marko10_000
/
flatpak-builder
forked from Mirrors/flatpak-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move allow/forbid env setup to xdg-app-run.c

tingping/wmclass
Alexander Larsson 2015-02-13 10:41:01 +01:00
parent 453423c350
commit cedcd0ab2b
3 changed files with 100 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
xdg-app-builtins-run.c
View File

@ -155,9 +155,6 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError **
const char *command = "/bin/sh";
int i;
int rest_argv_start, rest_argc;
const char *no_opts[1] = { NULL };
const char **allow;
const char **forbid;
context = g_option_context_new ("APP [args...] - Run an app");
@ -310,88 +307,15 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError **
}
}
if (opt_forbid)
forbid = (const char **)opt_forbid;
else
forbid = no_opts;
if (!xdg_app_run_verify_environment_keys (forbid, error))
if (!xdg_app_run_verify_environment_keys ((const char **)opt_forbid, error))
goto out;
if (opt_allow)
allow = (const char **)opt_allow;
else
allow = no_opts;
if (!xdg_app_run_verify_environment_keys (allow, error))
if (!xdg_app_run_verify_environment_keys ((const char **)opt_allow, error))
goto out;
if ((g_key_file_get_boolean (metakey, "Environment", "ipc", NULL) || g_strv_contains (allow, "ipc")) &&
!g_strv_contains (forbid, "ipc"))
{
g_debug ("Allowing ipc access");
g_ptr_array_add (argv_array, g_strdup ("-i"));
}
if ((g_key_file_get_boolean (metakey, "Environment", "host-fs", NULL) || g_strv_contains (allow, "nost-fs")) &&
!g_strv_contains (forbid, "host-fs"))
{
g_debug ("Allowing host-fs access");
g_ptr_array_add (argv_array, g_strdup ("-f"));
}
if ((g_key_file_get_boolean (metakey, "Environment", "homedir", NULL) || g_strv_contains (allow, "homedir")) &&
!g_strv_contains (forbid, "homedir"))
{
g_debug ("Allowing homedir access");
g_ptr_array_add (argv_array, g_strdup ("-H"));
}
if ((g_key_file_get_boolean (metakey, "Environment", "network", NULL) || g_strv_contains (allow, "network")) &&
!g_strv_contains (forbid, "network"))
{
g_debug ("Allowing network access");
g_ptr_array_add (argv_array, g_strdup ("-n"));
}
if ((g_key_file_get_boolean (metakey, "Environment", "x11", NULL) || g_strv_contains (allow, "x11")) &&
!g_strv_contains (forbid, "x11"))
{
g_debug ("Allowing x11 access");
xdg_app_run_add_x11_args (argv_array);
}
else
{
xdg_app_run_add_no_x11_args (argv_array);
}
if ((g_key_file_get_boolean (metakey, "Environment", "wayland", NULL) || g_strv_contains (allow, "wayland")) &&
!g_strv_contains (forbid, "wayland"))
{
g_debug ("Allowing wayland access");
xdg_app_run_add_wayland_args (argv_array);
}
if ((g_key_file_get_boolean (metakey, "Environment", "pulseaudio", NULL) || g_strv_contains (allow, "pulseaudio")) &&
!g_strv_contains (forbid, "pulseaudio"))
{
g_debug ("Allowing pulseaudio access");
xdg_app_run_add_pulseaudio_args (argv_array);
}
if ((g_key_file_get_boolean (metakey, "Environment", "system-dbus", NULL) || g_strv_contains (allow, "system-dbus")) &&
!g_strv_contains (forbid, "system-dbus"));
{
g_debug ("Allowing system-dbus access");
xdg_app_run_add_system_dbus_args (argv_array);
}
if ((g_key_file_get_boolean (metakey, "Environment", "session-dbus", NULL) || g_strv_contains (allow, "session-dbus")) &&
!g_strv_contains (forbid, "session-dbus"))
{
g_debug ("Allowing session-dbus access");
xdg_app_run_add_session_dbus_args (argv_array);
}
xdg_app_run_add_environment_args (argv_array, metakey,
(const char **)opt_allow,
(const char **)opt_forbid);
g_ptr_array_add (argv_array, g_strdup ("-a"));
g_ptr_array_add (argv_array, g_file_get_path (app_files));

85
xdg-app-run.c
View File

@ -20,6 +20,9 @@ xdg_app_run_verify_environment_keys (const char **keys,
"network", "host-fs", "homedir", NULL
};
if (keys == NULL)
return TRUE;
if ((key = g_strv_subset (environment_keys, keys)) != NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
@ -139,3 +142,85 @@ xdg_app_run_add_session_dbus_args (GPtrArray *argv_array)
g_ptr_array_add (argv_array, dbus_session_socket);
}
}
void
xdg_app_run_add_environment_args (GPtrArray *argv_array,
GKeyFile *metakey,
const char **allow,
const char **forbid)
{
const char *no_opts[1] = { NULL };
if (allow == NULL)
allow = no_opts;
if (forbid == NULL)
forbid = no_opts;
if ((g_key_file_get_boolean (metakey, "Environment", "ipc", NULL) || g_strv_contains (allow, "ipc")) &&
!g_strv_contains (forbid, "ipc"))
{
g_debug ("Allowing ipc access");
g_ptr_array_add (argv_array, g_strdup ("-i"));
}
if ((g_key_file_get_boolean (metakey, "Environment", "host-fs", NULL) || g_strv_contains (allow, "nost-fs")) &&
!g_strv_contains (forbid, "host-fs"))
{
g_debug ("Allowing host-fs access");
g_ptr_array_add (argv_array, g_strdup ("-f"));
}
if ((g_key_file_get_boolean (metakey, "Environment", "homedir", NULL) || g_strv_contains (allow, "homedir")) &&
!g_strv_contains (forbid, "homedir"))
{
g_debug ("Allowing homedir access");
g_ptr_array_add (argv_array, g_strdup ("-H"));
}
if ((g_key_file_get_boolean (metakey, "Environment", "network", NULL) || g_strv_contains (allow, "network")) &&
!g_strv_contains (forbid, "network"))
{
g_debug ("Allowing network access");
g_ptr_array_add (argv_array, g_strdup ("-n"));
}
if ((g_key_file_get_boolean (metakey, "Environment", "x11", NULL) || g_strv_contains (allow, "x11")) &&
!g_strv_contains (forbid, "x11"))
{
g_debug ("Allowing x11 access");
xdg_app_run_add_x11_args (argv_array);
}
else
{
xdg_app_run_add_no_x11_args (argv_array);
}
if ((g_key_file_get_boolean (metakey, "Environment", "wayland", NULL) || g_strv_contains (allow, "wayland")) &&
!g_strv_contains (forbid, "wayland"))
{
g_debug ("Allowing wayland access");
xdg_app_run_add_wayland_args (argv_array);
}
if ((g_key_file_get_boolean (metakey, "Environment", "pulseaudio", NULL) || g_strv_contains (allow, "pulseaudio")) &&
!g_strv_contains (forbid, "pulseaudio"))
{
g_debug ("Allowing pulseaudio access");
xdg_app_run_add_pulseaudio_args (argv_array);
}
if ((g_key_file_get_boolean (metakey, "Environment", "system-dbus", NULL) || g_strv_contains (allow, "system-dbus")) &&
!g_strv_contains (forbid, "system-dbus"))
{
g_debug ("Allowing system-dbus access");
xdg_app_run_add_system_dbus_args (argv_array);
}
if ((g_key_file_get_boolean (metakey, "Environment", "session-dbus", NULL) || g_strv_contains (allow, "session-dbus")) &&
!g_strv_contains (forbid, "session-dbus"))
{
g_debug ("Allowing session-dbus access");
xdg_app_run_add_session_dbus_args (argv_array);
}
}

16
xdg-app-run.h
View File

@ -2,13 +2,17 @@
#define __XDG_APP_RUN_H__
gboolean xdg_app_run_verify_environment_keys (const char **keys,
GError **error);
GError **error);
void xdg_app_run_add_environment_args (GPtrArray *argv_array,
GKeyFile *metakey,
const char **allow,
const char **forbid);
void xdg_app_run_add_x11_args (GPtrArray *argv_array);
void xdg_app_run_add_no_x11_args (GPtrArray *argv_array);
void xdg_app_run_add_wayland_args (GPtrArray *argv_array);
void xdg_app_run_add_pulseaudio_args (GPtrArray *argv_array);
void xdg_app_run_add_system_dbus_args (GPtrArray *argv_array);
void xdg_app_run_add_x11_args (GPtrArray *argv_array);
void xdg_app_run_add_no_x11_args (GPtrArray *argv_array);
void xdg_app_run_add_wayland_args (GPtrArray *argv_array);
void xdg_app_run_add_pulseaudio_args (GPtrArray *argv_array);
void xdg_app_run_add_system_dbus_args (GPtrArray *argv_array);
void xdg_app_run_add_session_dbus_args (GPtrArray *argv_array);
#endif /* __XDG_APP_RUN_H__ */