config: add exe client criteria
This commit is contained in:
Julian Orth
parent
cc734a135c
commit
a6257910bb
13 changed files with 85 additions and 2 deletions
|
|
@ -1883,6 +1883,7 @@ impl ConfigProxyHandler {
|
|||
mgr.sandbox_instance_id(needle)
|
||||
}
|
||||
ClientCriterionStringField::Comm => mgr.comm(needle),
|
||||
ClientCriterionStringField::Exe => mgr.exe(needle),
|
||||
}
|
||||
}
|
||||
ClientCriterionIpc::Sandboxed => mgr.sandboxed(),
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ use {
|
|||
clmm_pid::ClmMatchPid,
|
||||
clmm_sandboxed::ClmMatchSandboxed,
|
||||
clmm_string::{
|
||||
ClmMatchComm, ClmMatchSandboxAppId, ClmMatchSandboxEngine,
|
||||
ClmMatchComm, ClmMatchExe, ClmMatchSandboxAppId, ClmMatchSandboxEngine,
|
||||
ClmMatchSandboxInstanceId,
|
||||
},
|
||||
clmm_uid::ClmMatchUid,
|
||||
|
|
@ -60,6 +60,7 @@ pub struct RootMatchers {
|
|||
uid: ClmRootMatcherMap<ClmMatchUid>,
|
||||
pid: ClmRootMatcherMap<ClmMatchPid>,
|
||||
comm: ClmRootMatcherMap<ClmMatchComm>,
|
||||
exe: ClmRootMatcherMap<ClmMatchExe>,
|
||||
}
|
||||
|
||||
pub async fn handle_cl_changes(state: Rc<State>) {
|
||||
|
|
@ -163,6 +164,7 @@ impl ClMatcherManager {
|
|||
unconditional!(uid);
|
||||
unconditional!(pid);
|
||||
unconditional!(comm);
|
||||
unconditional!(exe);
|
||||
fixed!(sandboxed);
|
||||
fixed!(is_xwayland);
|
||||
self.constant[true].handle(data);
|
||||
|
|
@ -200,6 +202,10 @@ impl ClMatcherManager {
|
|||
pub fn comm(&self, string: CritLiteralOrRegex) -> Rc<ClmUpstreamNode> {
|
||||
self.root(ClmMatchComm::new(string))
|
||||
}
|
||||
|
||||
pub fn exe(&self, string: CritLiteralOrRegex) -> Rc<ClmUpstreamNode> {
|
||||
self.root(ClmMatchExe::new(string))
|
||||
}
|
||||
}
|
||||
|
||||
impl CritTarget for Rc<Client> {
|
||||
|
|
|
|||
|
|
@ -16,9 +16,11 @@ pub type ClmMatchSandboxEngine = ClmMatchString<AcceptorMetadataAccess<SandboxEn
|
|||
pub type ClmMatchSandboxAppId = ClmMatchString<AcceptorMetadataAccess<SandboxAppIdField>>;
|
||||
pub type ClmMatchSandboxInstanceId = ClmMatchString<AcceptorMetadataAccess<SandboxInstanceIdField>>;
|
||||
pub type ClmMatchComm = ClmMatchString<CommAccess>;
|
||||
pub type ClmMatchExe = ClmMatchString<ExeAccess>;
|
||||
|
||||
pub struct AcceptorMetadataAccess<T>(PhantomData<T>);
|
||||
pub struct CommAccess;
|
||||
pub struct ExeAccess;
|
||||
|
||||
trait SandboxField: Sized + 'static {
|
||||
fn field(meta: &AcceptorMetadata) -> &Option<String>;
|
||||
|
|
@ -89,3 +91,13 @@ impl StringAccess<Rc<Client>> for CommAccess {
|
|||
&roots.comm
|
||||
}
|
||||
}
|
||||
|
||||
impl StringAccess<Rc<Client>> for ExeAccess {
|
||||
fn with_string(data: &Rc<Client>, f: impl FnOnce(&str) -> bool) -> bool {
|
||||
f(&data.pid_info.exe)
|
||||
}
|
||||
|
||||
fn nodes(roots: &RootMatchers) -> &ClmRootMatcherMap<ClmMatchString<Self>> {
|
||||
&roots.exe
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
use {
|
||||
crate::utils::{errorfmt::ErrorFmt, oserror::OsError},
|
||||
bstr::ByteSlice,
|
||||
std::os::unix::ffi::OsStrExt,
|
||||
uapi::{OwnedFd, c},
|
||||
};
|
||||
|
||||
|
|
@ -8,6 +9,7 @@ pub struct PidInfo {
|
|||
pub uid: c::uid_t,
|
||||
pub pid: c::pid_t,
|
||||
pub comm: String,
|
||||
pub exe: String,
|
||||
}
|
||||
|
||||
pub fn get_pid_info(uid: c::uid_t, pid: c::pid_t) -> PidInfo {
|
||||
|
|
@ -18,7 +20,24 @@ pub fn get_pid_info(uid: c::uid_t, pid: c::pid_t) -> PidInfo {
|
|||
"Unknown".to_string()
|
||||
}
|
||||
};
|
||||
PidInfo { uid, pid, comm }
|
||||
let exe = match std::fs::read_link(format!("/proc/{}/exe", pid)) {
|
||||
Ok(name) => name
|
||||
.as_os_str()
|
||||
.as_bytes()
|
||||
.trim_ascii_end()
|
||||
.as_bstr()
|
||||
.to_string(),
|
||||
Err(e) => {
|
||||
log::warn!("Could not read `exe` of pid {}: {}", pid, ErrorFmt(e));
|
||||
"Unknown".to_string()
|
||||
}
|
||||
};
|
||||
PidInfo {
|
||||
uid,
|
||||
pid,
|
||||
comm,
|
||||
exe,
|
||||
}
|
||||
}
|
||||
|
||||
pub fn get_socket_creds(socket: &OwnedFd) -> Option<(c::uid_t, c::pid_t)> {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue