Add ability to change default target in usbguard-menu.py

usbguard-menu.py

@@ -4,9 +4,16 @@ import subprocess
 import shlex
 
 class DeviceMode(Enum):
-    DENY = 0
+    BLOCK = 0
     ALLOW = 1
 
+    def __str__(self):
+        match self:
+            case DeviceMode.ALLOW:
+                return 'Allow'
+            case DeviceMode.BLOCK:
+                return 'Block'
+
 class Device:
     def __init__(self, mode, id, name, hash):
         self.mode = mode
@@ -16,7 +23,7 @@ class Device:
 
     def from_output_line(line):
         tokens =  shlex.split(line, False, True)
-        mode = DeviceMode.DENY
+        mode = DeviceMode.BLOCK
         id = None
         name = None
         hash = None
@@ -41,7 +48,7 @@ class Device:
             case DeviceMode.ALLOW:
                 mode = "Allowed"
             case _:
-                mode = "Denied"
+                mode = "Blocked"
         if len(self.name) == 0:
             name = "<no name>"
         else:
@@ -58,27 +65,52 @@ def run_fuzzel(entries, prompt=None):
                           text=True,
                           shell=False)
     if proc.returncode != 0:
-        return None
+        return (-1, None)
-    return entries[int(proc.stdout)]
+    index = int(proc.stdout)
+    return (index, entries[index])
 
-devices = []
+def get_implicit_policy_target():
-proc = subprocess.run(["usbguard", "list-devices"],
+    proc = subprocess.run(['usbguard',
-                      capture_output=True, text=True, check=True)
+                           'get-parameter',
-for line in proc.stdout.splitlines():
+                           'ImplicitPolicyTarget'],
-    devices.append(Device.from_output_line(line))
+                          capture_output=True,
+                          text=True,
+                          check=True)
+    match proc.stdout:
+        case 'allow\n':
+            return DeviceMode.ALLOW
+        case 'block\n':
+            return DeviceMode.BLOCK
 
-device = run_fuzzel(devices)
+def set_implicit_policy_target(target):
+    match target:
+        case DeviceMode.ALLOW:
+            mode = 'allow'
+        case DeviceMode.BLOCK:
+            mode = 'block'
+    subprocess.run(['usbguard',
+                    'set-parameter',
+                    'ImplicitPolicyTarget',
+                    mode],
+                   check=True)
 
-if device is None:
+def update_default_action():
-    exit()
+    (index, _) = run_fuzzel(['Allow', 'Block'],
+                            'Default action > ')
+    match index:
+        case 0:
+            set_implicit_policy_target(DeviceMode.ALLOW)
+        case 1:
+            set_implicit_policy_target(DeviceMode.BLOCK)
 
-action = run_fuzzel(['Allow', 'Deny', 'Reject'],
+def update_device_mode(device):
+    (_, action) = run_fuzzel(['Allow', 'Block', 'Reject'],
                              device.name + ' > ')
 
-if action is None:
+    if action is None:
         exit()
 
-match action:
+    match action:
         case 'Allow':
             subprocess.check_output(['usbguard',
                                     'allow-device',
@@ -91,3 +123,20 @@ match action:
             subprocess.check_output(['usbguard',
                                     'block-device',
                                     device.id], shell=False)
+
+def main():
+    devices = []
+    proc = subprocess.run(["usbguard", "list-devices"],
+                        capture_output=True, text=True, check=True)
+    for line in proc.stdout.splitlines():
+        devices.append(Device.from_output_line(line))
+
+    devices.append(f'Set default action (Current: {get_implicit_policy_target()})')
+    (index, device) = run_fuzzel(devices)
+
+    if index == len(devices) - 1:
+        update_default_action()
+    elif index != -1:
+        update_device_mode(device)
+
+main()