From 065053775b18e8a0f53cc94c1fb2b6cfa46cc0bc Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 19 Jun 2018 15:37:36 +0200
Subject: [PATCH] run: Never inherit permissions from the runtime

We want inherit environment variables, but not actual permissions,
those need to be requested by the app only.

Closes: #1799
Approved by: alexlarsson
---
 common/flatpak-context-private.h |  1 +
 common/flatpak-context.c         | 20 ++++++++++++++++++++
 common/flatpak-run.c             | 11 ++++++++---
 3 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/common/flatpak-context-private.h b/common/flatpak-context-private.h
index 18be96b8..ff850147 100644
--- a/common/flatpak-context-private.h
+++ b/common/flatpak-context-private.h
@@ -109,6 +109,7 @@ void           flatpak_context_add_bus_filters (FlatpakContext *context,
 gboolean       flatpak_context_get_needs_session_bus_proxy (FlatpakContext *context);
 gboolean       flatpak_context_get_needs_system_bus_proxy (FlatpakContext *context);
 
+void           flatpak_context_reset_permissions (FlatpakContext *context);
 void           flatpak_context_make_sandboxed (FlatpakContext *context);
 
 gboolean       flatpak_context_allows_features (FlatpakContext *context,
diff --git a/common/flatpak-context.c b/common/flatpak-context.c
index a216965c..241023d9 100644
--- a/common/flatpak-context.c
+++ b/common/flatpak-context.c
@@ -1793,6 +1793,26 @@ flatpak_context_add_bus_filters (FlatpakContext *context,
     }
 }
 
+void
+flatpak_context_reset_permissions (FlatpakContext *context)
+{
+  context->shares_valid = 0;
+  context->sockets_valid = 0;
+  context->devices_valid = 0;
+  context->features_valid = 0;
+
+  context->shares = 0;
+  context->sockets = 0;
+  context->devices = 0;
+  context->features = 0;
+
+  g_hash_table_remove_all (context->persistent);
+  g_hash_table_remove_all (context->filesystems);
+  g_hash_table_remove_all (context->session_bus_policy);
+  g_hash_table_remove_all (context->system_bus_policy);
+  g_hash_table_remove_all (context->generic_policy);
+}
+
 void
 flatpak_context_make_sandboxed (FlatpakContext *context)
 {
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 92926a13..93b10152 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -1549,9 +1549,14 @@ flatpak_app_compute_permissions (GKeyFile *app_metadata,
 
   app_context = flatpak_context_new ();
 
-  if (runtime_metadata != NULL &&
-      !flatpak_context_load_metadata (app_context, runtime_metadata, error))
-    return NULL;
+  if (runtime_metadata != NULL)
+    {
+      if (!flatpak_context_load_metadata (app_context, runtime_metadata, error))
+        return NULL;
+
+      /* Don't inherit any permissions from the runtime, only things like env vars. */
+      flatpak_context_reset_permissions (app_context);
+    }
 
   if (app_metadata != NULL &&
       !flatpak_context_load_metadata (app_context, app_metadata, error))