Add support for PCSC socket

Closes: #2778 Approved by: alexlarsson
author: Valentin David <valentin.david@codethink.co.uk> 2019-03-24 13:06:30 +0100
committer: Atomic Bot <atomic-devel@projectatomic.io> 2019-04-12 06:37:44 +0000
commit: 8ce289b4c31fe3582613cc3b07239721af725be5 (patch)
tree: 941fac4ac58cf57c68cd6c4eb93600831491c013
parent: 7fdd677b93b3ed2bd756d01d01cc87f4cfe5f80d (diff)
download: flatpak-8ce289b4c31fe3582613cc3b07239721af725be5.tar.gz
8 files changed, 53 insertions, 9 deletions
diff --git a/common/flatpak-context-private.h b/common/flatpak-context-private.h
index f1ac8512..8fbc1e6e 100644
--- a/common/flatpak-context-private.h
+++ b/common/flatpak-context-private.h
@@ -41,6 +41,7 @@ typedef enum {
   FLATPAK_CONTEXT_SOCKET_SYSTEM_BUS  = 1 << 4,
   FLATPAK_CONTEXT_SOCKET_FALLBACK_X11 = 1 << 5, /* For backwards compat, also set SOCKET_X11 */
   FLATPAK_CONTEXT_SOCKET_SSH_AUTH    = 1 << 6,
+  FLATPAK_CONTEXT_SOCKET_PCSC        = 1 << 7,
 } FlatpakContextSockets;
 
 typedef enum {
diff --git a/common/flatpak-context.c b/common/flatpak-context.c
index 6834dd72..2a4cb9cb 100644
--- a/common/flatpak-context.c
+++ b/common/flatpak-context.c
@@ -60,6 +60,7 @@ const char *flatpak_context_sockets[] = {
   "system-bus",
   "fallback-x11",
   "ssh-auth",
+  "pcsc",
   NULL
 };
 
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 0579ce4c..f7fab66b 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -284,6 +284,34 @@ flatpak_run_add_ssh_args (FlatpakBwrap *bwrap)
   flatpak_bwrap_set_env (bwrap, "SSH_AUTH_SOCK", sandbox_auth_socket, TRUE);
 }
 
+static void
+flatpak_run_add_pcsc_args (FlatpakBwrap *bwrap)
+{
+  const char * pcsc_socket;
+  const char * sandbox_pcsc_socket = "/run/pcscd/pcscd.comm";
+
+  pcsc_socket = g_getenv ("PCSCLITE_CSOCK_NAME");
+  if (pcsc_socket)
+    {
+      if (!g_file_test (pcsc_socket, G_FILE_TEST_EXISTS))
+        {
+          flatpak_bwrap_unset_env (bwrap, "PCSCLITE_CSOCK_NAME");
+          return;
+        }
+    }
+  else
+    {
+      pcsc_socket = "/run/pcscd/pcscd.comm";
+      if (!g_file_test (pcsc_socket, G_FILE_TEST_EXISTS))
+        return;
+    }
+
+  flatpak_bwrap_add_args (bwrap,
+                          "--ro-bind", pcsc_socket, sandbox_pcsc_socket,
+                          NULL);
+  flatpak_bwrap_set_env (bwrap, "PCSCLITE_CSOCK_NAME", sandbox_pcsc_socket, TRUE);
+}
+
 /* Try to find a default server from a pulseaudio confguration file */
 static char *
 flatpak_run_get_pulseaudio_server_user_config (const char *path)
@@ -1134,6 +1162,11 @@ flatpak_run_add_environment_args (FlatpakBwrap    *bwrap,
       flatpak_run_add_pulseaudio_args (bwrap);
     }
 
+  if (context->sockets & FLATPAK_CONTEXT_SOCKET_PCSC)
+    {
+      flatpak_run_add_pcsc_args (bwrap);
+    }
+
   flatpak_run_add_session_dbus_args (bwrap, proxy_arg_bwrap, context, flags, app_id);
   flatpak_run_add_system_dbus_args (bwrap, proxy_arg_bwrap, context, flags);
   flatpak_run_add_a11y_dbus_args (bwrap, proxy_arg_bwrap, context, flags);
diff --git a/doc/flatpak-build-finish.xml b/doc/flatpak-build-finish.xml
index 07543350..0c553ae7 100644
--- a/doc/flatpak-build-finish.xml
+++ b/doc/flatpak-build-finish.xml
@@ -133,7 +133,8 @@
                 <listitem><para>
                     Expose a well-known socket to the application. This updates
                     the [Context] group in the metadata.
-                    SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, ssh-auth.
+                    SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus,
+                    ssh-auth, pcsc.
                     This option can be used multiple times.
                 </para><para>
                     The fallback-x11 option makes the X11 socket available only if
@@ -149,7 +150,8 @@
                 <listitem><para>
                     Don't expose a well known socket to the application. This updates
                     the [Context] group in the metadata.
-                    SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, ssh-auth.
+                    SOCKET must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus,
+                    ssh-auth, pcsc.
                     This option can be used multiple times.
                 </para></listitem>
             </varlistentry>
diff --git a/doc/flatpak-build.xml b/doc/flatpak-build.xml
index d8ec7843..4b65fcd5 100644
--- a/doc/flatpak-build.xml
+++ b/doc/flatpak-build.xml
@@ -148,7 +148,8 @@
                 <listitem><para>
                     Expose a well-known socket to the application. This overrides to
                     the Context section from the application metadata.
-                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, ssh-auth.
+                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus,
+                    ssh-auth, pcsc.
                     This option can be used multiple times.
                 </para></listitem>
             </varlistentry>
@@ -159,7 +160,8 @@
                 <listitem><para>
                     Don't expose a well-known socket to the application. This overrides to
                     the Context section from the application metadata.
-                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, ssh-auth.
+                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus,
+                    ssh-auth, pcsc.
                     This option can be used multiple times.
                 </para></listitem>
             </varlistentry>
diff --git a/doc/flatpak-metadata.xml b/doc/flatpak-metadata.xml
index c2fdc7d8..97f78906 100644
--- a/doc/flatpak-metadata.xml
+++ b/doc/flatpak-metadata.xml
@@ -142,7 +142,8 @@
                     <term><option>sockets</option> (list)</term>
                     <listitem><para>
                         List of well-known sockets to make available in the sandbox.
-                        Possible sockets: x11, wayland, fallback-x11, pulseaudio, session-bus, system-bus, ssh-auth.
+                        Possible sockets: x11, wayland, fallback-x11, pulseaudio, session-bus, system-bus,
+                        ssh-auth, pcsc.
                         When making a socket available, flatpak also sets
                         well-known environment variables like DISPLAY or
                         DBUS_SYSTEM_BUS_ADDRESS to let the application
diff --git a/doc/flatpak-override.xml b/doc/flatpak-override.xml
index b76d8e77..8753433c 100644
--- a/doc/flatpak-override.xml
+++ b/doc/flatpak-override.xml
@@ -130,7 +130,8 @@
                 <listitem><para>
                     Expose a well-known socket to the application. This overrides to
                     the Context section from the application metadata.
-                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, ssh-auth.
+                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus,
+                    ssh-auth, pcsc.
                     This option can be used multiple times.
                 </para></listitem>
             </varlistentry>
@@ -141,7 +142,8 @@
                 <listitem><para>
                     Don't expose a well-known socket to the application. This overrides to
                     the Context section from the application metadata.
-                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, ssh-auth.
+                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus,
+                    ssh-auth, pcsc.
                     This option can be used multiple times.
                 </para></listitem>
             </varlistentry>
diff --git a/doc/flatpak-run.xml b/doc/flatpak-run.xml
index 7190eb32..8dd65c72 100644
--- a/doc/flatpak-run.xml
+++ b/doc/flatpak-run.xml
@@ -264,7 +264,8 @@
                 <listitem><para>
                     Expose a well known socket to the application. This overrides to
                     the Context section from the application metadata.
-                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, ssh-auth.
+                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus,
+                    ssh-auth, pcsc.
                     This option can be used multiple times.
                 </para></listitem>
             </varlistentry>
@@ -275,7 +276,8 @@
                 <listitem><para>
                     Don't expose a well known socket to the application. This overrides to
                     the Context section from the application metadata.
-                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus, ssh-auth.
+                    <arg choice="plain">SOCKET</arg> must be one of: x11, wayland, fallback-x11, pulseaudio, system-bus, session-bus,
+                    ssh-auth, pcsc.
                     This option can be used multiple times.
                 </para></listitem>
             </varlistentry>
author	Valentin David <valentin.david@codethink.co.uk>	2019-03-24 13:06:30 +0100
committer	Atomic Bot <atomic-devel@projectatomic.io>	2019-04-12 06:37:44 +0000
commit	8ce289b4c31fe3582613cc3b07239721af725be5 (patch)
tree	941fac4ac58cf57c68cd6c4eb93600831491c013
parent	7fdd677b93b3ed2bd756d01d01cc87f4cfe5f80d (diff)
download	flatpak-8ce289b4c31fe3582613cc3b07239721af725be5.tar.gz