Add ability to change default target in usbguard-menu.py

This commit is contained in:
Alexander Rosenberg 2023-11-17 21:00:33 -08:00
parent dab9b497ff
commit c41505e26c
Signed by: Zander671
GPG Key ID: 5FD0394ADBD72730

View File

@ -4,9 +4,16 @@ import subprocess
import shlex import shlex
class DeviceMode(Enum): class DeviceMode(Enum):
DENY = 0 BLOCK = 0
ALLOW = 1 ALLOW = 1
def __str__(self):
match self:
case DeviceMode.ALLOW:
return 'Allow'
case DeviceMode.BLOCK:
return 'Block'
class Device: class Device:
def __init__(self, mode, id, name, hash): def __init__(self, mode, id, name, hash):
self.mode = mode self.mode = mode
@ -16,7 +23,7 @@ class Device:
def from_output_line(line): def from_output_line(line):
tokens = shlex.split(line, False, True) tokens = shlex.split(line, False, True)
mode = DeviceMode.DENY mode = DeviceMode.BLOCK
id = None id = None
name = None name = None
hash = None hash = None
@ -41,7 +48,7 @@ class Device:
case DeviceMode.ALLOW: case DeviceMode.ALLOW:
mode = "Allowed" mode = "Allowed"
case _: case _:
mode = "Denied" mode = "Blocked"
if len(self.name) == 0: if len(self.name) == 0:
name = "<no name>" name = "<no name>"
else: else:
@ -58,36 +65,78 @@ def run_fuzzel(entries, prompt=None):
text=True, text=True,
shell=False) shell=False)
if proc.returncode != 0: if proc.returncode != 0:
return None return (-1, None)
return entries[int(proc.stdout)] index = int(proc.stdout)
return (index, entries[index])
devices = [] def get_implicit_policy_target():
proc = subprocess.run(["usbguard", "list-devices"], proc = subprocess.run(['usbguard',
capture_output=True, text=True, check=True) 'get-parameter',
for line in proc.stdout.splitlines(): 'ImplicitPolicyTarget'],
devices.append(Device.from_output_line(line)) capture_output=True,
text=True,
check=True)
match proc.stdout:
case 'allow\n':
return DeviceMode.ALLOW
case 'block\n':
return DeviceMode.BLOCK
device = run_fuzzel(devices) def set_implicit_policy_target(target):
match target:
case DeviceMode.ALLOW:
mode = 'allow'
case DeviceMode.BLOCK:
mode = 'block'
subprocess.run(['usbguard',
'set-parameter',
'ImplicitPolicyTarget',
mode],
check=True)
if device is None: def update_default_action():
exit() (index, _) = run_fuzzel(['Allow', 'Block'],
'Default action > ')
match index:
case 0:
set_implicit_policy_target(DeviceMode.ALLOW)
case 1:
set_implicit_policy_target(DeviceMode.BLOCK)
action = run_fuzzel(['Allow', 'Deny', 'Reject'], def update_device_mode(device):
device.name + ' > ') (_, action) = run_fuzzel(['Allow', 'Block', 'Reject'],
device.name + ' > ')
if action is None: if action is None:
exit() exit()
match action: match action:
case 'Allow': case 'Allow':
subprocess.check_output(['usbguard', subprocess.check_output(['usbguard',
'allow-device', 'allow-device',
device.id], shell=False) device.id], shell=False)
case 'Reject': case 'Reject':
subprocess.check_output(['usbguard', subprocess.check_output(['usbguard',
'reject-device', 'reject-device',
device.id], shell=False) device.id], shell=False)
case _: case _:
subprocess.check_output(['usbguard', subprocess.check_output(['usbguard',
'block-device', 'block-device',
device.id], shell=False) device.id], shell=False)
def main():
devices = []
proc = subprocess.run(["usbguard", "list-devices"],
capture_output=True, text=True, check=True)
for line in proc.stdout.splitlines():
devices.append(Device.from_output_line(line))
devices.append(f'Set default action (Current: {get_implicit_policy_target()})')
(index, device) = run_fuzzel(devices)
if index == len(devices) - 1:
update_default_action()
elif index != -1:
update_device_mode(device)
main()