diff options
author | Matthias Clasen <mclasen@redhat.com> | 2018-06-27 23:04:47 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-06-29 11:52:40 +0000 |
commit | 4c0662b03a43c5e285c03493d9eca7423de5224d (patch) | |
tree | 6bf95d1ad1464b2e3f69a3ece424c709253cdd0f | |
parent | e9f5b1cf06f75c3358e5cab14b3aac439b4a77bd (diff) | |
download | flatpak-4c0662b03a43c5e285c03493d9eca7423de5224d.tar.gz |
Add a permission-reset command
This command removes all permissions for a given app
from the permission store.
Closes: #1837
Approved by: alexlarsson
-rw-r--r-- | app/Makefile.am.inc | 1 | ||||
-rw-r--r-- | app/flatpak-builtins-permission-reset.c | 210 | ||||
-rw-r--r-- | app/flatpak-builtins.h | 1 | ||||
-rw-r--r-- | app/flatpak-main.c | 1 | ||||
-rw-r--r-- | doc/Makefile.am | 1 | ||||
-rw-r--r-- | doc/flatpak-docs.xml.in | 1 | ||||
-rw-r--r-- | doc/flatpak-permission-reset.xml | 102 |
7 files changed, 317 insertions, 0 deletions
diff --git a/app/Makefile.am.inc b/app/Makefile.am.inc index 46f1f096..941c53ed 100644 --- a/app/Makefile.am.inc +++ b/app/Makefile.am.inc @@ -54,6 +54,7 @@ flatpak_SOURCES = \ app/flatpak-builtins-permission-remove.c \ app/flatpak-builtins-permission-list.c \ app/flatpak-builtins-permission-show.c \ + app/flatpak-builtins-permission-reset.c \ app/flatpak-builtins-search.c \ app/flatpak-builtins-repair.c \ app/flatpak-table-printer.c \ diff --git a/app/flatpak-builtins-permission-reset.c b/app/flatpak-builtins-permission-reset.c new file mode 100644 index 00000000..3903529f --- /dev/null +++ b/app/flatpak-builtins-permission-reset.c @@ -0,0 +1,210 @@ +/* + * Copyright © 2018 Red Hat, Inc + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + * Authors: + * Matthias Clasen <mclasen@redhat.com> + */ + +#include "config.h" + +#include <locale.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <errno.h> + +#include <glib/gi18n.h> + +#include "libglnx/libglnx.h" +#include "flatpak-permission-dbus-generated.h" + +#include "flatpak-builtins.h" +#include "flatpak-table-printer.h" +#include "flatpak-utils-private.h" +#include "flatpak-run-private.h" + +static GOptionEntry options[] = { + { NULL } +}; + +static char ** +get_permission_tables (XdpDbusPermissionStore *store) +{ + g_autofree char *path = NULL; + GDir *dir; + const char *name; + GPtrArray *tables = NULL; + + tables = g_ptr_array_new (); + + path = g_build_filename (g_get_user_data_dir (), "flatpak/db", NULL); + dir = g_dir_open (path, 0, NULL); + if (dir != NULL) + { + while ((name = g_dir_read_name (dir)) != NULL) + { + g_ptr_array_add (tables, g_strdup (name)); + } + } + + g_dir_close (dir); + + g_ptr_array_add (tables, NULL); + + return (char **)g_ptr_array_free (tables, FALSE); +} + +static gboolean +remove_for_app (XdpDbusPermissionStore *store, + const char *table, + const char *app_id, + GError **error) +{ + char **ids; + int i; + + /* FIXME some portals cache their permission tables and assume that they're + * the only writers, so they may miss these changes. + * See https://github.com/flatpak/xdg-desktop-portal/issues/197 + */ + + if (!xdp_dbus_permission_store_call_list_sync (store, table, &ids, NULL, error)) + return FALSE; + + for (i = 0; ids[i]; i++) + { + g_autoptr(GVariant) permissions = NULL; + g_autoptr(GVariant) data = NULL; + GVariantIter iter; + char *key; + GVariant *value; + GVariantBuilder builder; + + g_variant_builder_init (&builder, G_VARIANT_TYPE ("a{sas}")); + + if (!xdp_dbus_permission_store_call_lookup_sync (store, table, ids[i], + &permissions, &data, + NULL, error)) + return FALSE; + + g_variant_iter_init (&iter, permissions); + while (g_variant_iter_loop (&iter, "{s@as}", &key, &value)) + { + if (strcmp (key, app_id) == 0) + continue; + + g_variant_builder_add (&builder, "{s@as}", key, value); + } + + if (!xdp_dbus_permission_store_call_set_sync (store, table, TRUE, ids[i], + g_variant_builder_end (&builder), + data ? data : g_variant_new_byte (0), + NULL, error)) + return FALSE; + } + + return TRUE; +} + +gboolean +flatpak_builtin_permission_reset (int argc, char **argv, + GCancellable *cancellable, + GError **error) +{ + g_autoptr(GOptionContext) context = NULL; + g_autoptr(GDBusConnection) session_bus = NULL; + XdpDbusPermissionStore *store = NULL; + const char *app_id; + int i; + g_auto(GStrv) tables = NULL; + + context = g_option_context_new (_("APP_ID - Reset permissions for an app")); + g_option_context_set_translation_domain (context, GETTEXT_PACKAGE); + + if (!flatpak_option_context_parse (context, options, &argc, &argv, + FLATPAK_BUILTIN_FLAG_NO_DIR, + NULL, cancellable, error)) + return FALSE; + + if (argc != 2) + return usage_error (context, _("Wrong number of arguments"), error); + + app_id = argv[1]; + + session_bus = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, error); + if (session_bus == NULL) + return FALSE; + + store = xdp_dbus_permission_store_proxy_new_sync (session_bus, 0, + "org.freedesktop.impl.portal.PermissionStore", + "/org/freedesktop/impl/portal/PermissionStore", + NULL, error); + if (store == NULL) + return FALSE; + + tables = get_permission_tables (store); + for (i = 0; tables[i]; i++) + { + if (!remove_for_app (store, tables[i], app_id, error)) + return FALSE; + } + + return TRUE; +} + +gboolean +flatpak_complete_permission_reset (FlatpakCompletion *completion) +{ + g_autoptr(GOptionContext) context = NULL; + g_autoptr(GDBusConnection) session_bus = NULL; + XdpDbusPermissionStore *store = NULL; + + context = g_option_context_new (""); + + if (!flatpak_option_context_parse (context, options, &completion->argc, &completion->argv, + FLATPAK_BUILTIN_FLAG_NO_DIR, NULL, NULL, NULL)) + return FALSE; + + session_bus = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL); + if (session_bus == NULL) + return FALSE; + + store = xdp_dbus_permission_store_proxy_new_sync (session_bus, 0, + "org.freedesktop.impl.portal.PermissionStore", + "/org/freedesktop/impl/portal/PermissionStore", + NULL, NULL); + + if (store == NULL) + return FALSE; + + switch (completion->argc) + { + case 0: + case 1: /* APP_ID */ + flatpak_complete_options (completion, global_entries); + flatpak_complete_options (completion, options); + + flatpak_complete_partial_ref (completion, FLATPAK_KINDS_APP, FALSE, flatpak_dir_get_user (), NULL); + flatpak_complete_partial_ref (completion, FLATPAK_KINDS_APP, FALSE, flatpak_dir_get_system_default (), NULL); + + break; + + default: + break; + } + + return TRUE; +} diff --git a/app/flatpak-builtins.h b/app/flatpak-builtins.h index 6e6b28eb..ecea144a 100644 --- a/app/flatpak-builtins.h +++ b/app/flatpak-builtins.h @@ -90,6 +90,7 @@ BUILTINPROTO (document_list) BUILTINPROTO (permission_remove) BUILTINPROTO (permission_list) BUILTINPROTO (permission_show) +BUILTINPROTO (permission_reset) BUILTINPROTO (override) BUILTINPROTO (repo) BUILTINPROTO (config) diff --git a/app/flatpak-main.c b/app/flatpak-main.c index 513b7c2f..3dd5dd23 100644 --- a/app/flatpak-main.c +++ b/app/flatpak-main.c @@ -93,6 +93,7 @@ static FlatpakCommand commands[] = { { "permission-remove", N_("Remove item from permission store"), flatpak_builtin_permission_remove, flatpak_complete_permission_remove }, { "permission-list", N_("List permissions"), flatpak_builtin_permission_list, flatpak_complete_permission_list }, { "permission-show", N_("Show app permissions"), flatpak_builtin_permission_show, flatpak_complete_permission_show }, + { "permission-reset", N_("Reset app permissions"), flatpak_builtin_permission_reset, flatpak_complete_permission_reset }, /* translators: please keep the leading newline and space */ { N_("\n Manage remote repositories") }, diff --git a/doc/Makefile.am b/doc/Makefile.am index b26bbb2e..09c80c22 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -42,6 +42,7 @@ man1 = \ flatpak-permission-remove.1 \ flatpak-permission-list.1 \ flatpak-permission-show.1 \ + flatpak-permission-reset.1 \ flatpak-build-init.1 \ flatpak-build.1 \ flatpak-build-bundle.1 \ diff --git a/doc/flatpak-docs.xml.in b/doc/flatpak-docs.xml.in index de393935..ec5974f8 100644 --- a/doc/flatpak-docs.xml.in +++ b/doc/flatpak-docs.xml.in @@ -36,6 +36,7 @@ <xi:include href="@srcdir@/flatpak-permission-remove.xml"/> <xi:include href="@srcdir@/flatpak-permission-list.xml"/> <xi:include href="@srcdir@/flatpak-permission-show.xml"/> + <xi:include href="@srcdir@/flatpak-permission-reset.xml"/> <xi:include href="@srcdir@/flatpak-enter.xml"/> <xi:include href="@srcdir@/flatpak-info.xml"/> <xi:include href="@srcdir@/flatpak-install.xml"/> diff --git a/doc/flatpak-permission-reset.xml b/doc/flatpak-permission-reset.xml new file mode 100644 index 00000000..4e58d853 --- /dev/null +++ b/doc/flatpak-permission-reset.xml @@ -0,0 +1,102 @@ +<?xml version='1.0'?> <!--*-nxml-*--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> + +<refentry id="flatpak-permission-reset"> + + <refentryinfo> + <title>flatpak permission-reset</title> + <productname>flatpak</productname> + + <authorgroup> + <author> + <contrib>Developer</contrib> + <firstname>Matthias</firstname> + <surname>Clasen</surname> + <email>mclasen@redhat.com</email> + </author> + </authorgroup> + </refentryinfo> + + <refmeta> + <refentrytitle>flatpak permission-reset</refentrytitle> + <manvolnum>1</manvolnum> + </refmeta> + + <refnamediv> + <refname>flatpak-permission-reset</refname> + <refpurpose>Reset permissions</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis> + <command>flatpak permission-reset</command> + <arg choice="opt" rep="repeat">OPTION</arg> + <arg choice="plain">APP_ID</arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1> + <title>Description</title> + + <para> + Removes all permissions for the given app from the Flatpak + permission store. + </para> + + <para> + The permission store is used by portals. + Each portal generally has its own table in the permission + store, and the format of the table entries is specific to + each portal. + </para> + + </refsect1> + + <refsect1> + <title>Options</title> + + <para>The following options are understood:</para> + + <variablelist> + <varlistentry> + <term><option>-h</option></term> + <term><option>--help</option></term> + + <listitem><para> + Show help options and exit. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><option>-v</option></term> + <term><option>--verbose</option></term> + + <listitem><para> + Print debug information during command processing. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--ostree-verbose</option></term> + + <listitem><para> + Print OSTree debug information during command processing. + </para></listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1> + <title>See also</title> + + <para> + <citerefentry><refentrytitle>flatpak</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>flatpak-permission-list</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>flatpak-permission-show</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>flatpak-permission-remove</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + </para> + + </refsect1> + +</refentry> |