| #!/usr/bin/env bash |
| # Copyright 2020 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| #### CATEGORY=Other |
| ### register host tools at MacOS Application Firewall |
| ## Register host tools at MacOS Application Firewall |
| ## |
| ## NOTE: This script uses sudo and will thus ask for your password! |
| ## |
| ## -n|--dry-run Just print all steps, don't do any configuration |
| |
| source "$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"/lib/vars.sh || exit $? |
| fx-config-read |
| |
| FIREWALL_CMD="/usr/libexec/ApplicationFirewall/socketfilterfw" |
| |
| # TODO(65725): produce build manifest of this information instead. |
| FIREWALL_TOOLS=( |
| ascendd |
| bootserver |
| device-finder |
| diag_tool |
| dockyard_host |
| ffx |
| loglistener |
| netaddr |
| netcp |
| netls |
| netruncmd |
| onet |
| pm |
| scrutiny |
| sockscripter |
| traceutil |
| triage |
| whereiscl |
| zxdb |
| ) |
| |
| function dryer { |
| if ! "$dryrun"; then |
| "${@}" |
| return $? |
| fi |
| echo >&2 "+ $@" |
| return 0 |
| } |
| |
| function list_tools { |
| TOOL_LIST="$(${FIREWALL_CMD} --listapps | grep "${FUCHSIA_DIR}" | awk '{print $3}')" |
| for f in "${TOOL_LIST[@]}"; do |
| echo "${f}" |
| done |
| } |
| |
| function clear_tools { |
| TOOL_LIST="$(${FIREWALL_CMD} --listapps | grep "${FUCHSIA_DIR}" | awk '{print $3}')" |
| for f in ${TOOL_LIST}; do |
| dryer sudo ${FIREWALL_CMD} --remove "${f}" > /dev/null |
| done |
| } |
| |
| function allow_tools { |
| for tool in "${FIREWALL_TOOLS[@]}"; do |
| for f in "${FUCHSIA_BUILD_DIR}/host-tools/${tool}" "${FUCHSIA_BUILD_DIR}"/host_*/"${tool}" "${FUCHSIA_BUILD_DIR}"/host_*/exe.unstripped/"${tool}"; do |
| dryer sudo ${FIREWALL_CMD} --add "$f" --unblockapp "$f" > /dev/null |
| done |
| done |
| } |
| |
| function main { |
| echo " clearing firewall rules.." |
| clear_tools |
| echo " adding firewall rules.." |
| allow_tools |
| |
| # Activate the changes |
| dryer sudo ${FIREWALL_CMD} --setglobalstate off > /dev/null |
| dryer sudo ${FIREWALL_CMD} --setglobalstate on > /dev/null |
| echo "..done" |
| |
| echo " following tools are registered in the firewall rules:" |
| echo " " |
| list_tools |
| echo " " |
| } |
| |
| dryrun=false |
| while [[ $# > 0 ]]; do |
| case "$1" in |
| -n|--dry-run) |
| fx-warn "Running in dry-run mode" |
| dryrun=true |
| ;; |
| -h|--help|*) |
| fx-command-help |
| exit 1 |
| ;; |
| esac |
| shift |
| done |
| |
| main |