import usbguard-0.7.4-4.el8

SOURCES/match-all.patch

@@ -0,0 +1,242 @@
+diff --git a/doc/man/usbguard-rules.conf.5.adoc b/doc/man/usbguard-rules.conf.5.adoc
+index 44f399c..c0f86f8 100644
+--- a/doc/man/usbguard-rules.conf.5.adoc
++++ b/doc/man/usbguard-rules.conf.5.adoc
+@@ -93,6 +93,9 @@ where the optional 'operator' is one of:
+ *equals-ordered*::
+     The device attribute set must contain exactly the same set of values in the same order for the rule to match.
+ 
++*match-all*::
++   The device attribute set must be a subset of the specified values for the rule to match.
++
+ If the operator is not specified it is set to *equals*.
+ 
+ [.underline]#List of attributes:#
+diff --git a/src/Library/RuleParser/Grammar.hpp b/src/Library/RuleParser/Grammar.hpp
+index 4d785c0..764380e 100644
+--- a/src/Library/RuleParser/Grammar.hpp
++++ b/src/Library/RuleParser/Grammar.hpp
+@@ -15,6 +15,7 @@
+ // along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ //
+ // Authors: Daniel Kopecek <dkopecek@redhat.com>
++//          Marek Tamaskovic <mtamasko@redhat.com>
+ //
+ #pragma once
+ #ifdef HAVE_BUILD_CONFIG_H
+@@ -53,12 +54,13 @@ namespace usbguard
+     struct str_none_of : TAOCPP_PEGTL_STRING("none-of") {};
+     struct str_equals : TAOCPP_PEGTL_STRING("equals") {};
+     struct str_equals_ordered : TAOCPP_PEGTL_STRING("equals-ordered") {};
++    struct str_match_all: TAOCPP_PEGTL_STRING("match-all") {};
+ 
+     /*
+      * Generic rule attribute
+      */
+     struct multiset_operator
+-      : sor<str_all_of, str_one_of, str_none_of, str_equals_ordered, str_equals> {};
++      : sor<str_all_of, str_one_of, str_none_of, str_equals_ordered, str_equals, str_match_all> {};
+ 
+     template<class attribute_value_rule>
+     struct attribute_value_multiset
+diff --git a/src/Library/RulePrivate.cpp b/src/Library/RulePrivate.cpp
+index 73140fa..6ceb12d 100644
+--- a/src/Library/RulePrivate.cpp
++++ b/src/Library/RulePrivate.cpp
+@@ -15,6 +15,7 @@
+ // along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ //
+ // Authors: Daniel Kopecek <dkopecek@redhat.com>
++//          Marek Tamaskovic <mtamasko@redhat.com>
+ //
+ #ifdef HAVE_BUILD_CONFIG_H
+   #include <build-config.h>
+@@ -177,6 +178,7 @@ namespace usbguard
+     case Rule::SetOperator::AllOf:
+     case Rule::SetOperator::Equals:
+     case Rule::SetOperator::EqualsOrdered:
++    case Rule::SetOperator::MatchAll:
+       meets_conditions = \
+         (conditionsState() == ((((uint64_t)1) << _conditions.count()) - 1));
+       break;
+diff --git a/src/Library/public/usbguard/Predicates.hpp b/src/Library/public/usbguard/Predicates.hpp
+index 412517e..95ede3a 100644
+--- a/src/Library/public/usbguard/Predicates.hpp
++++ b/src/Library/public/usbguard/Predicates.hpp
+@@ -15,6 +15,7 @@
+ // along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ //
+ // Authors: Daniel Kopecek <dkopecek@redhat.com>
++//          Marek Tamaskovic <mtamasko@redhat.com>
+ //
+ #pragma once
+ 
+@@ -35,6 +36,15 @@ namespace usbguard
+       USBGUARD_LOG(Trace) << "generic isSubsetOf";
+       return source == target;
+     }
++
++    template<typename T>
++    bool isSupersetOf(const T& source, const T& target)
++    {
++      USBGUARD_LOG(Error) << "Not implemented";
++      (void) source;
++      (void) target;
++      return true;
++    }
+   }
+ } /* namespace usbguard */
+ 
+diff --git a/src/Library/public/usbguard/Rule.cpp b/src/Library/public/usbguard/Rule.cpp
+index f7bb35a..fa97578 100644
+--- a/src/Library/public/usbguard/Rule.cpp
++++ b/src/Library/public/usbguard/Rule.cpp
+@@ -15,6 +15,7 @@
+ // along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ //
+ // Authors: Daniel Kopecek <dkopecek@redhat.com>
++//          Marek Tamaskovic <mtamasko@redhat.com>
+ //
+ #ifdef HAVE_BUILD_CONFIG_H
+   #include <build-config.h>
+@@ -325,7 +326,8 @@ namespace usbguard
+     { "none-of", Rule::SetOperator::NoneOf },
+     { "equals", Rule::SetOperator::Equals },
+     { "equals-ordered", Rule::SetOperator::EqualsOrdered },
+-    { "match", Rule::SetOperator::Match }
++    { "match", Rule::SetOperator::Match },
++    { "match-all", Rule::SetOperator::MatchAll}
+   };
+ 
+   const std::string Rule::setOperatorToString(const Rule::SetOperator& op)
+diff --git a/src/Library/public/usbguard/Rule.hpp b/src/Library/public/usbguard/Rule.hpp
+index 0ebfdaf..67a67f0 100644
+--- a/src/Library/public/usbguard/Rule.hpp
++++ b/src/Library/public/usbguard/Rule.hpp
+@@ -15,6 +15,7 @@
+ // along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ //
+ // Authors: Daniel Kopecek <dkopecek@redhat.com>
++//          Marek Tamaskovic <mtamasko@redhat.com>
+ //
+ #pragma once
+ 
+@@ -77,7 +78,8 @@ namespace usbguard
+       NoneOf,
+       Equals,
+       EqualsOrdered,
+-      Match /* Special operator: matches anything, cannot be used directly in a rule */
++      Match, /* Special operator: matches anything, cannot be used directly in a rule */
++      MatchAll
+     };
+ 
+     static const std::string setOperatorToString(const Rule::SetOperator& op);
+@@ -237,6 +239,10 @@ namespace usbguard
+             applies = setSolveEqualsOrdered(_values, target._values);
+             break;
+ 
++          case SetOperator::MatchAll:
++            applies = setSolveMatchAll(_values, target._values);
++            break;
++
+           default:
+             throw USBGUARD_BUG("Invalid set operator value");
+           }
+@@ -409,6 +415,26 @@ namespace usbguard
+         return false;
+       }
+ 
++      /*
++       * All of the items in target set must match an item in the source set
++       */
++      bool setSolveMatchAll(const std::vector<ValueType>& source_set, const std::vector<ValueType>& target_set) const
++      {
++        USBGUARD_LOG(Trace);
++        size_t match = 0;
++
++        for (auto const& target_item : target_set) {
++          for (auto const& source_item : source_set) {
++            if (Predicates::isSupersetOf(source_item, target_item)) {
++              match++;
++              break;
++            }
++          }
++        }
++
++        return match == target_set.size();
++      }
++
+       std::string _name;
+       SetOperator _set_operator;
+       std::vector<ValueType> _values;
+diff --git a/src/Library/public/usbguard/USB.cpp b/src/Library/public/usbguard/USB.cpp
+index 281d1c9..54e5fb8 100644
+--- a/src/Library/public/usbguard/USB.cpp
++++ b/src/Library/public/usbguard/USB.cpp
+@@ -15,6 +15,7 @@
+ // along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ //
+ // Authors: Daniel Kopecek <dkopecek@redhat.com>
++//          Marek Tamaskovic <mtamasko@redhat.com>
+ //
+ #ifdef HAVE_BUILD_CONFIG_H
+   #include <build-config.h>
+@@ -125,6 +126,15 @@ namespace usbguard
+     return result;
+   }
+ 
++  template<>
++  bool Predicates::isSupersetOf(const USBDeviceID& source, const USBDeviceID& target)
++  {
++    USBGUARD_LOG(Trace) << "source=" << source.toString() << " target=" << target.toString();
++    const bool result = target.isSubsetOf(source);
++    USBGUARD_LOG(Trace) << "result=" << result;
++    return result;
++  }
++
+   USBInterfaceType::USBInterfaceType()
+   {
+     _bClass = 0;
+@@ -234,6 +244,12 @@ namespace usbguard
+     return source.appliesTo(target);
+   }
+ 
++  template<>
++  bool Predicates::isSupersetOf(const USBInterfaceType& source, const USBInterfaceType& target)
++  {
++    return source.appliesTo(target);
++  }
++
+   const std::string USBInterfaceType::typeString() const
+   {
+     return USBInterfaceType::typeString(_bClass, _bSubClass, _bProtocol, _mask);
+diff --git a/src/Library/public/usbguard/USB.hpp b/src/Library/public/usbguard/USB.hpp
+index 914d74b..f538aac 100644
+--- a/src/Library/public/usbguard/USB.hpp
++++ b/src/Library/public/usbguard/USB.hpp
+@@ -15,6 +15,7 @@
+ // along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ //
+ // Authors: Daniel Kopecek <dkopecek@redhat.com>
++//          Marek Tamaskovic <mtamasko@redhat.com>
+ //
+ #pragma once
+ 
+@@ -169,6 +170,8 @@ namespace usbguard
+   {
+     template<>
+     bool isSubsetOf(const USBDeviceID& source, const USBDeviceID& target);
++    template<>
++    bool isSupersetOf(const USBDeviceID& source, const USBDeviceID& target);
+   }
+ 
+   class DLL_PUBLIC USBInterfaceType
+@@ -202,6 +205,8 @@ namespace usbguard
+   {
+     template<>
+     bool isSubsetOf(const USBInterfaceType& source, const USBInterfaceType& target);
++    template<>
++    bool isSupersetOf(const USBInterfaceType& source, const USBInterfaceType& target);
+   }
+ 
+   class USBDescriptorParser;

SPECS/usbguard.spec

@@ -3,9 +3,11 @@
 %define with_gui_qt5 0
 %define with_dbus    1
 
+%bcond_without check
+
 Name:           usbguard
 Version:        0.7.4
-Release:        2%{?dist}
+Release:        4%{?dist}
 Summary:        A tool for implementing USB device usage policy
 Group:          System Environment/Daemons
 License:        GPLv2+
@@ -49,6 +51,7 @@ BuildRequires: libxml2
 %endif
 
 Patch0: usbguard-0.7.4-loadFilesError.patch
+Patch1: match-all.patch
 
 %description
 The USBGuard software framework helps to protect your computer against rogue USB
@@ -107,6 +110,7 @@ a D-Bus interface to the USBGuard daemon component.
 %prep
 %setup -q
 %patch0 -p1 -b .loadFilesError
+%patch1 -p1 -b .matchallkeyword
 
 # Remove bundled library sources before build
 rm -rf src/ThirdParty/{Catch,PEGTL}
@@ -133,8 +137,10 @@ autoreconf -i -v --no-recursive ./
 
 make %{?_smp_mflags}
 
+%if %{with check}
 %check
 make check
+%endif
 
 %install
 make install INSTALL='install -p' DESTDIR=%{buildroot}
@@ -221,6 +227,12 @@ find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';'
 %endif
 
 %changelog
+* Mon Nov 25 2019 Marek Tamaskovic <mtamasko@redhat.com> - 0.7.4-4
+- add match-all keyword
+
+* Tue May 21 2019 Daniel Kopeček <dkopecek@redhat.com> - 0.7.4-3
+- spec: make the check phase conditional
+
 * Fri Dec 14 2018 Jiri Vymazal <jvymazal@redhat.com> - 0.7.4-2
   Resolves: rhbz#1643057 - usbguard fails to report invalid value in IPCAccessControlFiles directive