forked from Mirrors/flatpak-builder
Merge pull request #50 from matthiasclasen/run-env2
Add an --allow option to the run commandtingping/wmclass
commit
72f1bd9b07
|
@ -29,7 +29,7 @@ _xdg-app() {
|
|||
[LIST_REMOTES]='--show-urls'
|
||||
[REPO_CONTENTS]='--show-details --runtimes --apps --update'
|
||||
[UNINSTALL]='--keep-ref'
|
||||
[RUN]='--command --branch --devel --forbid --runtime'
|
||||
[RUN]='--command --branch --devel --allow --forbid --runtime'
|
||||
[BUILD_INIT]='--arch --var'
|
||||
[BUILD]='--runtime --network --x11'
|
||||
[BUILD_FINISH]='--command --allow'
|
||||
|
|
|
@ -53,9 +53,9 @@
|
|||
</para>
|
||||
<para>
|
||||
The details of the sandboxed environment are controlled by the application
|
||||
metadata and the --forbid option that are passed to the run command: Access
|
||||
is allowed if the application requested it in its metadata file and the
|
||||
user hasn;t forbidden it.
|
||||
metadata and the --allow and --forbid options that are passed to the run
|
||||
command: Access is allowed if it was requested either in the application
|
||||
metadata file or with an --allow option and the user hasn;t forbidden it.
|
||||
</para>
|
||||
|
||||
</refsect1>
|
||||
|
@ -116,12 +116,26 @@
|
|||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--allow=KEY</option></term>
|
||||
|
||||
<listitem><para>
|
||||
Allow access to the named facility. This overrides
|
||||
the Environment section from the application metadata.
|
||||
KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
|
||||
session-dbus, network, host-fs, homedir.
|
||||
This option can be used multiple times.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--forbid=KEY</option></term>
|
||||
|
||||
<listitem><para>
|
||||
Disallow access to the named facility. KEY must
|
||||
be one of: x11, wayland, ipc, pulseaudio, system-dbus,
|
||||
Disallow access to the named facility. This overrides the
|
||||
Environment section from the application metadata and
|
||||
--allow options to this command.
|
||||
KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus,
|
||||
session-dbus, network, host-fs, homedir.
|
||||
This option can be used multiple times.
|
||||
</para></listitem>
|
||||
|
|
|
@ -17,6 +17,7 @@ static char *opt_branch;
|
|||
static char *opt_command;
|
||||
static gboolean opt_devel;
|
||||
static char *opt_runtime;
|
||||
static char **opt_allow;
|
||||
static char **opt_forbid;
|
||||
|
||||
static GOptionEntry options[] = {
|
||||
|
@ -25,6 +26,7 @@ static GOptionEntry options[] = {
|
|||
{ "branch", 0, 0, G_OPTION_ARG_STRING, &opt_branch, "Branch to use", "BRANCH" },
|
||||
{ "devel", 'd', 0, G_OPTION_ARG_NONE, &opt_devel, "Use development runtime", NULL },
|
||||
{ "runtime", 0, 0, G_OPTION_ARG_STRING, &opt_runtime, "Runtime to use", "RUNTIME" },
|
||||
{ "allow", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_allow, "Environment options to set to true", "KEY" },
|
||||
{ "forbid", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_forbid, "Environment options to set to false", "KEY" },
|
||||
{ NULL }
|
||||
};
|
||||
|
@ -260,12 +262,14 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError **
|
|||
const char *branch = "master";
|
||||
const char *command = "/bin/sh";
|
||||
int i;
|
||||
const char *key;
|
||||
int rest_argv_start, rest_argc;
|
||||
const char *environment_keys[] = {
|
||||
"x11", "wayland", "ipc", "pulseaudio", "system-dbus", "session-dbus",
|
||||
"network", "host-fs", "homedir", NULL
|
||||
};
|
||||
const char *no_opts[1] = { NULL };
|
||||
const char **allow;
|
||||
const char **forbid;
|
||||
|
||||
context = g_option_context_new ("APP [args...] - Run an app");
|
||||
|
@ -412,47 +416,52 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError **
|
|||
else
|
||||
forbid = no_opts;
|
||||
|
||||
for (i = 0; forbid[i]; i++)
|
||||
if ((key = g_strv_subset (environment_keys, forbid)) != NULL)
|
||||
{
|
||||
const char *key;
|
||||
|
||||
key = forbid[i];
|
||||
if (!g_strv_contains (environment_keys, key))
|
||||
{
|
||||
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key);
|
||||
goto out;
|
||||
}
|
||||
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (g_key_file_get_boolean (metakey, "Environment", "ipc", NULL) &&
|
||||
if (opt_allow)
|
||||
allow = (const char **)opt_allow;
|
||||
else
|
||||
allow = no_opts;
|
||||
|
||||
if ((key = g_strv_subset (environment_keys, allow)) != NULL)
|
||||
{
|
||||
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((g_key_file_get_boolean (metakey, "Environment", "ipc", NULL) || g_strv_contains (allow, "ipc")) &&
|
||||
!g_strv_contains (forbid, "ipc"))
|
||||
{
|
||||
g_debug ("Allowing ipc access");
|
||||
g_ptr_array_add (argv_array, g_strdup ("-i"));
|
||||
}
|
||||
|
||||
if (g_key_file_get_boolean (metakey, "Environment", "host-fs", NULL) &&
|
||||
if ((g_key_file_get_boolean (metakey, "Environment", "host-fs", NULL) || g_strv_contains (allow, "nost-fs")) &&
|
||||
!g_strv_contains (forbid, "host-fs"))
|
||||
{
|
||||
g_debug ("Allowing host-fs access");
|
||||
g_ptr_array_add (argv_array, g_strdup ("-f"));
|
||||
}
|
||||
|
||||
if (g_key_file_get_boolean (metakey, "Environment", "homedir", NULL) &&
|
||||
if ((g_key_file_get_boolean (metakey, "Environment", "homedir", NULL) || g_strv_contains (allow, "homedir")) &&
|
||||
!g_strv_contains (forbid, "homedir"))
|
||||
{
|
||||
g_debug ("Allowing homedir access");
|
||||
g_ptr_array_add (argv_array, g_strdup ("-H"));
|
||||
}
|
||||
|
||||
if (g_key_file_get_boolean (metakey, "Environment", "network", NULL) &&
|
||||
if ((g_key_file_get_boolean (metakey, "Environment", "network", NULL) || g_strv_contains (allow, "network")) &&
|
||||
!g_strv_contains (forbid, "network"))
|
||||
{
|
||||
g_debug ("Allowing network access");
|
||||
g_ptr_array_add (argv_array, g_strdup ("-n"));
|
||||
}
|
||||
|
||||
if (g_key_file_get_boolean (metakey, "Environment", "x11", NULL) &&
|
||||
if ((g_key_file_get_boolean (metakey, "Environment", "x11", NULL) || g_strv_contains (allow, "x11")) &&
|
||||
!g_strv_contains (forbid, "x11"))
|
||||
{
|
||||
g_debug ("Allowing x11 access");
|
||||
|
@ -463,28 +472,28 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError **
|
|||
xdg_app_run_add_no_x11_args (argv_array);
|
||||
}
|
||||
|
||||
if (g_key_file_get_boolean (metakey, "Environment", "wayland", NULL) &&
|
||||
if ((g_key_file_get_boolean (metakey, "Environment", "wayland", NULL) || g_strv_contains (allow, "wayland")) &&
|
||||
!g_strv_contains (forbid, "wayland"))
|
||||
{
|
||||
g_debug ("Allowing wayland access");
|
||||
xdg_app_run_add_wayland_args (argv_array);
|
||||
}
|
||||
|
||||
if (g_key_file_get_boolean (metakey, "Environment", "pulseaudio", NULL) &&
|
||||
if ((g_key_file_get_boolean (metakey, "Environment", "pulseaudio", NULL) || g_strv_contains (allow, "pulseaudio")) &&
|
||||
!g_strv_contains (forbid, "pulseaudio"))
|
||||
{
|
||||
g_debug ("Allowing pulseaudio access");
|
||||
xdg_app_run_add_pulseaudio_args (argv_array);
|
||||
}
|
||||
|
||||
if (g_key_file_get_boolean (metakey, "Environment", "system-dbus", NULL) &&
|
||||
if ((g_key_file_get_boolean (metakey, "Environment", "system-dbus", NULL) || g_strv_contains (allow, "system-dbus")) &&
|
||||
!g_strv_contains (forbid, "system-dbus"));
|
||||
{
|
||||
g_debug ("Allowing system-dbus access");
|
||||
xdg_app_run_add_system_dbus_args (argv_array);
|
||||
}
|
||||
|
||||
if (g_key_file_get_boolean (metakey, "Environment", "session-dbus", NULL) &&
|
||||
if ((g_key_file_get_boolean (metakey, "Environment", "session-dbus", NULL) || g_strv_contains (allow, "session-dbus")) &&
|
||||
!g_strv_contains (forbid, "session-dbus"))
|
||||
{
|
||||
g_debug ("Allowing session-dbus access");
|
||||
|
|
|
@ -76,4 +76,23 @@ g_key_file_save_to_file (GKeyFile *key_file,
|
|||
}
|
||||
#endif
|
||||
|
||||
/* Returns the first string in subset that is not in strv */
|
||||
static inline const gchar *
|
||||
g_strv_subset (const gchar * const *strv,
|
||||
const gchar * const *subset)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; subset[i]; i++)
|
||||
{
|
||||
const char *key;
|
||||
|
||||
key = subset[i];
|
||||
if (!g_strv_contains (strv, key))
|
||||
return key;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#endif /* __XDG_APP_UTILS_H__ */
|
||||
|
|
Loading…
Reference in New Issue