diff options
author | Alexander Larsson <alexander.larsson@gmail.com> | 2015-02-10 09:25:08 +0100 |
---|---|---|
committer | Alexander Larsson <alexander.larsson@gmail.com> | 2015-02-10 09:25:08 +0100 |
commit | 72f1bd9b073e922f9c4d21dc2f6c1fd7666540aa (patch) | |
tree | cb30d8baa97966c00debeed8c4516d9ae1e6e8d3 | |
parent | cd3289e0cb66f3812bb020089784d1b1206fd062 (diff) | |
parent | c07e917b5db5464a32fa2b725ff3fe4d99ae149e (diff) | |
download | flatpak-72f1bd9b073e922f9c4d21dc2f6c1fd7666540aa.tar.gz |
Merge pull request #50 from matthiasclasen/run-env2
Add an --allow option to the run command
-rwxr-xr-x | completion/xdg-app | 2 | ||||
-rw-r--r-- | doc/xdg-app-run.xml | 24 | ||||
-rw-r--r-- | xdg-app-builtins-run.c | 43 | ||||
-rw-r--r-- | xdg-app-utils.h | 19 |
4 files changed, 65 insertions, 23 deletions
diff --git a/completion/xdg-app b/completion/xdg-app index ffabdae0..26d926ab 100755 --- a/completion/xdg-app +++ b/completion/xdg-app @@ -29,7 +29,7 @@ _xdg-app() { [LIST_REMOTES]='--show-urls' [REPO_CONTENTS]='--show-details --runtimes --apps --update' [UNINSTALL]='--keep-ref' - [RUN]='--command --branch --devel --forbid --runtime' + [RUN]='--command --branch --devel --allow --forbid --runtime' [BUILD_INIT]='--arch --var' [BUILD]='--runtime --network --x11' [BUILD_FINISH]='--command --allow' diff --git a/doc/xdg-app-run.xml b/doc/xdg-app-run.xml index 8ef3db6e..f5a52b72 100644 --- a/doc/xdg-app-run.xml +++ b/doc/xdg-app-run.xml @@ -53,9 +53,9 @@ </para> <para> The details of the sandboxed environment are controlled by the application - metadata and the --forbid option that are passed to the run command: Access - is allowed if the application requested it in its metadata file and the - user hasn;t forbidden it. + metadata and the --allow and --forbid options that are passed to the run + command: Access is allowed if it was requested either in the application + metadata file or with an --allow option and the user hasn;t forbidden it. </para> </refsect1> @@ -117,11 +117,25 @@ </varlistentry> <varlistentry> + <term><option>--allow=KEY</option></term> + + <listitem><para> + Allow access to the named facility. This overrides + the Environment section from the application metadata. + KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus, + session-dbus, network, host-fs, homedir. + This option can be used multiple times. + </para></listitem> + </varlistentry> + + <varlistentry> <term><option>--forbid=KEY</option></term> <listitem><para> - Disallow access to the named facility. KEY must - be one of: x11, wayland, ipc, pulseaudio, system-dbus, + Disallow access to the named facility. This overrides the + Environment section from the application metadata and + --allow options to this command. + KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus, session-dbus, network, host-fs, homedir. This option can be used multiple times. </para></listitem> diff --git a/xdg-app-builtins-run.c b/xdg-app-builtins-run.c index 383720b5..ed85cb3b 100644 --- a/xdg-app-builtins-run.c +++ b/xdg-app-builtins-run.c @@ -17,6 +17,7 @@ static char *opt_branch; static char *opt_command; static gboolean opt_devel; static char *opt_runtime; +static char **opt_allow; static char **opt_forbid; static GOptionEntry options[] = { @@ -25,6 +26,7 @@ static GOptionEntry options[] = { { "branch", 0, 0, G_OPTION_ARG_STRING, &opt_branch, "Branch to use", "BRANCH" }, { "devel", 'd', 0, G_OPTION_ARG_NONE, &opt_devel, "Use development runtime", NULL }, { "runtime", 0, 0, G_OPTION_ARG_STRING, &opt_runtime, "Runtime to use", "RUNTIME" }, + { "allow", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_allow, "Environment options to set to true", "KEY" }, { "forbid", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_forbid, "Environment options to set to false", "KEY" }, { NULL } }; @@ -260,12 +262,14 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError ** const char *branch = "master"; const char *command = "/bin/sh"; int i; + const char *key; int rest_argv_start, rest_argc; const char *environment_keys[] = { "x11", "wayland", "ipc", "pulseaudio", "system-dbus", "session-dbus", "network", "host-fs", "homedir", NULL }; const char *no_opts[1] = { NULL }; + const char **allow; const char **forbid; context = g_option_context_new ("APP [args...] - Run an app"); @@ -412,47 +416,52 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError ** else forbid = no_opts; - for (i = 0; forbid[i]; i++) + if ((key = g_strv_subset (environment_keys, forbid)) != NULL) { - const char *key; + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key); + goto out; + } - key = forbid[i]; - if (!g_strv_contains (environment_keys, key)) - { - g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key); - goto out; - } + if (opt_allow) + allow = (const char **)opt_allow; + else + allow = no_opts; + + if ((key = g_strv_subset (environment_keys, allow)) != NULL) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key); + goto out; } - if (g_key_file_get_boolean (metakey, "Environment", "ipc", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "ipc", NULL) || g_strv_contains (allow, "ipc")) && !g_strv_contains (forbid, "ipc")) { g_debug ("Allowing ipc access"); g_ptr_array_add (argv_array, g_strdup ("-i")); } - if (g_key_file_get_boolean (metakey, "Environment", "host-fs", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "host-fs", NULL) || g_strv_contains (allow, "nost-fs")) && !g_strv_contains (forbid, "host-fs")) { g_debug ("Allowing host-fs access"); g_ptr_array_add (argv_array, g_strdup ("-f")); } - if (g_key_file_get_boolean (metakey, "Environment", "homedir", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "homedir", NULL) || g_strv_contains (allow, "homedir")) && !g_strv_contains (forbid, "homedir")) { g_debug ("Allowing homedir access"); g_ptr_array_add (argv_array, g_strdup ("-H")); } - if (g_key_file_get_boolean (metakey, "Environment", "network", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "network", NULL) || g_strv_contains (allow, "network")) && !g_strv_contains (forbid, "network")) { g_debug ("Allowing network access"); g_ptr_array_add (argv_array, g_strdup ("-n")); } - if (g_key_file_get_boolean (metakey, "Environment", "x11", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "x11", NULL) || g_strv_contains (allow, "x11")) && !g_strv_contains (forbid, "x11")) { g_debug ("Allowing x11 access"); @@ -463,28 +472,28 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError ** xdg_app_run_add_no_x11_args (argv_array); } - if (g_key_file_get_boolean (metakey, "Environment", "wayland", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "wayland", NULL) || g_strv_contains (allow, "wayland")) && !g_strv_contains (forbid, "wayland")) { g_debug ("Allowing wayland access"); xdg_app_run_add_wayland_args (argv_array); } - if (g_key_file_get_boolean (metakey, "Environment", "pulseaudio", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "pulseaudio", NULL) || g_strv_contains (allow, "pulseaudio")) && !g_strv_contains (forbid, "pulseaudio")) { g_debug ("Allowing pulseaudio access"); xdg_app_run_add_pulseaudio_args (argv_array); } - if (g_key_file_get_boolean (metakey, "Environment", "system-dbus", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "system-dbus", NULL) || g_strv_contains (allow, "system-dbus")) && !g_strv_contains (forbid, "system-dbus")); { g_debug ("Allowing system-dbus access"); xdg_app_run_add_system_dbus_args (argv_array); } - if (g_key_file_get_boolean (metakey, "Environment", "session-dbus", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "session-dbus", NULL) || g_strv_contains (allow, "session-dbus")) && !g_strv_contains (forbid, "session-dbus")) { g_debug ("Allowing session-dbus access"); diff --git a/xdg-app-utils.h b/xdg-app-utils.h index 16ad4bee..72caa9e7 100644 --- a/xdg-app-utils.h +++ b/xdg-app-utils.h @@ -76,4 +76,23 @@ g_key_file_save_to_file (GKeyFile *key_file, } #endif +/* Returns the first string in subset that is not in strv */ +static inline const gchar * +g_strv_subset (const gchar * const *strv, + const gchar * const *subset) +{ + int i; + + for (i = 0; subset[i]; i++) + { + const char *key; + + key = subset[i]; + if (!g_strv_contains (strv, key)) + return key; + } + + return NULL; +} + #endif /* __XDG_APP_UTILS_H__ */ |