From fde970f2a3d6a319f9c3a6f1eaba51668fe0f76b Mon Sep 17 00:00:00 2001 From: Janusz Kozerski Date: Fri, 25 Apr 2014 14:58:16 +0200 Subject: [PATCH] Add switches for EVM state. Fix logs. Changes: * Rename existing switch and checkbox from "IMA/EVM" to "IMA". * Add switch for enable/disbale EVM. * Add checkbox for EVM Fix. Change-Id: I0e6972b0e4014cdf4519db1976b829ce0b627252 Signed-off-by: Janusz Kozerski --- packaging/im-ui.spec | 1 + po/en.po | 10 ++- po/en_US.po | 10 ++- src/im-main-menu.c | 208 ++++++++++++++++++++++++++++++++++++++++++--------- 4 files changed, 190 insertions(+), 39 deletions(-) diff --git a/packaging/im-ui.spec b/packaging/im-ui.spec index 10da3f1..5909cb0 100644 --- a/packaging/im-ui.spec +++ b/packaging/im-ui.spec @@ -9,6 +9,7 @@ Source1: %{name}.manifest Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig +Requires: ima-evm-utils BuildRequires: cmake BuildRequires: gettext-tools diff --git a/po/en.po b/po/en.po index afc0cbf..8605010 100644 --- a/po/en.po +++ b/po/en.po @@ -32,10 +32,16 @@ msgid "IDS_ST_COMPROMISED_TITLE_DENIED" msgstr "Access denied" msgid "IDS_ST_IMA_ENABLE_DISABLE_SWITCH" -msgstr "Enable/Disable" +msgstr "IMA Enable/Disable" msgid "IDS_ST_IMA_FIX_MODE_CHECKBOX" -msgstr "Fix Mode" +msgstr "IMA Fix Mode" + +msgid "IDS_ST_EVM_ENABLE_DISABLE_SWITCH" +msgstr "EVM Enable/Disable" + +msgid "IDS_ST_EVM_FIX_MODE_CHECKBOX" +msgstr "EVM Fix Mode" msgid "IDS_ST_COMPROMISED_FILES_LIST" msgstr "List of compromised files" diff --git a/po/en_US.po b/po/en_US.po index afc0cbf..8605010 100644 --- a/po/en_US.po +++ b/po/en_US.po @@ -32,10 +32,16 @@ msgid "IDS_ST_COMPROMISED_TITLE_DENIED" msgstr "Access denied" msgid "IDS_ST_IMA_ENABLE_DISABLE_SWITCH" -msgstr "Enable/Disable" +msgstr "IMA Enable/Disable" msgid "IDS_ST_IMA_FIX_MODE_CHECKBOX" -msgstr "Fix Mode" +msgstr "IMA Fix Mode" + +msgid "IDS_ST_EVM_ENABLE_DISABLE_SWITCH" +msgstr "EVM Enable/Disable" + +msgid "IDS_ST_EVM_FIX_MODE_CHECKBOX" +msgstr "EVM Fix Mode" msgid "IDS_ST_COMPROMISED_FILES_LIST" msgstr "List of compromised files" diff --git a/src/im-main-menu.c b/src/im-main-menu.c index 13fe923..d57abfc 100644 --- a/src/im-main-menu.c +++ b/src/im-main-menu.c @@ -29,8 +29,11 @@ #include "im-load-policy.h" #include "im-get-policy.h" -static int ima_state; // 0 for disabled, 1 for enabled -static int ima_fix_state; // 0 for fix off (ima enabled), 1 for fix on +static int _ima_state; // 0 for disabled, 1 for enabled +static int _ima_fix_state; // 0 for fix off (ima enabled), 1 for fix on + +static int _evm_state; // 0 for disabled, 1 for enabled +static int _evm_fix_state; // 0 for fix off (evm enabled), 1 for fix on /************************ Genlist Item Class ************************/ #define ITC_TYPE_CHECK (int)0 @@ -120,8 +123,11 @@ static void _ima_disable_all_items (Elm_Object_Item *itm) LOGD("Enter function: %s", __func__); if (!itm) return; - // Bypassing FIX check box - FIX checkbox should be active all the time - itm = elm_genlist_item_next_get(itm); + + itm = elm_genlist_item_next_get(itm); // Bypassing IMA FIX check box - + // IMA FIX checkbox should be active all the time + itm = elm_genlist_item_next_get(itm); // Bypassing EVM switch + itm = elm_genlist_item_next_get(itm); // Bypassing EVM FIX check box if (!itm) return; @@ -147,42 +153,45 @@ static void _ima_enable_all_items (Elm_Object_Item *itm) } } +// ------------------ IMA ------------------ + static void genlist_ima_enable_disable_clicked_cb(void *data, Evas_Object *obj, void *event_info) { LOGD("Enter function: %s", __func__); - (void)event_info; + if (!event_info) + return; int ret; Elm_Object_Item *it = (Elm_Object_Item *) elm_genlist_selected_item_get(obj); if (it == NULL) return; - if (ima_state == 0) { // Turning on the IMA - if (ima_fix_state == 1) { + if (_ima_state == 0) { // Turning on the IMA + if (_ima_fix_state == 1) { ret = ima_set_state(IMA_STATE_FIX); - printf("result of ima_set_ima_state(IMA_STATE_FIX): %d\n", ret); + printf("result of ima_set_state(IMA_STATE_FIX): %d\n", ret); // FIXME: this code is commented for testing purpose // if (ret) // Error // goto out; } else { ret = ima_set_state(IMA_STATE_ENABLED); - printf("result of ima_set_ima_state(IMA_STATE_ENABLED): %d\n", ret); + printf("result of ima_set_state(IMA_STATE_ENABLED): %d\n", ret); // FIXME: this code is commented for testing purpose // if (ret) // Error // goto out; } - ima_state = 1; + _ima_state = 1; ((ItemData_t *)data)->check_status = EINA_TRUE; _ima_enable_all_items(it); } else { // Turning off the IMA ret = ima_set_state(IMA_STATE_DISABLED); - printf("result of ima_set_ima_state(IMA_STATE_DISABLED): %d\n", ret); + printf("result of ima_set_state(IMA_STATE_DISABLED): %d\n", ret); // FIXME: this code is commented for testing purpose // if (ret) // Error // goto out; - ima_state = 0; + _ima_state = 0; ((ItemData_t *)data)->check_status = EINA_FALSE; _ima_disable_all_items(it); } @@ -201,28 +210,115 @@ static void genlist_ima_fix_mode_enable_disable_clicked_cb(void *data, Evas_Obje if (it == NULL) return; - if (ima_fix_state == 0) { // Turning on IMA fix state - if (ima_state == 1) { // If IMA is enabled then turn on FIX mode + if (_ima_fix_state == 0) { // Turning on IMA fix state + if (_ima_state == 1) { // If IMA is enabled then turn on FIX mode ret = ima_set_state(IMA_STATE_FIX); - printf("result of ima_set_ima_state(FIX): %d\n", ret); + printf("result of ima_set_state(FIX): %d\n", ret); // FIXME: this code is commented for testing purpose // if (ret) // Error // goto out; } // If IMA is disabled then just change the state in UI - ima_fix_state = 1; + _ima_fix_state = 1; ((ItemData_t *)data)->check_status = EINA_TRUE; } else { // Turning off IMA fix state - if (ima_state == 1) { + if (_ima_state == 1) { ret = ima_set_state(IMA_STATE_ENABLED); - printf("result of ima_set_ima_state(IMA_STATE_ENABLED): %d\n", ret); + printf("result of ima_set_state(IMA_STATE_ENABLED): %d\n", ret); // FIXME: this code is commented for testing purpose // if (ret) // Error // goto out; } // If IMA is disabled then just change the state in UI - ima_fix_state = 0; + _ima_fix_state = 0; + ((ItemData_t *)data)->check_status = EINA_FALSE; + } +//out: + elm_genlist_item_selected_set(it, EINA_FALSE); + elm_genlist_item_update(it); +} + +// ------------------ EVM ------------------ +// FIXME: Copy-paste code. Merge it with IMA switch callbacks if possible + +static void genlist_evm_enable_disable_clicked_cb(void *data, Evas_Object *obj, void *event_info) +{ + LOGD("Enter function: %s", __func__); + if (!event_info) + return; + int ret; + + Elm_Object_Item *it = (Elm_Object_Item *) elm_genlist_selected_item_get(obj); + if (it == NULL) + return; + + if (_evm_state == 0) { // Turning on the EVM + if (_evm_fix_state == 1) { + ret = evm_set_state(EVM_STATE_FIX); + printf("result of evm_set_state(EVM_STATE_FIX): %d\n", ret); + // FIXME: this code is commented for testing purpose + // if (ret) // Error + // goto out; + } + else { + ret = evm_set_state(EVM_STATE_ENABLED); + printf("result of evm_set_state(EVM_STATE_ENABLED): %d\n", ret); + // FIXME: this code is commented for testing purpose + // if (ret) // Error + // goto out; + } + _evm_state = 1; + ((ItemData_t *)data)->check_status = EINA_TRUE; + _ima_enable_all_items(it); + } + else { // Turning off the EVM + ret = evm_set_state(EVM_STATE_DISABLED); + printf("result of evm_set_state(EVM_STATE_DISABLED): %d\n", ret); + // FIXME: this code is commented for testing purpose + // if (ret) // Error + // goto out; + _evm_state = 0; + ((ItemData_t *)data)->check_status = EINA_FALSE; + _ima_disable_all_items(it); + } +// out: + elm_genlist_item_update(it); + elm_genlist_item_selected_set(it, EINA_FALSE); +} + +static void genlist_evm_fix_mode_enable_disable_clicked_cb(void *data, Evas_Object *obj, void *event_info) +{ + LOGD("Enter function: %s", __func__); + (void)event_info; + int ret; + + Elm_Object_Item *it = (Elm_Object_Item *) elm_genlist_selected_item_get(obj); + if (it == NULL) + return; + + if (_evm_fix_state == 0) { // Turning on EVM fix state + if (_evm_state == 1) { // If EVM is enabled then turn on FIX mode + ret = evm_set_state(EVM_STATE_FIX); + printf("result of evm_set_state(FIX): %d\n", ret); + // FIXME: this code is commented for testing purpose + // if (ret) // Error + // goto out; + } + // If EVM is disabled then just change the state in UI + _evm_fix_state = 1; + ((ItemData_t *)data)->check_status = EINA_TRUE; + } + else { // Turning off EVM fix state + if (_evm_state == 1) { + ret = evm_set_state(EVM_STATE_ENABLED); + printf("result of evm_set_state(EVM_STATE_ENABLED): %d\n", ret); + // FIXME: this code is commented for testing purpose + // if (ret) // Error + // goto out; + } + // If EVM is disabled then just change the state in UI + _evm_fix_state = 0; ((ItemData_t *)data)->check_status = EINA_FALSE; } //out: @@ -265,46 +361,80 @@ static void _free_itc() } } -static void _setup(Elm_Object_Item *ima_enable_item, Elm_Object_Item *ima_fix_item) +static void _setup(Elm_Object_Item *ima_enable_item, + Elm_Object_Item *ima_fix_item, + Elm_Object_Item *evm_enable_item, + Elm_Object_Item *evm_fix_item) { LOGD("Enter function: %s", __func__); - - // FIXME: When libIMA implementation will be ready ima_get_ima_state() should returns SUCCESS or ERROR_CODE, - // and is should pass the IMA state via parameter. int state = 0; - //TODO: check error code! - ima_get_state(&state); + + if (ima_get_state(&state) != LIB_SUCCESS) + goto out_ima; LOGD("IMA state returns: %d", state); if(IMA_STATE_DISABLED == state) { - ima_state = 0; - ima_fix_state = 0; + _ima_state = 0; + _ima_fix_state = 0; ((ItemData_t *)elm_object_item_data_get(ima_enable_item))->check_status = EINA_FALSE; ((ItemData_t *)elm_object_item_data_get(ima_fix_item))->check_status = EINA_FALSE; _ima_disable_all_items(ima_enable_item); } else if (IMA_STATE_ENABLED == state) { - ima_state = 1; - ima_fix_state = 0; + _ima_state = 1; + _ima_fix_state = 0; ((ItemData_t *)elm_object_item_data_get(ima_enable_item))->check_status = EINA_TRUE; ((ItemData_t *)elm_object_item_data_get(ima_fix_item))->check_status = EINA_FALSE; _ima_enable_all_items(ima_enable_item); } else if(IMA_STATE_FIX == state) { - ima_state = 1; - ima_fix_state = 1; + _ima_state = 1; + _ima_fix_state = 1; ((ItemData_t *)elm_object_item_data_get(ima_enable_item))->check_status = EINA_TRUE; ((ItemData_t *)elm_object_item_data_get(ima_fix_item))->check_status = EINA_TRUE; _ima_enable_all_items(ima_enable_item); } else { // Error while getting IMA state - LOGE("Unknown state of IMA: %d. Is IMA pressent in system?", state); +out_ima: + LOGE("Unknown state of IMA: %d. Is IMA present in system?", state); // How the switches should be set if there's no IMA? Now they are disabled - ima_state = 0; - ima_fix_state = 0; + _ima_state = 0; + _ima_fix_state = 0; ((ItemData_t *)elm_object_item_data_get(ima_enable_item))->check_status = EINA_FALSE; ((ItemData_t *)elm_object_item_data_get(ima_fix_item))->check_status = EINA_FALSE; _ima_disable_all_items(ima_enable_item); } + + // EVM state should not change the state of others controls + if (evm_get_state(&state) != LIB_SUCCESS) + goto out_evm; + LOGD("EVM state returns: %d", state); + if(EVM_STATE_DISABLED == state) { + _evm_state = 0; + _evm_fix_state = 0; + ((ItemData_t *)elm_object_item_data_get(evm_enable_item))->check_status = EINA_FALSE; + ((ItemData_t *)elm_object_item_data_get(evm_fix_item))->check_status = EINA_FALSE; + } + else if (EVM_STATE_ENABLED == state) { + _evm_state = 1; + _evm_fix_state = 0; + ((ItemData_t *)elm_object_item_data_get(evm_enable_item))->check_status = EINA_TRUE; + ((ItemData_t *)elm_object_item_data_get(evm_fix_item))->check_status = EINA_FALSE; + } + else if(EVM_STATE_FIX == state) { + _evm_state = 1; + _evm_fix_state = 1; + ((ItemData_t *)elm_object_item_data_get(evm_enable_item))->check_status = EINA_TRUE; + ((ItemData_t *)elm_object_item_data_get(evm_fix_item))->check_status = EINA_TRUE; + } + else { // Error while getting EVM state +out_evm: + LOGE("Unknown state of EVM: %d. Is EVM present in system?", state); + _evm_state = 0; + _evm_fix_state = 0; + ((ItemData_t *)elm_object_item_data_get(evm_enable_item))->check_status = EINA_FALSE; + ((ItemData_t *)elm_object_item_data_get(evm_fix_item))->check_status = EINA_FALSE; + } + } // elm_genlist_item_append wrapper @@ -363,6 +493,14 @@ void im_main_menu_cb(void *data, Evas_Object *obj, void *event_info) "check", genlist_ima_fix_mode_enable_disable_clicked_cb, NULL); elm_object_item_domain_text_translatable_set(ima_fix_item, PACKAGE, EINA_TRUE); + Elm_Object_Item *evm_enable_item = _add_genlist_item(genlist, ITC_TYPE_CHECK, + dgettext(PACKAGE, "IDS_ST_EVM_ENABLE_DISABLE_SWITCH"), "on&off", genlist_evm_enable_disable_clicked_cb, NULL); + elm_object_item_domain_text_translatable_set(evm_enable_item, PACKAGE, EINA_TRUE); + + Elm_Object_Item *evm_fix_item = _add_genlist_item(genlist, ITC_TYPE_CHECK, dgettext(PACKAGE, "IDS_ST_EVM_FIX_MODE_CHECKBOX"), + "check", genlist_evm_fix_mode_enable_disable_clicked_cb, NULL); + elm_object_item_domain_text_translatable_set(evm_fix_item, PACKAGE, EINA_TRUE); + nf_it = _add_genlist_item(genlist, ITC_TYPE_LIST, dgettext(PACKAGE, "IDS_ST_COMPROMISED_FILES_LIST"), NULL, im_compromised_list_cb, ad); elm_object_item_domain_text_translatable_set(nf_it, PACKAGE, EINA_TRUE); @@ -385,7 +523,7 @@ void im_main_menu_cb(void *data, Evas_Object *obj, void *event_info) _free_itc(); - _setup(ima_enable_item, ima_fix_item); + _setup(ima_enable_item, ima_fix_item, evm_enable_item, evm_fix_item); elm_naviframe_item_pop_cb_set(nf_it, quit_cb, data); -- 2.7.4