示例#1
0
    def sync_usb_memory(cls, state, data_center):
        """
        synchronize usb-memory
        """

        block_base_path = '/sys/class/block/*'
        block_node_regex = re.compile('^[a-zA-Z]+$')
        block_usb_regex = re.compile('/usb[0-9]*/')

        #block devices
        for block_device in glob.glob(block_base_path):
            device_node = block_device.split('/')[-1]
            if not block_node_regex.match(device_node):
                continue

            #/sys/devices
            device_sys_path = block_device + '/device'
            if not os.path.exists(device_sys_path):
                continue

            device_real_path = os.path.realpath(device_sys_path)

            #usb device
            if block_usb_regex.search(device_real_path):
                #whitelist
                serial_path = search_file_reversely(device_real_path, 'serial',
                                                    REVERSE_LOOKUP_LIMIT)
                if serial_path:
                    with open(serial_path) as f:
                        serial = f.read().strip('\n')
                    for s in data_center.get_usb_memory_whitelist():
                        if s == serial:
                            cls._logger.info(
                                'SYNC serial({}) is in whitelist'.format(
                                    serial))
                            return

                #authorized
                authorized = search_file_reversely(device_real_path,
                                                   'authorized',
                                                   REVERSE_LOOKUP_LIMIT)
                if not authorized:
                    cls._logger.error('{} not found authorized'.block_device)
                    return

                with open(authorized, 'w') as f:
                    f.write('0')
                    cls._logger.info(
                        'SYNC state={} authorized=0'.format(state))
                    logmsg, notimsg, grmcode = \
                        make_media_msg(JSON_RULE_USB_MEMORY, state)
                    red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                               data_center)
                    write_event_log(
                        SOMANSA,
                        datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'),
                        JSON_RULE_USB_MEMORY, SOMANSA_STATE_DISALLOW, 'null',
                        'null', 'null', 'null')
                    cls._logger.debug(
                        '***** USB disallow {}'.format(block_device))
示例#2
0
    def sync_camera(cls, state, data_center):
        """
        synchronize camera
        """

        camera_base_path = '/sys/class/video4linux'

        for camera in glob.glob(camera_base_path + '/*'):
            camera_real_path = os.path.realpath(camera + '/device')
            bConfigurationValue = search_file_reversely(
                camera_real_path, 'bConfigurationValue', REVERSE_LOOKUP_LIMIT)
            if not bConfigurationValue:
                cls._logger.error('not found bConfigurationValue')
                continue

            with open(bConfigurationValue, 'w') as f:
                f.write('0')
                with open('{}/{}.bcvp'.format(META_ROOT, JSON_RULE_CAMERA),
                          'w') as f2:
                    f2.write(bConfigurationValue)
                cls._logger.info(
                    'SYNC state={} bConfigurationValue=0'.format(state))
                logmsg, notimsg, grmcode = \
                    make_media_msg(JSON_RULE_CAMERA, state)
                red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                           data_center)
示例#3
0
    def sync_keyboard(cls, state, data_center):
        """
        synchronize keyboard
        """

        keyboard_usb_regex = re.compile('/usb[0-9]*/')
        keyboard_bluetooth_regex = re.compile('bluetooth')

        keyboard_real_path_list = search_dir_list('/sys/devices',
                                                  '.*::capslock')
        for keyboard_real_path in keyboard_real_path_list:
            if not keyboard_usb_regex.search(keyboard_real_path):
                continue
            if keyboard_bluetooth_regex.search(keyboard_real_path):
                continue

            bConfigurationValue = search_file_reversely(
                keyboard_real_path, 'bConfigurationValue',
                REVERSE_LOOKUP_LIMIT)
            if not bConfigurationValue:
                cls._logger.error('not found bConfigurationValue')
                continue

            with open(bConfigurationValue, 'w') as f:
                f.write('0')
                cls._logger.info(
                    'SYNC state={} bConfigurationValue=0'.format(state))
                logmsg, notimsg, grmcode = \
                    make_media_msg(JSON_RULE_KEYBOARD, state)
                red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                           data_center)
示例#4
0
    def sync_mouse(cls, state, data_center):
        """
        synchronize mouse
        """

        mouse_base_path = '/sys/class/input'
        mouse_regex = re.compile('mouse[0-9]*')
        mouse_usb_regex = re.compile('/usb[0-9]*/')
        mouse_bluetooth_regex = re.compile('bluetooth')

        for mouse in glob.glob(mouse_base_path + '/*'):
            mouse_node = mouse.split('/')[-1]
            if mouse_regex.match(mouse_node):
                mouse_real_path = os.path.realpath(mouse + '/device')
                if not mouse_usb_regex.search(mouse_real_path):
                    continue
                if mouse_bluetooth_regex.search(mouse_real_path):
                    continue

                bConfigurationValue = search_file_reversely(
                    mouse_real_path, 'bConfigurationValue',
                    REVERSE_LOOKUP_LIMIT)
                if not bConfigurationValue:
                    cls._logger.error(
                        '{} not found bConfigurationValue'.format(mouse_node))
                    continue

                with open(bConfigurationValue, 'w') as f:
                    f.write('0')
                    cls._logger.info(
                        'SYNC state={} bConfigurationValue=0'.format(state))
                    logmsg, notimsg, grmcode = \
                        make_media_msg(JSON_RULE_MOUSE, state)
                    red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                               data_center)
def do_task(param, data_center):
    """
    do task
    """

    logger = GracLog.get_logger()
    try:
        mode = param[0]
        authorized_path = search_file_reversely('/sys/' + param[1],
                                                'authorized',
                                                REVERSE_LOOKUP_LIMIT)
        with open(authorized_path, 'w') as f:
            f.write('0')
            logger.info('mode has changed to {}'.format(mode))
            logger.debug('***** DVD MODULE disallow {}'.format(param[1]))
            logmsg, notimsg, grmcode = \
                make_media_msg(JSON_RULE_CD_DVD, mode)
            red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                       data_center)
            write_event_log(
                SOMANSA,
                datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'),
                JSON_RULE_CD_DVD, SOMANSA_STATE_DISALLOW, 'null', 'null',
                'null', 'null')
    except:
        e = grac_format_exc()
        logger.error(e)

    return GRAC_OK
def do_task(param, data_center):
    """
    do task
    """

    logger = GracLog.get_logger()
    try:
        mode = param[0]
        bConfigurationValue_path = search_file_reversely(
            '/sys/' + param[1], 'bConfigurationValue', REVERSE_LOOKUP_LIMIT)
        with open(bConfigurationValue_path, 'w') as f:
            f.write('0')
            with open('{}/{}.bcvp'.format(META_ROOT, JSON_RULE_CAMERA),
                      'w') as f2:
                f2.write(bConfigurationValue_path)
            logger.info('mode has changed to {}'.format(mode))
            logmsg, notimsg, grmcode = \
                make_media_msg(JSON_RULE_CAMERA, mode)
            red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                       data_center)
    except:
        e = grac_format_exc()
        logger.error(e)

    return GRAC_OK
示例#7
0
def do_task(param, data_center):
    """
    do task
    """

    logger = GracLog.get_logger()
    try:
        mode = param[0]
        #skeep 'event' of mouse events
        #for processing task once
        if 'event' in param[1].split('/')[-1]:
            return GRAC_OK

        bConfigurationValue_path = search_file_reversely(
            '/sys/' + param[1], 'bConfigurationValue', REVERSE_LOOKUP_LIMIT)
        with open(bConfigurationValue_path, 'w') as f:
            f.write('0')
            logger.info('mode has changed to {}'.format(mode))
            logmsg, notimsg, grmcode = \
                make_media_msg(JSON_RULE_MOUSE, mode)
            red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                       data_center)
    except:
        e = grac_format_exc()
        logger.error(e)

    return GRAC_OK
    def get_attrs_value(self, path, lhs):
        """
        get value of attributes
        """

        fn = search_file_reversely('/sys/' + path, lhs, 3)
        if not fn:
            return None

        with open(fn) as f:
            return f.read()
示例#9
0
    def sync_wireless(cls, state, data_center):
        """
        synchronize wireless
        """

        wl_base_path = '/sys/class/net'
        wl_inner_regex = re.compile('wireless')

        for wl in glob.glob(wl_base_path + '/*'):
            wl_node = wl.split('/')[-1]

            for wl_inner in glob.glob(wl + '/*'):
                file_name = wl_inner.split('/')[-1]
                if wl_inner_regex.match(file_name):
                    wl_inner_real_path = os.path.realpath(wl_inner + '/device')
                    remove = search_file_reversely(wl_inner_real_path,
                                                   'remove',
                                                   REVERSE_LOOKUP_LIMIT)
                    if not remove:
                        cls._logger.error(
                            '{} not found remove'.format(wl_inner))
                        continue

                    with open(remove, 'w') as f:
                        f.write('1')

                    if os.path.exists(remove):
                        remove_second = '/'.join(
                            remove.split('/')[:-2]) + '/remove'
                        if not os.path.exists(remove_second):
                            logger.error('wireless=>FAIL TO REMOVE 1')
                            continue
                        else:
                            with open(remove_second, 'w') as sf:
                                sf.write('1')

                    if os.path.exists(remove):
                        logger.error('wireless=>FAIL TO REMOVE 2')
                        continue

                    with open(META_FILE_PCI_RESCAN, 'a') as f:
                        f.write('wireless=>{}'.format(remove))
                    cls._logger.info('SYNC state={} remove=1'.format(state))
                    logmsg, notimsg, grmcode = \
                        make_media_msg(JSON_RULE_WIRELESS, state)
                    red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                               data_center)
                    write_event_log(
                        SOMANSA,
                        datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'),
                        JSON_RULE_WIRELESS, SOMANSA_STATE_DISALLOW, 'null',
                        'null', 'null', 'null')
def do_task(param, data_center):
    """
    do task
    """

    logger = GracLog.get_logger()

    try:
        mode = param[0]

        if mode == JSON_RULE_DISALLOW:
            devpath = param[1]

            #################### WHITE LIST ####################
            usb_port_blacklist = \
                data_center.get_usb_network_port_blacklist()
            logger.debug(
                '(UNW MOD) usb_port_blacklist={}'.format(usb_port_blacklist))
            if not usb_port_blacklist:
                logger.info('(UNW MOD) blacklist is empty')
                return

            block_usb_regex = re.compile(usb_port_blacklist)
            if not block_usb_regex.search(devpath):
                logger.info('(UNW MOD) path={} not in blacklist={}'.format(
                    devpath, usb_port_blacklist))
                return
            ###################################################

            authorized_path = search_file_reversely('/sys/' + devpath,
                                                    'authorized',
                                                    REVERSE_LOOKUP_LIMIT)

            with open(authorized_path, 'w') as f:
                f.write('0')
                logger.info('mode has changed to {}'.format(mode))
                logmsg, notimsg, grmcode = \
                    make_media_msg(JSON_RULE_USB_NETWORK, mode)
                red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                           data_center)
                logger.debug('***** USB NETWORK MODULE disallow {}'.format(
                    param[1]))
    except:
        e = grac_format_exc()
        GracLog.get_logger().error(e)
        logger.error(e)

    return GRAC_OK
示例#11
0
    def sync_usb_network(cls, state, data_center):
        """
        synchronize usb-network
        """

        #################### WHITE LIST ####################
        usb_port_blacklist = data_center.get_usb_network_port_blacklist()
        cls._logger.debug(
            '(UNW SYNC) usb_port_blacklist={}'.format(usb_port_blacklist))
        if not usb_port_blacklist:
            cls._logger.info('(UNW SYNC) blacklist is empty')
            return
        ####################################################

        block_base_path = '/sys/class/net/*'
        block_usb_regex = re.compile(usb_port_blacklist)

        #block devices
        for block_device in glob.glob(block_base_path):
            device_node = block_device.split('/')[-1]

            #/sys/devices
            device_sys_path = block_device + '/device'
            if not os.path.exists(device_sys_path):
                continue

            device_real_path = os.path.realpath(device_sys_path)

            #usb device
            if block_usb_regex.search(device_real_path):
                #authorized
                authorized = search_file_reversely(device_real_path,
                                                   'authorized',
                                                   REVERSE_LOOKUP_LIMIT)
                if not authorized:
                    cls._logger.error('{} not found authorized'.block_device)
                    return

                with open(authorized, 'w') as f:
                    f.write('0')
                    cls._logger.info(
                        'SYNC state={} authorized=0'.format(state))
                    logmsg, notimsg, grmcode = \
                        make_media_msg(JSON_RULE_USB_NETWORK, state)
                    red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                               data_center)
                    cls._logger.debug(
                        '***** USB NETWORK disallow {}'.format(block_device))
示例#12
0
    def sync_cd_dvd(cls, state, data_center):
        """
        synchronize cd_dvd
        """

        block_base_path = '/sys/class/block/*'
        block_node_regex = re.compile('^sr[0-9]+$')
        block_usb_regex = re.compile('/usb[0-9]*/')

        #block devices
        for block_device in glob.glob(block_base_path):
            device_node = block_device.split('/')[-1]
            if not block_node_regex.match(device_node):
                continue

            #/sys/devices
            device_sys_path = block_device + '/device'
            if not os.path.exists(device_sys_path):
                continue

            device_real_path = os.path.realpath(device_sys_path)

            #usb device
            if block_usb_regex.search(device_real_path):
                authorized = search_file_reversely(device_real_path,
                                                   'authorized',
                                                   REVERSE_LOOKUP_LIMIT)
                if not authorized:
                    cls._logger.error(
                        '{} not found authorized'.format(device_node))
                    continue

                with open(authorized, 'w') as f:
                    f.write('0')
                    cls._logger.info(
                        'SYNC state={} authorized=0'.format(state))
                    logmsg, notimsg, grmcode = \
                        make_media_msg(JSON_RULE_CD_DVD, state)
                    red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                               data_center)
                    write_event_log(
                        SOMANSA,
                        datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'),
                        JSON_RULE_CD_DVD, SOMANSA_STATE_DISALLOW, 'null',
                        'null', 'null', 'null')
                    cls._logger.debug(
                        '***** DVD disallow {}'.format(block_device))
示例#13
0
def do_task(param, data_center):
    """
    do task
    """

    logger = GracLog.get_logger()
    try:
        mode = param[0]
        remove_path = search_file_reversely('/sys/' + param[1], 'remove',
                                            REVERSE_LOOKUP_LIMIT)
        #v2.0
        if not os.path.exists(remove_path):
            logger.error('(wireless) REMOVE NOT FOUND')
            return

        with open(remove_path, 'w') as f:
            f.write('1')

        if os.path.exists(remove_path):
            remove_second = '/'.join(remove_path.split('/')[:-2]) + '/remove'
            if not os.path.exists(remove_second):
                logger.error('(wireless) FAIL TO REMOVE 1')
                return
            else:
                with open(remove_second, 'w') as sf:
                    sf.write('1')

        if os.path.exists(remove_path):
            logger.error('(wireless) FAIL TO REMOVE 2')
            return

        with open(META_FILE_PCI_RESCAN, 'a') as f2:
            f2.write('wireless=>{}'.format(remove_path))
        logger.info('mode has changed to {}'.format(mode))
        logmsg, notimsg, grmcode = \
            make_media_msg(JSON_RULE_WIRELESS, mode)
        red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center)
        write_event_log(SOMANSA,
                        datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'),
                        JSON_RULE_WIRELESS, SOMANSA_STATE_DISALLOW, 'null',
                        'null', 'null', 'null')
    except:
        e = grac_format_exc()
        logger.error(e)

    return GRAC_OK
示例#14
0
    def recover_bConfigurationValue(cls, target):
        """
        recover bConfigurationValue
        """

        filepath = '{}/{}.bcvp'.format(META_ROOT, target)
        if not os.path.exists(filepath):
            return

        with open(filepath) as f:
            device_path = f.read().strip('\n')

        os.unlink(filepath)

        bConfigurationValue_path = search_file_reversely(
            device_path, 'bConfigurationValue', REVERSE_LOOKUP_LIMIT)

        with open(bConfigurationValue_path, 'w') as f2:
            f2.write('1')
            cls._logger.info('{}\'bConfigurationValue is set 1'.format(target))
示例#15
0
    def sync_printer(cls, state, data_center):
        """
        synchronize printer
        """

        dn = search_dir('/sys/devices', '^lp[0-9]+$')
        if not dn:
            return

        fn = search_file_reversely(dn, 'authorized', REVERSE_LOOKUP_LIMIT)
        if not fn:
            return

        with open(fn, 'w') as f:
            f.write('0')
            cls._logger.info('SYNC state={} authorized=0'.format(state))
            logmsg, notimsg, grmcode = \
                make_media_msg(JSON_RULE_PRINTER, state)
            red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                       data_center)
            cls._logger.debug('***** PRINTER disallow {}'.format(dn))
def do_task(param, data_center):
    """
    do task
    """

    logger = GracLog.get_logger()
    try:
        mode = param[0]
        authorized_path = search_file_reversely('/sys/' + param[1],
                                                'authorized',
                                                REVERSE_LOOKUP_LIMIT)
        with open(authorized_path, 'w') as f:
            f.write('0')
            logger.info('mode has changed to {}'.format(mode))
            logmsg, notimsg, grmcode = \
                make_media_msg(JSON_RULE_PRINTER, mode)
            red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                       data_center)
            logger.debug('***** PRINTER MODULE disallow {}'.format(param[1]))
    except:
        e = grac_format_exc()
        logger.error(e)

    return GRAC_OK
示例#17
0
def do_task(param, data_center):
    """
    do task
    """

    logger = GracLog.get_logger()
    try:
        mode = param[0]
        serial = param[2].strip() if param[2] else ''

        #whitelist
        if serial:  #param[2]:
            #serial = param[2].strip('\n')
            for s in data_center.get_usb_memory_whitelist():
                if s == serial:
                    logger.info('serial({}) is in whitelist'.format(serial))

                    #usb whitelist register signal
                    signal_msg = ['except', '103', 'already in whitelist']
                    data_center.GRAC.media_usb_info(','.join(signal_msg))
                    return GRAC_OK

            #usb whitelist register signal
            product = param[3].strip() if param[3] else ''
            vendor = param[4].strip() if param[4] else ''
            model = param[5].strip() if param[5] else ''

            user_id, _ = catch_user_id()

            if not user_id or user_id[0] == '-':
                signal_msg = ['except', '101', 'not login']
            if user_id[0] == '+':
                signal_msg = ['except', '102', 'local user not supported']
            else:
                signal_msg = [
                    'normal', user_id, serial, '', product, '', vendor, model
                ]
            data_center.GRAC.media_usb_info(','.join(signal_msg))
        else:
            signal_msg = ['except', '104', 'serial not found']
            data_center.GRAC.media_usb_info(','.join(signal_msg))

        if mode == JSON_RULE_DISALLOW:
            devpath = param[1]
            authorized_path = search_file_reversely('/sys/' + devpath,
                                                    'authorized',
                                                    REVERSE_LOOKUP_LIMIT)

            with open(authorized_path, 'w') as f:
                f.write('0')
                logger.info('mode has changed to {}'.format(mode))
                logmsg, notimsg, grmcode = \
                    make_media_msg(JSON_RULE_USB_MEMORY, mode)
                red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode,
                           data_center)
                write_event_log(
                    SOMANSA,
                    datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'),
                    JSON_RULE_USB_MEMORY, SOMANSA_STATE_DISALLOW, 'null',
                    'null', 'null', 'null')
                logger.debug('***** USB MODULE disallow {}'.format(param[1]))

        elif mode == JSON_RULE_READONLY:
            devnode = '/dev/' + param[1]
            thr = threading.Thread(target=remount_thread,
                                   args=(devnode, mode, data_center))
            thr.daemon = True
            thr.start()
            logger.info('{} mode is changing to {}'.format(devnode, mode))
            logger.debug('***** USB MODULE read_only {}'.format(param[1]))
    except:
        e = grac_format_exc()
        GracLog.get_logger().error(e)
        logger.error(e)

    return GRAC_OK
示例#18
0
    def sync_usb_memory_readonly(cls, state, data_center):
        """
        synchronize usb-memory readonly
        """

        block_base_path = '/sys/class/block/*'
        block_node_regex = re.compile('^[a-zA-Z]+$')
        block_usb_regex = re.compile('/usb[0-9]*/')

        #block devices
        for block_device in glob.glob(block_base_path):
            device_node = block_device.split('/')[-1]
            if not block_node_regex.match(device_node):
                continue

            #/sys/devices
            device_sys_path = block_device + '/device'
            if not os.path.exists(device_sys_path):
                continue

            device_real_path = os.path.realpath(device_sys_path)

            #usb device
            if block_usb_regex.search(device_real_path):
                #whitelist
                serial_path = search_file_reversely(device_real_path, 'serial',
                                                    REVERSE_LOOKUP_LIMIT)
                if serial_path:
                    with open(serial_path) as f:
                        serial = f.read().strip('\n')
                    for s in data_center.get_usb_memory_whitelist():
                        if s == serial:
                            cls._logger.info(
                                'SYNC serial({}) is in whitelist'.format(
                                    serial))
                            return

                skeep_uuid = False
                for usb_label_path in ('/dev/disk/by-label/*',
                                       '/dev/disk/by-uuid/*'):
                    for usb_label in glob.glob(usb_label_path):
                        if usb_label.lower().endswith('efi'):
                            continue
                        usb_label_realpath = os.path.realpath(usb_label)
                        usb_label_node = re.split(
                            '[0-9]+',
                            usb_label_realpath.split('/')[-1])[0]
                        if usb_label_node == device_node:
                            mount_point = '/media/gooroom/' + usb_label.split(
                                '/')[-1]
                            umount_mount_readonly(usb_label_realpath,
                                                  mount_point)
                            cls._logger.info('SYNC state={} {} remounted '\
                                'as readonly'.format(state, usb_label_realpath))
                            cls._logger.debug(
                                '***** USB read_only {} {}'.format(
                                    usb_label_realpath, mount_point))
                            logmsg, notimsg, grmcode = \
                                make_media_msg(JSON_RULE_USB_MEMORY, state)
                            red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI,
                                       grmcode, data_center)
                            write_event_log(
                                SOMANSA,
                                datetime.datetime.now().strftime(
                                    '%Y%m%d %H:%M:%S'), JSON_RULE_USB_MEMORY,
                                SOMANSA_STATE_READONLY, 'null', 'null', 'null',
                                'null')
                            skeep_uuid = True
                            break
                    if skeep_uuid:
                        break