Alexander Larsson
931922c49d
build-finish: Don't export hidden or backup files
2015-09-11 11:00:10 +02:00
Alexander Larsson
90718549ee
run: Read per-app override metadata file
2015-09-09 16:31:49 +02:00
Alexander Larsson
6d98e56c55
run: Never propagate DISPLAY if X socket not requested
...
This is just confusing.
2015-09-09 16:31:07 +02:00
Alexander Larsson
4ca4f78483
document portal: Fix crashes when dbus activated
...
We handle the first message (the activating message) before we
have gotten the name aquired message. Make sure that this
is correctly handled.
2015-09-09 16:25:51 +02:00
Alexander Larsson
6abfb68faf
run: Correctly report errors talking to document portal
2015-09-09 15:37:45 +02:00
Alexander Larsson
5610b97455
XdgAppContext: Properly handle masking things from parent context
...
This allows you to use things like --nosocket in build-finish to
override runtime defaults. But it is also a building block for
later changes.
2015-09-09 14:11:05 +02:00
Alexander Larsson
07a12a145a
test-doc-portal: Add recursive file export test
2015-09-08 15:34:51 +02:00
Alexander Larsson
ab97ea7da6
test-doc-portal: Work around GTestDbus env unsetting
2015-09-08 15:34:21 +02:00
Alexander Larsson
8c04d2b532
fuse: Add some more debug spew
2015-09-08 15:33:55 +02:00
Alexander Larsson
d0773282a5
test-doc-portal: Fix unique boolean arg
2015-09-08 15:31:01 +02:00
Alexander Larsson
31837cdaa3
fuse: Drop DOC_DIR_INO_CLASS
...
We can just use a APP_DOC_DIR_INO_CLASS with app_id 0.
This gets rid of some duplicated code.
2015-09-08 15:23:18 +02:00
Alexander Larsson
42c6cd4574
document portal: Correctly handle recursive documents
...
I.e. if you pass in a document fd to the document portal we
reuse the existing id.
2015-09-08 14:53:14 +02:00
Alexander Larsson
fa3eb15580
export-file: Print the full document pathname
2015-09-08 14:52:43 +02:00
Alexander Larsson
af331d364f
document portal: Move locking explicitly into portal handlers
...
This is requires because do i/o on the passed in fd in add() and
if you pass in a fd on the fuse mount itself we deadlock.
2015-09-08 14:23:27 +02:00
Alexander Larsson
bbc6fa8835
document-portal: Allow dbus owner replacing
2015-09-08 12:18:14 +02:00
Alexander Larsson
ad9f05397e
fuse: Add some more debug spew
2015-09-08 11:15:31 +02:00
Alexander Larsson
bb6e476f62
fuse: Raise entry cache times now that we invalidate
2015-09-08 11:15:05 +02:00
Alexander Larsson
8fe6a115f6
fuse: Properly invalidate inodes and entries
2015-09-08 11:09:40 +02:00
Alexander Larsson
18cc81d8a7
test-doc-portal: Launch the portal manually
...
This allows us to get debug output
2015-09-08 09:49:33 +02:00
Alexander Larsson
44f295c088
fuse: Add daemonizing switch
...
This will be used for the tests
2015-09-08 09:47:32 +02:00
Alexander Larsson
8af69c93af
fuse: Unmount previous fuse instance if ENOTCONN
2015-09-08 09:33:44 +02:00
Alexander Larsson
d79935bd4a
Add minimal document portal tests
2015-09-07 17:17:44 +02:00
Alexander Larsson
ed2763a0da
export-file: Fix leak
2015-09-07 16:03:45 +02:00
Alexander Larsson
60fc11035e
db: Fix leak
2015-09-07 11:13:24 +02:00
Alexander Larsson
d50284c7a6
Add check-valgrind target
2015-09-07 11:13:21 +02:00
Alexander Larsson
2f115c89af
document-portal: Actually respect WRITE permissions
2015-09-04 17:00:37 +02:00
Alexander Larsson
4be7bdc0f5
export-files: Allow specifying app permissions
2015-09-04 15:39:03 +02:00
Alexander Larsson
6cf4d24a09
document-portal: Use xdg_app_is_valid_name() to validate app names
2015-09-04 14:50:02 +02:00
Alexander Larsson
7ad47c74ea
document-portals: Support unique documents
...
These document id will not be shared for multiple users. The main
difference is this this makes it safe for the creating app to delete
the document if he wants to (i.e. for temporary docs), and thus we can
grant this additional permission for the calling app.
2015-09-04 14:46:02 +02:00
Alexander Larsson
83201bd7e4
fuse: Always open files with O_NOFOLLOW
...
Following symlinks is risky as the sandbox may control them.
2015-09-04 14:16:45 +02:00
Alexander Larsson
0c07417d5f
Add debug output for release
2015-09-03 22:17:00 +02:00
Alexander Larsson
1f81b81b1a
Add xdg-app export-file to export files with the document portal
2015-09-03 22:17:00 +02:00
Alexander Larsson
04879fdea5
Store and verify parent dir dev/ino and pass O_PATH fds
...
In order to be robust against symlink attacks (i.e. make a document
for a path, then replace it with a symlink somewhere else and have the
portal read that instead) we store the parent dev/ino when we create
the document id and always verify that (atomically with the *at
syscalls) on each use.
Also, we pass O_PATH fds when creating documents, as it allows us
to be a bit safer. For instance we can verify that the fd is a O_PATH
fd before doing any ops on it, and it makes it possible to avoid other
symlink trickery.
Also, we drop the double add methods, and just use the O_PATH version.
2015-09-03 22:17:00 +02:00
Alexander Larsson
c0e480df94
Add xdg_app_mkstempat
...
This is like g_mkstemp except it uses openat
2015-09-03 22:17:00 +02:00
Alexander Larsson
4a298aeec3
fuse: Make filesystem multithreaded
...
This allows us to handle multiple apps better.
2015-09-03 22:16:43 +02:00
Alexander Larsson
58fb2c4e50
Markup AUTOLOCK with unused to avoid warnings
2015-09-03 22:16:43 +02:00
Colin Walters
8bbe3b3e41
helper: Add perf and ptrace to seccomp blacklist
...
Note that I copied this xdg-app blacklist into linux-user-chroot:
https://git.gnome.org/browse/linux-user-chroot/commit/?id=8cee4ab7345f126d1dec55b7ca1f28e8090a58d3
We should figure out a better way down the line to share code - maybe
we can share a setup-seccomp.c?
Possibly in the long run we'll end up with diverging blacklists, as
linux-user-chroot can be a lot more aggressive, as its primary
audience is build side, not generic applications. We'll see.
But in this patch I added a big comment on how we should share code,
and in particular credit sandstorm.io for some of these filters.
(Although they may have gotten some of them from Android or Chromium?)
Going back to the high level topic - let's add perf and ptrace to the
blacklist. We expect profiling to be done from a non-sandboxed
terminal, or a less-restricted IDE type process which can look at the
namespace of other apps and the desktop/kernel.
2015-09-02 09:08:06 +02:00
Alexander Larsson
6775dc1002
Use g_auto(GStrv) instead of glnx_strfreev
2015-08-31 09:51:48 +02:00
Colin Walters
bfeaccb822
Update libglnx, use its copy of backports
...
This fixes the build on GLib 2.42 at least - the conditionals for
g_strv_contains() weren't right. I'm trying to have libglnx also be a
centralized "glib backports" area, so having g_strv_contains() there
is better.
2015-08-31 09:40:45 +02:00
Colin Walters
0a6d02ec78
autogen: Fix git submodules
...
We don't have bsdiff here.
2015-08-31 09:40:45 +02:00
Alexander Larsson
f6657901c4
utils: Add AUTOLOCK macro
2015-08-27 19:42:15 +02:00
Alexander Larsson
d442e9bb4c
Fix const marking of string arrays.
2015-08-27 16:16:58 +02:00
Alexander Larsson
909aa7a762
Fix error check of policy parsing
2015-08-27 16:16:38 +02:00
Alexander Larsson
cbdd412d71
Fix type of return
2015-08-27 16:16:02 +02:00
Alexander Larsson
e5e5389bb3
dbus-proxy: Avoid clang warning
2015-08-27 16:15:35 +02:00
Alexander Larsson
53df418814
dbus-proxy: Fix incorrect check of name policy
...
It was checking against the wrong enum type
2015-08-27 16:14:48 +02:00
Alexander Larsson
f5aba30ade
dbus-proxy: Fix flags arg passed to g_socket_receive_message
...
This is an out param, not an in param
2015-08-27 16:13:49 +02:00
Alexander Larsson
52525f46fd
Remove ununsed variables reported by clang
2015-08-27 16:13:15 +02:00
Alexander Larsson
42012a7d5a
Drop the xdp specific errors and use the xdg-app ones
2015-08-27 10:40:58 +02:00
Alexander Larsson
b6355e1acb
Document portal: Store paths, not uris
...
There is no way to do this for generic uris anyway, lets not
pretend we're solving a larger problem.
2015-08-27 10:38:22 +02:00