Add usbguard-meny.py

2023-11-17 16:22:45 -08:00
parent 0792b6c0e1
commit dab9b497ff
1 changed files with 93 additions and 0 deletions
--- a/usbguard-menu.py
+++ b/usbguard-menu.py
@ -0,0 +1,93 @@
+#!/usr/bin/env python
+from enum import Enum
+import subprocess
+import shlex
+
+class DeviceMode(Enum):
+    DENY = 0
+    ALLOW = 1
+
+class Device:
+    def __init__(self, mode, id, name, hash):
+        self.mode = mode
+        self.id = id
+        self.name = name
+        self.hash =  hash
+
+    def from_output_line(line):
+        tokens =  shlex.split(line, False, True)
+        mode = DeviceMode.DENY
+        id = None
+        name = None
+        hash = None
+        for i, token in enumerate(tokens):
+            if i == len(tokens) - 1:
+                next = None
+            else:
+                next = tokens[i + 1]
+            match token:
+                case 'allow':
+                    mode =  DeviceMode.ALLOW
+                case 'id':
+                    id = next
+                case 'name':
+                    name = next
+                case 'hash':
+                    hash = next
+        return Device(mode, id, name, hash)
+
+    def __str__(self):
+        match self.mode:
+            case DeviceMode.ALLOW:
+                mode = "Allowed"
+            case _:
+                mode = "Denied"
+        if len(self.name) == 0:
+            name = "<no name>"
+        else:
+            name =  self.name
+        return f'{self.id}: {name} ({mode}, Hash: {self.hash})'
+
+def run_fuzzel(entries, prompt=None):
+    cmd = ["fuzzel", "-d", "--index"]
+    if prompt is not None:
+        cmd.append(f'--prompt={prompt}')
+    proc = subprocess.run(cmd,
+                          input='\n'.join(str(e) for e in entries),
+                          capture_output=True,
+                          text=True,
+                          shell=False)
+    if proc.returncode != 0:
+        return None
+    return entries[int(proc.stdout)]
+
+devices = []
+proc = subprocess.run(["usbguard", "list-devices"],
+                      capture_output=True, text=True, check=True)
+for line in proc.stdout.splitlines():
+    devices.append(Device.from_output_line(line))
+
+device = run_fuzzel(devices)
+
+if device is None:
+    exit()
+
+action = run_fuzzel(['Allow', 'Deny', 'Reject'],
+                    device.name + ' > ')
+
+if action is None:
+    exit()
+
+match action:
+    case 'Allow':
+        subprocess.check_output(['usbguard',
+                                 'allow-device',
+                                 device.id], shell=False)
+    case 'Reject':
+        subprocess.check_output(['usbguard',
+                                 'reject-device',
+                                 device.id], shell=False)
+    case _:
+        subprocess.check_output(['usbguard',
+                                 'block-device',
+                                 device.id], shell=False)