marko10_000
/
flatpak-builder
forked from Mirrors/flatpak-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #50 from matthiasclasen/run-env2 

Add an --allow option to the run command
tingping/wmclass
Alexander Larsson 2015-02-10 09:25:08 +01:00
parent cd3289e0cb c07e917b5d
commit 72f1bd9b07
4 changed files with 66 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
completion/xdg-app
View File

@ -29,7 +29,7 @@ _xdg-app() {
[LIST_REMOTES]='--show-urls'
[REPO_CONTENTS]='--show-details --runtimes --apps --update'
[UNINSTALL]='--keep-ref'
[RUN]='--command --branch --devel --forbid --runtime'
[RUN]='--command --branch --devel --allow --forbid --runtime'
[BUILD_INIT]='--arch --var'
[BUILD]='--runtime --network --x11'
[BUILD_FINISH]='--command --allow'

24
doc/xdg-app-run.xml
View File

@ -53,9 +53,9 @@
</para>
<para>
The details of the sandboxed environment are controlled by the application
metadata and the --forbid option that are passed to the run command: Access
is allowed if the application requested it in its metadata file and the
user hasn;t forbidden it.
metadata and the --allow and --forbid options that are passed to the run
command: Access is allowed if it was requested either in the application
metadata file or with an --allow option and the user hasn;t forbidden it.
</para>
</refsect1>
@ -116,12 +116,26 @@
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--allow=KEY</option></term>
<listitem><para>
Allow access to the named facility. This overrides
the Environment section from the application metadata.
KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
session-dbus, network, host-fs, homedir.
This option can be used multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--forbid=KEY</option></term>
<listitem><para>
Disallow access to the named facility. KEY must
be one of: x11, wayland, ipc, pulseaudio, system-dbus,
Disallow access to the named facility. This overrides the
Environment section from the application metadata and
--allow options to this command.
KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
session-dbus, network, host-fs, homedir.
This option can be used multiple times.
</para></listitem>

45
xdg-app-builtins-run.c
View File

@ -17,6 +17,7 @@ static char *opt_branch;
static char *opt_command;
static gboolean opt_devel;
static char *opt_runtime;
static char **opt_allow;
static char **opt_forbid;
static GOptionEntry options[] = {
@ -25,6 +26,7 @@ static GOptionEntry options[] = {
{ "branch", 0, 0, G_OPTION_ARG_STRING, &opt_branch, "Branch to use", "BRANCH" },
{ "devel", 'd', 0, G_OPTION_ARG_NONE, &opt_devel, "Use development runtime", NULL },
{ "runtime", 0, 0, G_OPTION_ARG_STRING, &opt_runtime, "Runtime to use", "RUNTIME" },
{ "allow", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_allow, "Environment options to set to true", "KEY" },
{ "forbid", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_forbid, "Environment options to set to false", "KEY" },
{ NULL }
};
@ -260,12 +262,14 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError **
const char *branch = "master";
const char *command = "/bin/sh";
int i;
const char *key;
int rest_argv_start, rest_argc;
const char *environment_keys[] = {
"x11", "wayland", "ipc", "pulseaudio", "system-dbus", "session-dbus",
"network", "host-fs", "homedir", NULL
};
const char *no_opts[1] = { NULL };
const char **allow;
const char **forbid;
context = g_option_context_new ("APP [args...] - Run an app");
@ -412,47 +416,52 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError **
else
forbid = no_opts;
for (i = 0; forbid[i]; i++)
if ((key = g_strv_subset (environment_keys, forbid)) != NULL)
{
const char *key;
key = forbid[i];
if (!g_strv_contains (environment_keys, key))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key);
goto out;
}
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key);
goto out;
}
if (g_key_file_get_boolean (metakey, "Environment", "ipc", NULL) &&
if (opt_allow)
allow = (const char **)opt_allow;
else
allow = no_opts;
if ((key = g_strv_subset (environment_keys, allow)) != NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key);
goto out;
}
if ((g_key_file_get_boolean (metakey, "Environment", "ipc", NULL) || g_strv_contains (allow, "ipc")) &&
!g_strv_contains (forbid, "ipc"))
{
g_debug ("Allowing ipc access");
g_ptr_array_add (argv_array, g_strdup ("-i"));
}
if (g_key_file_get_boolean (metakey, "Environment", "host-fs", NULL) &&
if ((g_key_file_get_boolean (metakey, "Environment", "host-fs", NULL) || g_strv_contains (allow, "nost-fs")) &&
!g_strv_contains (forbid, "host-fs"))
{
g_debug ("Allowing host-fs access");
g_ptr_array_add (argv_array, g_strdup ("-f"));
}
if (g_key_file_get_boolean (metakey, "Environment", "homedir", NULL) &&
if ((g_key_file_get_boolean (metakey, "Environment", "homedir", NULL) || g_strv_contains (allow, "homedir")) &&
!g_strv_contains (forbid, "homedir"))
{
g_debug ("Allowing homedir access");
g_ptr_array_add (argv_array, g_strdup ("-H"));
}
if (g_key_file_get_boolean (metakey, "Environment", "network", NULL) &&
if ((g_key_file_get_boolean (metakey, "Environment", "network", NULL) || g_strv_contains (allow, "network")) &&
!g_strv_contains (forbid, "network"))
{
g_debug ("Allowing network access");
g_ptr_array_add (argv_array, g_strdup ("-n"));
}
if (g_key_file_get_boolean (metakey, "Environment", "x11", NULL) &&
if ((g_key_file_get_boolean (metakey, "Environment", "x11", NULL) || g_strv_contains (allow, "x11")) &&
!g_strv_contains (forbid, "x11"))
{
g_debug ("Allowing x11 access");
@ -463,28 +472,28 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError **
xdg_app_run_add_no_x11_args (argv_array);
}
if (g_key_file_get_boolean (metakey, "Environment", "wayland", NULL) &&
if ((g_key_file_get_boolean (metakey, "Environment", "wayland", NULL) || g_strv_contains (allow, "wayland")) &&
!g_strv_contains (forbid, "wayland"))
{
g_debug ("Allowing wayland access");
xdg_app_run_add_wayland_args (argv_array);
}
if (g_key_file_get_boolean (metakey, "Environment", "pulseaudio", NULL) &&
if ((g_key_file_get_boolean (metakey, "Environment", "pulseaudio", NULL) || g_strv_contains (allow, "pulseaudio")) &&
!g_strv_contains (forbid, "pulseaudio"))
{
g_debug ("Allowing pulseaudio access");
xdg_app_run_add_pulseaudio_args (argv_array);
}
if (g_key_file_get_boolean (metakey, "Environment", "system-dbus", NULL) &&
if ((g_key_file_get_boolean (metakey, "Environment", "system-dbus", NULL) || g_strv_contains (allow, "system-dbus")) &&
!g_strv_contains (forbid, "system-dbus"));
{
g_debug ("Allowing system-dbus access");
xdg_app_run_add_system_dbus_args (argv_array);
}
if (g_key_file_get_boolean (metakey, "Environment", "session-dbus", NULL) &&
if ((g_key_file_get_boolean (metakey, "Environment", "session-dbus", NULL) || g_strv_contains (allow, "session-dbus")) &&
!g_strv_contains (forbid, "session-dbus"))
{
g_debug ("Allowing session-dbus access");

19
xdg-app-utils.h
View File

@ -76,4 +76,23 @@ g_key_file_save_to_file (GKeyFile *key_file,
}
#endif
/* Returns the first string in subset that is not in strv */
static inline const gchar *
g_strv_subset (const gchar * const *strv,
const gchar * const *subset)
{
int i;
for (i = 0; subset[i]; i++)
{
const char *key;
key = subset[i];
if (!g_strv_contains (strv, key))
return key;
}
return NULL;
}
#endif /* __XDG_APP_UTILS_H__ */