Add ability to change default target in usbguard-menu.py
This commit is contained in:
parent
dab9b497ff
commit
c41505e26c
109
usbguard-menu.py
109
usbguard-menu.py
@ -4,9 +4,16 @@ import subprocess
|
|||||||
import shlex
|
import shlex
|
||||||
|
|
||||||
class DeviceMode(Enum):
|
class DeviceMode(Enum):
|
||||||
DENY = 0
|
BLOCK = 0
|
||||||
ALLOW = 1
|
ALLOW = 1
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
match self:
|
||||||
|
case DeviceMode.ALLOW:
|
||||||
|
return 'Allow'
|
||||||
|
case DeviceMode.BLOCK:
|
||||||
|
return 'Block'
|
||||||
|
|
||||||
class Device:
|
class Device:
|
||||||
def __init__(self, mode, id, name, hash):
|
def __init__(self, mode, id, name, hash):
|
||||||
self.mode = mode
|
self.mode = mode
|
||||||
@ -16,7 +23,7 @@ class Device:
|
|||||||
|
|
||||||
def from_output_line(line):
|
def from_output_line(line):
|
||||||
tokens = shlex.split(line, False, True)
|
tokens = shlex.split(line, False, True)
|
||||||
mode = DeviceMode.DENY
|
mode = DeviceMode.BLOCK
|
||||||
id = None
|
id = None
|
||||||
name = None
|
name = None
|
||||||
hash = None
|
hash = None
|
||||||
@ -41,7 +48,7 @@ class Device:
|
|||||||
case DeviceMode.ALLOW:
|
case DeviceMode.ALLOW:
|
||||||
mode = "Allowed"
|
mode = "Allowed"
|
||||||
case _:
|
case _:
|
||||||
mode = "Denied"
|
mode = "Blocked"
|
||||||
if len(self.name) == 0:
|
if len(self.name) == 0:
|
||||||
name = "<no name>"
|
name = "<no name>"
|
||||||
else:
|
else:
|
||||||
@ -58,36 +65,78 @@ def run_fuzzel(entries, prompt=None):
|
|||||||
text=True,
|
text=True,
|
||||||
shell=False)
|
shell=False)
|
||||||
if proc.returncode != 0:
|
if proc.returncode != 0:
|
||||||
return None
|
return (-1, None)
|
||||||
return entries[int(proc.stdout)]
|
index = int(proc.stdout)
|
||||||
|
return (index, entries[index])
|
||||||
|
|
||||||
devices = []
|
def get_implicit_policy_target():
|
||||||
proc = subprocess.run(["usbguard", "list-devices"],
|
proc = subprocess.run(['usbguard',
|
||||||
capture_output=True, text=True, check=True)
|
'get-parameter',
|
||||||
for line in proc.stdout.splitlines():
|
'ImplicitPolicyTarget'],
|
||||||
devices.append(Device.from_output_line(line))
|
capture_output=True,
|
||||||
|
text=True,
|
||||||
|
check=True)
|
||||||
|
match proc.stdout:
|
||||||
|
case 'allow\n':
|
||||||
|
return DeviceMode.ALLOW
|
||||||
|
case 'block\n':
|
||||||
|
return DeviceMode.BLOCK
|
||||||
|
|
||||||
device = run_fuzzel(devices)
|
def set_implicit_policy_target(target):
|
||||||
|
match target:
|
||||||
|
case DeviceMode.ALLOW:
|
||||||
|
mode = 'allow'
|
||||||
|
case DeviceMode.BLOCK:
|
||||||
|
mode = 'block'
|
||||||
|
subprocess.run(['usbguard',
|
||||||
|
'set-parameter',
|
||||||
|
'ImplicitPolicyTarget',
|
||||||
|
mode],
|
||||||
|
check=True)
|
||||||
|
|
||||||
if device is None:
|
def update_default_action():
|
||||||
exit()
|
(index, _) = run_fuzzel(['Allow', 'Block'],
|
||||||
|
'Default action > ')
|
||||||
|
match index:
|
||||||
|
case 0:
|
||||||
|
set_implicit_policy_target(DeviceMode.ALLOW)
|
||||||
|
case 1:
|
||||||
|
set_implicit_policy_target(DeviceMode.BLOCK)
|
||||||
|
|
||||||
action = run_fuzzel(['Allow', 'Deny', 'Reject'],
|
def update_device_mode(device):
|
||||||
device.name + ' > ')
|
(_, action) = run_fuzzel(['Allow', 'Block', 'Reject'],
|
||||||
|
device.name + ' > ')
|
||||||
|
|
||||||
if action is None:
|
if action is None:
|
||||||
exit()
|
exit()
|
||||||
|
|
||||||
match action:
|
match action:
|
||||||
case 'Allow':
|
case 'Allow':
|
||||||
subprocess.check_output(['usbguard',
|
subprocess.check_output(['usbguard',
|
||||||
'allow-device',
|
'allow-device',
|
||||||
device.id], shell=False)
|
device.id], shell=False)
|
||||||
case 'Reject':
|
case 'Reject':
|
||||||
subprocess.check_output(['usbguard',
|
subprocess.check_output(['usbguard',
|
||||||
'reject-device',
|
'reject-device',
|
||||||
device.id], shell=False)
|
device.id], shell=False)
|
||||||
case _:
|
case _:
|
||||||
subprocess.check_output(['usbguard',
|
subprocess.check_output(['usbguard',
|
||||||
'block-device',
|
'block-device',
|
||||||
device.id], shell=False)
|
device.id], shell=False)
|
||||||
|
|
||||||
|
def main():
|
||||||
|
devices = []
|
||||||
|
proc = subprocess.run(["usbguard", "list-devices"],
|
||||||
|
capture_output=True, text=True, check=True)
|
||||||
|
for line in proc.stdout.splitlines():
|
||||||
|
devices.append(Device.from_output_line(line))
|
||||||
|
|
||||||
|
devices.append(f'Set default action (Current: {get_implicit_policy_target()})')
|
||||||
|
(index, device) = run_fuzzel(devices)
|
||||||
|
|
||||||
|
if index == len(devices) - 1:
|
||||||
|
update_default_action()
|
||||||
|
elif index != -1:
|
||||||
|
update_device_mode(device)
|
||||||
|
|
||||||
|
main()
|
||||||
|
Loading…
Reference in New Issue
Block a user