■ ■ ■ ■ ■ ■
examples/cli/examples/cli/main.rs
| 1 | + | use std::path::PathBuf; |
| 2 | + | |
| 3 | + | use clap::{Parser, Subcommand}; |
| 4 | + | use cli_table::{print_stdout, Cell, Style, Table}; |
| 5 | + | |
| 6 | + | mod file_open; |
| 7 | + | mod socket_bind; |
| 8 | + | mod socket_connect; |
| 9 | + | mod task_fix_setuid; |
| 10 | + | |
| 11 | + | use file_open::list_file_open; |
| 12 | + | use guardity::{policy::reader, PolicyManager}; |
| 13 | + | use socket_bind::list_socket_bind; |
| 14 | + | use socket_connect::list_socket_connect; |
| 15 | + | use task_fix_setuid::list_task_fix_setuid; |
| 16 | + | |
| 17 | + | #[derive(Parser)] |
| 18 | + | struct Args { |
| 19 | + | #[clap(long, default_value = "/sys/fs/bpf")] |
| 20 | + | bpffs_path: PathBuf, |
| 21 | + | #[clap(long, default_value = "guardity")] |
| 22 | + | bpffs_dir: PathBuf, |
| 23 | + | #[command(subcommand)] |
| 24 | + | subcommand: Sub, |
| 25 | + | } |
| 26 | + | |
| 27 | + | #[derive(Subcommand)] |
| 28 | + | enum Sub { |
| 29 | + | /// Manage policies. |
| 30 | + | Policy { |
| 31 | + | #[command(subcommand)] |
| 32 | + | policy: SubPolicy, |
| 33 | + | }, |
| 34 | + | } |
| 35 | + | |
| 36 | + | #[derive(Subcommand)] |
| 37 | + | enum SubPolicy { |
| 38 | + | /// Add policies. |
| 39 | + | Add { |
| 40 | + | #[clap(long)] |
| 41 | + | r#path: PathBuf, |
| 42 | + | }, |
| 43 | + | /// List policies. |
| 44 | + | List, |
| 45 | + | } |
| 46 | + | |
| 47 | + | #[tokio::main] |
| 48 | + | async fn main() -> anyhow::Result<()> { |
| 49 | + | let args = Args::parse(); |
| 50 | + | |
| 51 | + | let bpf_path = args.bpffs_path.join(args.bpffs_dir); |
| 52 | + | |
| 53 | + | match args.subcommand { |
| 54 | + | Sub::Policy { policy } => { |
| 55 | + | let mut policy_manager = PolicyManager::new(bpf_path)?; |
| 56 | + | |
| 57 | + | match policy { |
| 58 | + | SubPolicy::Add { r#path } => { |
| 59 | + | add_policies(&mut policy_manager, path).await?; |
| 60 | + | } |
| 61 | + | SubPolicy::List => { |
| 62 | + | list_policies(&mut policy_manager).await?; |
| 63 | + | } |
| 64 | + | } |
| 65 | + | } |
| 66 | + | } |
| 67 | + | |
| 68 | + | Ok(()) |
| 69 | + | } |
| 70 | + | |
| 71 | + | async fn add_policies(policy_manager: &mut PolicyManager, r#path: PathBuf) -> anyhow::Result<()> { |
| 72 | + | let mut all = policy_manager.manage_all()?; |
| 73 | + | let policies = reader::read_policies(r#path)?; |
| 74 | + | for policy in policies { |
| 75 | + | all.add_policy(policy).await?; |
| 76 | + | } |
| 77 | + | Ok(()) |
| 78 | + | } |
| 79 | + | |
| 80 | + | async fn list_policies(policy_manager: &mut PolicyManager) -> anyhow::Result<()> { |
| 81 | + | let file_open = list_file_open(policy_manager).await?; |
| 82 | + | let setuid = list_task_fix_setuid(policy_manager).await?; |
| 83 | + | let socket_bind = list_socket_bind(policy_manager).await?; |
| 84 | + | let socket_connect = list_socket_connect(policy_manager).await?; |
| 85 | + | |
| 86 | + | let table = vec![ |
| 87 | + | vec!["file_open".cell()], |
| 88 | + | vec![file_open.display()?.cell()], |
| 89 | + | vec!["setuid".cell()], |
| 90 | + | vec![setuid.display()?.cell()], |
| 91 | + | vec!["socket_bind".cell()], |
| 92 | + | vec![socket_bind.display()?.cell()], |
| 93 | + | vec!["socket_connect".cell()], |
| 94 | + | vec![socket_connect.display()?.cell()], |
| 95 | + | ] |
| 96 | + | .table() |
| 97 | + | .title(vec!["Policy".cell().bold(true)]); |
| 98 | + | |
| 99 | + | print_stdout(table)?; |
| 100 | + | |
| 101 | + | Ok(()) |
| 102 | + | } |
| 103 | + | |