From 4eb4bc4f58ffba2d468374ea3a01746d3132e7b5 Mon Sep 17 00:00:00 2001 From: "Kartik K. Agaram" Date: Tue, 4 Jan 2022 23:33:26 -0800 Subject: [PATCH] some heuristic guidance on permissions screen --- src/teliva.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/src/teliva.c b/src/teliva.c index 0c5862a..a31237a 100644 --- a/src/teliva.c +++ b/src/teliva.c @@ -1235,6 +1235,60 @@ static void permissions_menu() { attrset(A_NORMAL); } +void characterize_file_operations_predicate() { + static const char* test_filenames[] = { "foo", "/foo", "../foo", NULL }; + static const char* test_modes[] = { "r", "r+", "w", "w+", "a", "a+", NULL }; + int num_attempts = 0; + int num_rejections = 0; + int num_errors = 0; + for (const char** test_filename = test_filenames; *test_filename; ++test_filename) { + for (const char** test_mode = test_modes; *test_mode; ++test_mode) { + lua_getglobal(trustedL, "file_operation_permitted"); + lua_pushstring(trustedL, *test_filename); + lua_pushstring(trustedL, *test_mode); + if (lua_pcall(trustedL, 2 /*args*/, 1 /*result*/, /*errfunc*/0)) { + /* TODO: error handling. Or should we use errfunc above? */ + } + ++num_attempts; + if (!lua_isboolean(trustedL, -1)) { + ++num_errors; + } else { + if (!lua_toboolean(trustedL, -1)) + ++num_rejections; + } + } + } + + if (num_errors > 0) { + attron(COLOR_PAIR(COLOR_PAIR_ERROR)); + addstr(" Throws errors some of the time. You should fix them before moving on. "); + attroff(COLOR_PAIR(COLOR_PAIR_ERROR)); + } + else if (strcmp("return false", trim(file_operations_predicate_body)) == 0) { + attron(COLOR_PAIR(COLOR_PAIR_SAFE)); + addstr("● Rejects all file operations."); + attroff(COLOR_PAIR(COLOR_PAIR_SAFE)); + } + else if (strcmp("return true", trim(file_operations_predicate_body)) == 0) { + attron(COLOR_PAIR(COLOR_PAIR_WARN)); + addstr("◯ Allows all file operations."); + attroff(COLOR_PAIR(COLOR_PAIR_WARN)); + } + else { + static const char* statuses[5] = { + "◯ Weakly suspected to allow all file operations.", + "◔ Weakly suspected to allow most file operations.", + "◑ Weakly suspected to allow many file operations.", + "◕ Weakly suspected to reject most file operations.", + "● Weakly suspected to reject all file operations.", + }; + attron(COLOR_PAIR(COLOR_PAIR_FADE)); + int frac = (float)num_rejections/num_attempts*4; + addstr(statuses[frac]); + attroff(COLOR_PAIR(COLOR_PAIR_FADE)); + } +} + static void render_permissions_screen() { clear(); attrset(A_BOLD); @@ -1246,6 +1300,9 @@ static void render_permissions_screen() { mvaddstr(7, 30, "function file_operation_permitted(filename, mode)"); int y = render_wrapped_text(8, 32, COLS-5, file_operations_predicate_body); mvaddstr(y, 30, "end"); + y++; + mvaddstr(y, 30, ""); + characterize_file_operations_predicate(); y += 2; int net_colors = net_operations_permitted ? COLOR_PAIR_WARN : COLOR_PAIR_SAFE; @@ -1292,12 +1349,12 @@ static void render_permissions_screen() { else if (file_operations_unsafe && net_operations_unsafe) { attron(COLOR_PAIR(COLOR_PAIR_RISK)); // idea: include pentagram emoji. But it isn't widely supported yet on Linux. - mvaddstr(5, 5, "😈 ⚠️ Teliva can't protect you if this app does something sketchy. Consider choosing stronger conditions. ⚠️ 😈"); + mvaddstr(5, 5, "😈 ⚠️ Teliva can't protect you if this app does something sketchy. Consider restricting permissions. ⚠️ 😈"); attroff(COLOR_PAIR(COLOR_PAIR_RISK)); } else { attron(COLOR_PAIR(COLOR_PAIR_RISK)); - mvaddstr(5, 5, "🦮 🙈 Teliva can't tell how much it's protecting you. Consider simplifying the conditions."); + mvaddstr(5, 5, "🦮 🙈 Teliva can't tell how much it's protecting you. Consider simplifying permissions."); attroff(COLOR_PAIR(COLOR_PAIR_RISK)); }