context: Consider a11y policies too

When merging, marking a context as sandboxed, etc, also propagate and apply the a11y policies stored. Fixes 915bbfb294
2026-03-26 02:45:15 -04:00 · 2024-10-01 17:00:36 -03:00
parent 0785f890af
commit 3d04db0734
2 changed files with 24 additions and 0 deletions
--- a/common/flatpak-context.c
+++ b/common/flatpak-context.c
@@ -1034,6 +1034,10 @@ flatpak_context_merge (FlatpakContext *context,
  while (g_hash_table_iter_next (&iter, &key, &value))
    g_hash_table_insert (context->system_bus_policy, g_strdup (key), value);

+  g_hash_table_iter_init (&iter, other->a11y_bus_policy);
+  while (g_hash_table_iter_next (&iter, &key, &value))
+    g_hash_table_insert (context->a11y_bus_policy, g_strdup (key), value);
+
  g_hash_table_iter_init (&iter, other->generic_policy);
  while (g_hash_table_iter_next (&iter, &key, &value))
    {
@@ -2076,6 +2080,20 @@ flatpak_context_save_metadata (FlatpakContext *context,
                             (char *) key, flatpak_policy_to_string (policy));
    }

+  g_key_file_remove_group (metakey, FLATPAK_METADATA_GROUP_A11Y_BUS_POLICY, NULL);
+  g_hash_table_iter_init (&iter, context->a11y_bus_policy);
+  while (g_hash_table_iter_next (&iter, &key, &value))
+    {
+      FlatpakPolicy policy = GPOINTER_TO_INT (value);
+
+      if (flatten && (policy == 0))
+        continue;
+
+      g_key_file_set_string (metakey,
+                             FLATPAK_METADATA_GROUP_A11Y_BUS_POLICY,
+                             (char *) key, flatpak_policy_to_string (policy));
+    }
+
  /* Elements are borrowed from context->env_vars */
  unset_env = g_ptr_array_new ();

@@ -2286,6 +2304,9 @@ flatpak_context_adds_permissions (FlatpakContext *old,
  if (adds_bus_policy (old->system_bus_policy, new->system_bus_policy))
    return TRUE;

+  if (adds_bus_policy (old->a11y_bus_policy, new->a11y_bus_policy))
+    return TRUE;
+
  if (adds_generic_policy (old->generic_policy, new->generic_policy))
    return TRUE;

@@ -2457,6 +2478,7 @@ flatpak_context_reset_permissions (FlatpakContext *context)
  g_hash_table_remove_all (context->filesystems);
  g_hash_table_remove_all (context->session_bus_policy);
  g_hash_table_remove_all (context->system_bus_policy);
+  g_hash_table_remove_all (context->a11y_bus_policy);
  g_hash_table_remove_all (context->generic_policy);
 }

@@ -2480,6 +2502,7 @@ flatpak_context_make_sandboxed (FlatpakContext *context)
  g_hash_table_remove_all (context->filesystems);
  g_hash_table_remove_all (context->session_bus_policy);
  g_hash_table_remove_all (context->system_bus_policy);
+  g_hash_table_remove_all (context->a11y_bus_policy);
  g_hash_table_remove_all (context->generic_policy);
 }

--- a/common/flatpak-metadata-private.h
+++ b/common/flatpak-metadata-private.h
@@ -67,6 +67,7 @@ G_BEGIN_DECLS

 #define FLATPAK_METADATA_GROUP_SESSION_BUS_POLICY "Session Bus Policy"
 #define FLATPAK_METADATA_GROUP_SYSTEM_BUS_POLICY "System Bus Policy"
+#define FLATPAK_METADATA_GROUP_A11Y_BUS_POLICY "Accessibility Bus Policy"
 #define FLATPAK_METADATA_GROUP_PREFIX_POLICY "Policy "
 #define FLATPAK_METADATA_GROUP_ENVIRONMENT "Environment"