set_microphone_state(rst[n - 1]);
- else if (n == 3) err = dpm->set_location_state(rst[n - 1]);
- else if (n == 4) err = dpm->set_external_storage_state(rst[n - 1]);
- else if (n == 5) err = dpm->set_clipboard_state(rst[n - 1]);
- else if (n == 6) err = dpm->set_usb_debugging_state(rst[n - 1]);
- else if (n == 7) err = dpm->set_wifi_state(rst[n - 1]);
- else if (n == 8) err = dpm->set_wifi_hotspot_state(rst[n - 1]);
- else if (n == 9) err = dpm->set_bluetooth_tethering_state(rst[n - 1]);
- else if (n == 10) err = dpm->set_usb_tethering_state(rst[n - 1]);
- else if (n == 11) err = dpm->set_bluetooth_mode_change_state(rst[n - 1]);
- else if (n == 12) err = dpm->set_bluetooth_desktop_connectivity_state(rst[n - 1]);
- else if (n == 13) err = dpm->set_bluetooth_pairing_state(rst[n - 1]);
- else if (n == 14) err = dpm->set_messaging_state(rst[n - 1]);
- else if (n == 15) err = dpm->set_popimap_email_state(rst[n - 1]);
- else if (n == 16) err = dpm->set_browser_state(rst[n - 1]);
-
- if (err == DPM_OK)
- printf(" %s: %s\n", item[n-1], rst[n-1] ? "allowed" : "disallowed");
- else
- printf(" %s error: %s\n", item[n-1], dpm->get_error_string(err));
-
- get_rst_state(st);
- printf("State:\n%s", st);
- }
-
- END
+ char c;
+ out.clear();
+ is.get(c);
+ if (c != 'r' && c != '\n') out.push_back(c);
+
+ for (;;)
+ {
+ is.get(c);
+ if (c == '\r' || c == '\n') break;
+ out.push_back(c);
+ }
}
-//----------------------------------------------
-void menu_sequrity()
+vector<string> split(const string& str, const char delim)
{
- dpm_error err;
-
- BEGIN("",
- " 1 - lock the device screen immediately\n"
- " 2 - encrypt internal storage\n"
- " 3 - decrypt internal storage\n"
- " 4 - encrypt external storage\n"
- " 5 - decrypt external storage\n"
- " 6 - wipe internal memory\n"
- " 7 - wipe external memory\n"
- )
-
- else if (!strcmp(s, "1"))
- {
- err = dpm->lockout_screen();
- if (err == DPM_OK)
- printf("device screen locked\n");
- else
- printf("%s\n", dpm->get_error_string(err));
- }
- else if (!strcmp(s, "2"))
- {
- err = dpm->set_internal_storage_encryption(true);
- if (err == DPM_OK)
- printf("internal storage encrypted\n");
- else
- printf("%s\n", dpm->get_error_string(err));
- }
- else if (!strcmp(s, "3"))
- {
- err = dpm->set_internal_storage_encryption(false);
- if (err == DPM_OK)
- printf("internal storage decrypted\n");
- else
- printf("%s\n", dpm->get_error_string(err));
- }
- else if (!strcmp(s, "4"))
- {
- err = dpm->set_external_storage_encryption(true);
- if (err == DPM_OK)
- printf("external storage encrypted\n");
- else
- printf("%s\n", dpm->get_error_string(err));
- }
- else if (!strcmp(s, "5"))
- {
- err = dpm->set_external_storage_encryption(false);
- if (err == DPM_OK)
- printf("external storage decrypted\n");
- else
- printf("%s\n", dpm->get_error_string(err));
- }
- else if (!strcmp(s, "6"))
- {
- err = dpm->wipe_internal_data();
- if (err == DPM_OK)
- printf("internal memory wiped\n");
- else
- printf("%s\n", dpm->get_error_string(err));
- }
- else if (!strcmp(s, "7"))
- {
- err = dpm->wipe_external_data();
- if (err == DPM_OK)
- printf("external memory wiped\n");
- else
- printf("%s\n", dpm->get_error_string(err));
- }
- END;
+ vector<string> v;
+ string::size_type spos = 0;
+ string::size_type epos = string::npos;
+
+ while((epos = str.find(delim, spos)) != string::npos)
+ {
+ v.push_back(str.substr(spos, epos - spos));
+ spos = epos + 1;
+ if (spos >= str.length()) break;
+ }
+
+ if (spos < str.length())
+ {
+ v.push_back(str.substr(spos, epos));
+ }
+
+ return v;
}
-//----------------------------------------------
-
-bool wifi_prof_change;
-bool wifi_network_access;
-
-void menu_wifi()
+string strip(const string& str)
{
- static char st[256];
- dpm_error err;
-
- err = dpm->wifi_is_profile_change_restricted(wifi_prof_change);
- if (err != DPM_OK)
- printf("Profile change error: %s\n", dpm->get_error_string(err));
- err = dpm->wifi_is_network_access_restricted(wifi_network_access);
- if (err != DPM_OK)
- printf("Network access error: %s\n", dpm->get_error_string(err));
-
- sprintf(st, "WiFi restrictions:\n %s: %s\n %s: %s\n",
- "Profile change", wifi_prof_change ? "restricted" : "allowed",
- "Network access", wifi_network_access ? "restricted" : "allowed"
- );
-
- BEGIN(st,
- " 1 - enable profile change restriction\n"
- " 2 - disable profile change restriction\n"
- " 3 - enable network access restriction\n"
- " 4 - disable network access restriction\n"
- " 5 - add SSID to blacklist\n"
- " 6 - remove SSID from blacklist\n"
- )
-
- else if (!strcmp(s, "1"))
- {
- wifi_prof_change = true;
- err = dpm->wifi_set_profile_change_restriction(wifi_prof_change);
- if (err != DPM_OK)
- printf("Profile change error: %s\n", dpm->get_error_string(err));
- else
- printf("Profile change restriction on\n");
- }
- else if (!strcmp(s, "2"))
- {
- wifi_prof_change = false;
- err = dpm->wifi_set_profile_change_restriction(wifi_prof_change);
- if (err != DPM_OK)
- printf("Profile change error: %s\n", dpm->get_error_string(err));
- else
- printf("Profile change restriction off\n");
- }
- else if (!strcmp(s, "3"))
- {
- wifi_network_access = true;
- err = dpm->wifi_set_network_access_restriction(wifi_network_access);
- if (err != DPM_OK)
- printf("Network access error: %s\n", dpm->get_error_string(err));
- else
- printf("Network access restriction on\n");
- }
- else if (!strcmp(s, "4"))
- {
- wifi_network_access = false;
- err = dpm->wifi_set_network_access_restriction(wifi_network_access);
- if (err != DPM_OK)
- printf("Network access error: %s\n", dpm->get_error_string(err));
- else
- printf("Network access restriction off\n");
- }
- else if (!strcmp(s, "5"))
- {
- printf("Enter SSID: ");
- res = scanf("%s", s);
- err = dpm->wifi_add_ssid_to_blocklist(s);
- if (err != DPM_OK)
- printf("Blacklist error: %s\n", dpm->get_error_string(err));
- else
- printf("SSID [%s] added\n", s);
- }
- else if (!strcmp(s, "6"))
- {
- printf("Enter SSID: ");
- res = scanf("%s", s);
- err = dpm->wifi_remove_ssid_from_blocklist(s);
- if (err != DPM_OK)
- printf("Blacklist error: %s\n", dpm->get_error_string(err));
- else
- printf("SSID [%s] removed\n", s);
- }
- END;
-}
+ string s;
+ auto it = str.cbegin();
-const char* pname[] = {
- "camera",
- "microphone",
- "location",
- "usb_mass_storage",
- "clipboard",
- "debugging",
- "wifi",
- "wifi_hotspot",
- "bt_tethering",
- "usb_tethering",
- "bt_mode_change",
- "bt_desktop_conn",
- "bt_pairing",
- "messaging",
- "email",
- "browser",
-
- "pack_install",
- "pack_uninstall",
- "pack_reinstall",
- "pack_move",
- "pack_all",
-
- "add_ptobl", // add_privilege_to_blacklist
- "remove_pfrombl", // remove_privilege_from_blacklist
-
- "bt_bl_add_dev", // bluetooth_add_device_to_blacklist
- "bt_bl_del_dev", // bluetooth_remove_device_from_blacklist
- "bt_dev_restr", // bluetooth_set_device_restriction
- "bt_bl_add_uuid", // bluetooth_add_uuid_to_blacklist
- "bt_bl_del_uuid", // bluetooth_remove_uuid_from_blacklist
- "bt_uuid_restr", // bluetooth_set_uuid_restriction
-
- "lockout_screen", // lockout_screen();
- "internal_storage_encryption", // set_internal_storage_encryption(bool encrypt);
- "external_storage_encryption", // set_external_storage_encryption(bool encrypt);
- "wipe_external_data", // wipe_external_data();
- "wipe_internal_data", // wipe_internal_data();
-
- "wifi_profile_change_restr", // wifi_set_profile_change_restriction(bool enable);
- "wifi_network_access_restr", // wifi_set_network_access_restriction(bool enable);
- "wifi_add_ssid_to_bl", // wifi_add_ssid_to_blocklist(const char* ssid);
- "wifi_del_ssid_from_bl", // wifi_remove_ssid_from_blocklist(const char* ssid);
+ while(it != str.cend() && isspace(*it)) ++it;
-};
+ while(it != str.cend() && !isspace(*it))
+ {
+ s.push_back(*it);
+ ++it;
+ }
-void process_policy(FILE *f)
-{
- dpm_error err = DPM_OK;
- static char param[1024];
-
- try
- {
- if (fscanf(f, "%s", s) != 1) throw "can't read policy name";
- if (fscanf(f, "%s", param) != 1) throw "can't read policy parameter";
-
- bool allow = false;
- if (!strcmp(param, "on")) allow = true;
- else if (!strcmp(param, "allow")) allow = true;
- else if (!strcmp(param, "enable")) allow = true;
-
- printf("[%s] policy: %s %s (%s)\n", id, s, param, allow ? "true" : "false");
-
- int c = 0;
- if (!strcmp(s, pname[c++]))
- err = dpm->set_camera_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_microphone_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_location_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_external_storage_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_clipboard_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_usb_debugging_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_wifi_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_wifi_hotspot_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_bluetooth_tethering_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_usb_tethering_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_bluetooth_mode_change_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_bluetooth_desktop_connectivity_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_bluetooth_pairing_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_messaging_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_popimap_email_state(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_browser_state(allow);
-
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_package_restriction(DPM::PACKAGE_INSTALL, allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_package_restriction(DPM::PACKAGE_UNINSTALL, allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_package_restriction(DPM::PACKAGE_REINSTALL, allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_package_restriction(DPM::PACKAGE_MOVE, allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_package_restriction(DPM::PACKAGE_ALL, allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->add_privilege_to_blacklist(param);
- else if (!strcmp(s, pname[c++]))
- err = dpm->remove_privilege_from_blacklist(param);
-
- else if (!strcmp(s, pname[c++]))
- err = dpm->bluetooth_add_device_to_blacklist(param);
- else if (!strcmp(s, pname[c++]))
- err = dpm->bluetooth_remove_device_from_blacklist(param);
- else if (!strcmp(s, pname[c++]))
- err = dpm->bluetooth_set_device_restriction(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->bluetooth_add_uuid_to_blacklist(param);
- else if (!strcmp(s, pname[c++]))
- err = dpm->bluetooth_remove_uuid_from_blacklist(param);
- else if (!strcmp(s, pname[c++]))
- err = dpm->bluetooth_set_uuid_restriction(allow);
-
- else if (!strcmp(s, pname[c++]))
- err = dpm->lockout_screen();
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_internal_storage_encryption(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->set_external_storage_encryption(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->wipe_external_data();
- else if (!strcmp(s, pname[c++]))
- err = dpm->wipe_internal_data();
-
- else if (!strcmp(s, pname[c++]))
- err = dpm->wifi_set_profile_change_restriction(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->wifi_set_network_access_restriction(allow);
- else if (!strcmp(s, pname[c++]))
- err = dpm->wifi_add_ssid_to_blocklist(param);
- else if (!strcmp(s, pname[c++]))
- err = dpm->wifi_remove_ssid_from_blocklist(param);
-
- //if (err != DPM_OK) printf("Error: %i\n", (int)err);
-
- }
- catch (const char *e)
- {
- printf("error: %s\n", e);
- }
+ return s;
}
int main(int argc, char* argv[])
{
- printf("#############################\n");
- printf("#### Reference Agent App ####\n");
- printf("#############################\n");
-
- if (argc > 1) id = argv[1];
- printf("AgentID: %s\n", id);
- dpm = new DPM(id);
-
- if (argc == 3)
- {
- char *fname = argv[2];
- FILE *f = fopen(fname, "r");
- if (f)
- {
- while (feof(f) != EOF)
- {
- if (fscanf(f, "%s", s) != 1) break;
- if (s[0] == '/')
- {
- // skip comment
- while (feof(f) != EOF)
- {
- if (fgetc(f) == '\n') break;
- }
- continue;
- }
- else if (!strcmp(s, "-t"))
- {
- int t;
- if (fscanf(f, "%i", &t) != 1) break;
- printf("[%s] sleep(%i)\n", id, t);
- usleep(t);
- }
- else if (!strcmp(s, "-p"))
- process_policy(f);
- else
- printf("[%s] error: unknown command %s\n", id, s);
- }
- fclose(f);
- }
- else
- printf("[%s] error: can't open file %s\n", id, fname);
- }
- else
- {
- try
- {
- while (1)
- {
- printf("\n==============\n");
- printf("Select module:\n");
- printf(" 1 - Application\n");
- printf(" 2 - Bluetooth\n");
- printf(" 3 - Restriction\n");
- printf(" 4 - Sequrity\n");
- printf(" 5 - WiFi\n");
- printf(" q - Exit\n");
-
- while(1)
- {
- res = scanf("%s", s);
- if (!strcmp(s, "q")) throw 0;
- else if (!strcmp(s, "1")) menu_app();
- else if (!strcmp(s, "2")) menu_bt();
- else if (!strcmp(s, "3")) menu_restrict();
- else if (!strcmp(s, "4")) menu_sequrity();
- else if (!strcmp(s, "5")) menu_wifi();
- else
- {
- printf("Wrong input\n");
- continue;
- }
-
- break;
- }
- }
- }
- catch(...)
- {
-
- }
- }
-
- delete dpm;
+ string id;
+
+ if (argc > 1)
+ {
+ id = argv[1];
+ }
+ else
+ {
+ cout << "AgentID: ";
+ cin >> id;
+ }
+
+ TvPolicy policy;
+
+ try
+ {
+ State state = State::Main;
+
+ bool work = true;
+ while (work)
+ {
+ char option;
+
+ switch (state) {
+ case State::Main:
+ cout << endl << "Select policy option:" << endl;
+ cout << "\t0 - Show policy" << endl;
+ cout << "\t1 - USB" << endl;
+ cout << "\t2 - Screen Capture" << endl;
+ cout << "\t3 - Bluetooth" << endl;
+ cout << "\t4 - IPtables" << endl;
+ cout << "\t------------------\n\tq - exit" << endl;
+
+ cin >> option;
+
+ switch (option)
+ {
+ case '0':
+ state = State::Show;
+ break;
+ case '1':
+ state = State::Usb;
+ break;
+ case '2':
+ state = State::ScreenCapture;
+ break;
+ case '3':
+ state = State::Bluetooth;
+ break;
+ case '4':
+ state = State::Iptables;
+ break;
+ case 'q':
+ work = false;
+ break;
+ default:
+ cout << "Unsupported option" << endl << endl;
+ }
+
+ break;
+ case State::Show:
+ cout << policy.makePolicy() << endl;
+ state = State::Main;
+ break;
+ case State::Usb:
+ cout << endl << "USB options:" << endl;
+ cout << "----------------------" << endl;
+ cout << policy.getUsbPolicy().toStyledString();
+ cout << "----------------------" << endl;
+ cout << " 1 - USB enable" << endl;
+ cout << " 2 - USB disable" << endl;
+ cout << " 0 - Back" << endl;
+ cout << " ------------------\n\tq - exit" << endl;
+
+ cin >> option;
+
+ switch (option)
+ {
+ case '1':
+ policy.setUsbSate(true);
+ applyPolicy(policy);
+ break;
+ case '2':
+ policy.setUsbSate(false);
+ applyPolicy(policy);
+ break;
+ case '0':
+ state = State::Main;
+ break;
+ case 'q':
+ work = false;
+ break;
+ default:
+ cout << "Unsupported option" << endl << endl;
+ }
+
+ break;
+ case State::ScreenCapture:
+ cout << endl << "Screen Capture options:" << endl;
+ cout << "----------------------" << endl;
+ cout << policy.getScreenCapturePolicy().toStyledString();
+ cout << "----------------------" << endl;
+ cout << " 1 - Screen Capture enable" << endl;
+ cout << " 2 - Screen Capture disable" << endl;
+ cout << " 0 - Back" << endl;
+ cout << " ------------------\n\tq - exit" << endl;
+
+ cin >> option;
+
+ switch (option)
+ {
+ case '1':
+ policy.setScreenCaptureState(true);
+ applyPolicy(policy);
+ break;
+ case '2':
+ policy.setScreenCaptureState(false);
+ applyPolicy(policy);
+ break;
+ case '0':
+ state = State::Main;
+ break;
+ case 'q':
+ work = false;
+ break;
+ default:
+ cout << "Unsupported option" << endl << endl;
+ }
+
+ break;
+ case State::Bluetooth:
+ cout << endl << "Bluetooth options:" << endl;
+ cout << "----------------------" << endl;
+ cout << policy.getBluetoothPolicy().toStyledString();
+ cout << "----------------------" << endl;
+ cout << " 1 - Bluetooth enable" << endl;
+ cout << " 2 - Bluetooth disable" << endl;
+ cout << " 0 - Back" << endl;
+ cout << " ------------------\n\tq - exit" << endl;
+
+ cin >> option;
+
+ switch (option)
+ {
+ case '1':
+ policy.setBluetoothState(true);
+ applyPolicy(policy);
+ break;
+ case '2':
+ policy.setBluetoothState(false);
+ applyPolicy(policy);
+ break;
+ case '0':
+ state = State::Main;
+ break;
+ case 'q':
+ work = false;
+ break;
+ default:
+ cout << "Unsupported option" << endl << endl;
+ }
+
+ break;
+ case State::Iptables:
+ cout << endl << "Iptables options:" << endl;
+ cout << "----------------------" << endl;
+ cout << policy.getIptablesPolicy().toStyledString();
+ cout << "----------------------" << endl;
+ cout << " 1 - Iptables enable" << endl;
+ cout << " 2 - Iptables disable" << endl;
+ cout << " 3 - Iptables add to block list" << endl;
+ cout << " 4 - Iptables remove from blocklist" << endl;
+ cout << " 0 - Back" << endl;
+ cout << " ------------------\n\tq - exit" << endl;
+
+ cin >> option;
+
+ switch (option)
+ {
+ case '1':
+ policy.setIptablesState(true);
+ applyPolicy(policy);
+ break;
+ case '2':
+ policy.setIptablesState(false);
+ applyPolicy(policy);
+ break;
+ case '3':
+ state = State::IptablesAdd;
+ break;
+ case '4':
+ state = State::IptablesRemove;
+ break;
+ case '0':
+ state = State::Main;
+ break;
+ case 'q':
+ work = false;
+ break;
+ default:
+ cout << "Unsupported option" << endl << endl;
+ }
+ break;
+ case State::IptablesAdd:
+ {
+ try
+ {
+ cout << endl << "Iptables add to block list:" << endl;
+ cout << "----------------------" << endl;
+ cout << " Enter ip address: ";
+ string ip, ports;
+ cin >> ip;
+ unsigned proto;
+ do
+ {
+ cout << " Enter protocol (1 - UDP, 2 - TCP): ";
+ cin >> proto;
+ } while (proto != 1 && proto != 2);
+
+ cout << " Enter ports (one value, coma separated list, or range as start-end)" << endl;
+ cout << " Examples:" << endl << " 1234" << endl << " 80,8080,8000" << endl << " 22-1000" << endl;
+ read_line(cin, ports);
+
+ auto pos = ports.find('-');
+
+ IPTablesProtocol p = proto == 1 ? IPTablesProtocol::UDP : IPTablesProtocol::TCP;
+
+ if (pos != string::npos)
+ {
+ string start = strip(ports.substr(0, pos));
+ string end = strip(ports.substr(pos + 1, string::npos));
+ policy.iptablesAddBlockRange(ip, p, std::stoul(start), std::stoul(end));
+ }
+ else
+ {
+ auto sports = split(ports, ',');
+
+ std::vector<unsigned short> vports;
+ for (auto sport : sports)
+ {
+ vports.push_back((unsigned short)std::stoul(strip(sport)));
+ }
+
+ policy.iptablesAddBlock(ip, p, vports);
+ applyPolicy(policy);
+ }
+ }
+ catch (...)
+ {
+ cout << "Wrong format" << endl;
+ }
+
+ }
+ state = State::Iptables;
+ break;
+ case State::IptablesRemove:
+ {
+ try
+ {
+ cout << endl << "Iptables remove from block list:" << endl;
+ cout << "----------------------" << endl;
+ cout << " Enter ip address: ";
+ string ip, ports;
+ cin >> ip;
+ unsigned proto;
+ do
+ {
+ cout << " Enter protocol (1 - UDP, 2 - TCP): ";
+ cin >> proto;
+ } while (proto != 1 && proto != 2);
+
+ IPTablesProtocol p = proto == 1 ? IPTablesProtocol::UDP : IPTablesProtocol::TCP;
+
+ policy.iptablesRemoveBlock(ip, p);
+ applyPolicy(policy);
+ }
+ catch (...)
+ {
+ cout << "Wrong format" << endl;
+ }
+
+ }
+ state = State::Iptables;
+ break;
+ }
+ }
+ }
+ catch(std::exception& e)
+ {
+ cerr << "Exception thrown: " << e.what() << endl;
+ }
+
+ cout << "Bye" << endl;
return 0;
}
projects / platform / core / security / suspicious-activity-monitor.git / commitdiff