From 5a8489cefe4caf025765fb2a89302e1a72221208 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Wed, 27 Jun 2018 19:38:47 -0400
Subject: [PATCH] Add a permission-set command

This command adds permissions for an app to one of the permission
store database(s).
---
 app/Makefile.am.inc                   |   1 +
 app/flatpak-builtins-permission-set.c | 221 ++++++++++++++++++++++++++
 app/flatpak-builtins.h                |   1 +
 app/flatpak-main.c                    |   1 +
 doc/Makefile.am                       |   1 +
 doc/flatpak-docs.xml.in               |   1 +
 doc/flatpak-permission-set.xml        | 104 ++++++++++++
 7 files changed, 330 insertions(+)
 create mode 100644 app/flatpak-builtins-permission-set.c
 create mode 100644 doc/flatpak-permission-set.xml

diff --git a/app/Makefile.am.inc b/app/Makefile.am.inc
index c566ff19..255c637e 100644
--- a/app/Makefile.am.inc
+++ b/app/Makefile.am.inc
@@ -102,6 +102,7 @@ flatpak_SOURCES = \
 	app/flatpak-builtins-document-info.c \
 	app/flatpak-builtins-document-list.c \
 	app/flatpak-builtins-permission-remove.c \
+	app/flatpak-builtins-permission-set.c \
 	app/flatpak-builtins-permission-list.c \
 	app/flatpak-builtins-permission-show.c \
 	app/flatpak-builtins-permission-reset.c \
diff --git a/app/flatpak-builtins-permission-set.c b/app/flatpak-builtins-permission-set.c
new file mode 100644
index 00000000..c217e1a9
--- /dev/null
+++ b/app/flatpak-builtins-permission-set.c
@@ -0,0 +1,221 @@
+/*
+ * Copyright © 2018 Red Hat, Inc
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Authors:
+ *       Matthias Clasen <mclasen@redhat.com>
+ */
+
+#include "config.h"
+
+#include <locale.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib/gi18n.h>
+
+#include "libglnx/libglnx.h"
+#include "flatpak-permission-dbus-generated.h"
+
+#include "flatpak-builtins.h"
+#include "flatpak-table-printer.h"
+#include "flatpak-utils-private.h"
+#include "flatpak-run-private.h"
+
+static GOptionEntry options[] = {
+  { NULL }
+};
+
+static const char *tables[] = { "documents", "notifications", "desktop-used-apps", "devices",
+                                "location", "inhibit", "background", NULL };
+static const char *notification_ids[] = { "notification", NULL };
+static const char *device_ids[] = { "speakers", "microphone", "camera", NULL };
+static const char *location_ids[] = { "location", NULL };
+static const char *inhibit_ids[] = { "inhibit", NULL };
+static const char *background_ids[] = { "background", NULL };
+
+static const char *document_perms[] = { "read", "write", "delete", "grant-permissions", NULL };
+static const char *notification_perms[] = { "yes", "no", NULL };
+static const char *device_perms[] = { "yes", "no", "ask", NULL };
+static const char *inhibit_perms[] = { "logout", "switch", "suspend", "idle", NULL };
+
+static const char **
+get_known_permission_tables (void)
+{
+  return tables;
+}
+
+static const char **
+get_known_ids_for_table (const char *table)
+{
+  if (strcmp (table, "notifications") == 0)
+    return notification_ids;
+  else if (strcmp (table, "devices") == 0)
+    return device_ids;
+  else if (strcmp (table, "location") == 0)
+    return location_ids;
+  else if (strcmp (table, "inhibit") == 0)
+    return inhibit_ids;
+  else if (strcmp (table, "background") == 0)
+    return background_ids;
+
+  return NULL;
+}
+
+static const char **
+get_permission_values_for_table (const char *table)
+{
+  if (strcmp (table, "devices") == 0)
+    return device_perms;
+  else if (strcmp (table, "documents") == 0)
+    return document_perms;
+  else if (strcmp (table, "notifications") == 0)
+    return notification_perms;
+  else if (strcmp (table, "inhibit") == 0)
+    return inhibit_perms;
+
+  return NULL;
+}
+
+gboolean
+flatpak_builtin_permission_set (int argc, char **argv,
+                                GCancellable *cancellable,
+                                GError **error)
+{
+  g_autoptr(GOptionContext) context = NULL;
+  g_autoptr(GDBusConnection) session_bus = NULL;
+  XdpDbusPermissionStore *store = NULL;
+  const char *table;
+  const char *id;
+  const char *app_id;
+  const char **perms;
+
+  context = g_option_context_new (_("TABLE ID APP_ID [PERMISSION...] - Set permissions"));
+  g_option_context_set_translation_domain (context, GETTEXT_PACKAGE);
+
+  if (!flatpak_option_context_parse (context, options, &argc, &argv,
+                                     FLATPAK_BUILTIN_FLAG_NO_DIR,
+                                     NULL, cancellable, error))
+    return FALSE;
+
+  if (argc < 4)
+    return usage_error (context, _("Too few arguments"), error);
+
+  table = argv[1];
+  id = argv[2];
+  app_id = argv[3];
+  perms = (const char **)&argv[4];
+
+  session_bus = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, error);
+  if (session_bus == NULL)
+    return FALSE;
+
+  store = xdp_dbus_permission_store_proxy_new_sync (session_bus, 0,
+                                                    "org.freedesktop.impl.portal.PermissionStore",
+                                                    "/org/freedesktop/impl/portal/PermissionStore",
+                                                    NULL, error);
+  if (store == NULL)
+    return FALSE;
+
+  if (!xdp_dbus_permission_store_call_set_permission_sync (store, table, TRUE,
+                                                           id, app_id, perms, 
+                                                           NULL, error))
+    return FALSE;
+
+  return TRUE;
+}
+
+gboolean
+flatpak_complete_permission_set (FlatpakCompletion *completion)
+{
+  g_autoptr(GOptionContext) context = NULL;
+  g_autoptr(GDBusConnection) session_bus = NULL;
+  XdpDbusPermissionStore *store = NULL;
+  int i;
+
+  context = g_option_context_new ("");
+
+  if (!flatpak_option_context_parse (context, options, &completion->argc, &completion->argv,
+                                     FLATPAK_BUILTIN_FLAG_NO_DIR, NULL, NULL, NULL))
+    return FALSE;
+
+  session_bus = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL);
+  if (session_bus == NULL)
+    return FALSE;
+
+  store = xdp_dbus_permission_store_proxy_new_sync (session_bus, 0,
+                                                    "org.freedesktop.impl.portal.PermissionStore",
+                                                    "/org/freedesktop/impl/portal/PermissionStore",
+                                                    NULL, NULL);
+
+  if (store == NULL)
+    return FALSE;
+
+  switch (completion->argc)
+    {
+    case 0:
+    case 1: /* TABLE */
+      flatpak_complete_options (completion, global_entries);
+      flatpak_complete_options (completion, options);
+
+      {
+        const char **tables = get_known_permission_tables ();
+        for (i = 0; tables != NULL && tables[i] != NULL; i++)
+          {
+            flatpak_complete_word (completion, "%s ", tables[i]);
+          }
+      }
+
+      break;
+
+    case 2:
+      {
+        const char **ids = get_known_ids_for_table (completion->argv[1]);
+        for (i = 0; ids != NULL && ids[i] != NULL; i++)
+          {
+            flatpak_complete_word (completion, "%s ", ids[i]);
+          }
+      }
+
+      break;
+
+    case 3:
+      flatpak_complete_partial_ref (completion, FLATPAK_KINDS_APP, FALSE, flatpak_dir_get_user (), NULL);
+      flatpak_complete_partial_ref (completion, FLATPAK_KINDS_APP, FALSE, flatpak_dir_get_system_default (), NULL);
+      break;
+
+    default:
+      {
+        const char **vals = get_permission_values_for_table (completion->argv[1]);
+        for (i = 0; vals != NULL && vals[i] != NULL; i++)
+          {
+            int j;
+            for (j = 4; j < completion->argc; j++)
+              {
+                if (strcmp (completion->argv[j], vals[i]) == 0)
+                  break;
+              }
+            if (j == completion->argc)
+              flatpak_complete_word (completion, "%s ", vals[i]);
+          }
+      }
+
+      break;
+    }
+
+  return TRUE;
+}
diff --git a/app/flatpak-builtins.h b/app/flatpak-builtins.h
index e2c51f32..1fd9c9e5 100644
--- a/app/flatpak-builtins.h
+++ b/app/flatpak-builtins.h
@@ -109,6 +109,7 @@ BUILTINPROTO (document_unexport)
 BUILTINPROTO (document_info)
 BUILTINPROTO (document_list)
 BUILTINPROTO (permission_remove)
+BUILTINPROTO (permission_set)
 BUILTINPROTO (permission_list)
 BUILTINPROTO (permission_show)
 BUILTINPROTO (permission_reset)
diff --git a/app/flatpak-main.c b/app/flatpak-main.c
index 07828e9f..15a95c00 100644
--- a/app/flatpak-main.c
+++ b/app/flatpak-main.c
@@ -111,6 +111,7 @@ static FlatpakCommand commands[] = {
   { "permissions", N_("List permissions"), flatpak_builtin_permission_list, flatpak_complete_permission_list },
   { "permission-remove", N_("Remove item from permission store"), flatpak_builtin_permission_remove, flatpak_complete_permission_remove },
   { "permission-list", NULL, flatpak_builtin_permission_list, flatpak_complete_permission_list, TRUE },
+  { "permission-set", N_("Set permissions"), flatpak_builtin_permission_set, flatpak_complete_permission_set },
   { "permission-show", N_("Show app permissions"), flatpak_builtin_permission_show, flatpak_complete_permission_show },
   { "permission-reset", N_("Reset app permissions"), flatpak_builtin_permission_reset, flatpak_complete_permission_reset },
 
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 31d0dae2..36ef2783 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -45,6 +45,7 @@ man1 = \
 	flatpak-permissions.1		\
 	flatpak-permission-show.1	\
 	flatpak-permission-reset.1	\
+	flatpak-permission-set.1	\
 	flatpak-build-init.1		\
 	flatpak-build.1			\
 	flatpak-build-bundle.1		\
diff --git a/doc/flatpak-docs.xml.in b/doc/flatpak-docs.xml.in
index f236d0e6..0665c73f 100644
--- a/doc/flatpak-docs.xml.in
+++ b/doc/flatpak-docs.xml.in
@@ -51,6 +51,7 @@
       <xi:include href="@srcdir@/flatpak-permissions.xml"/>
       <xi:include href="@srcdir@/flatpak-permission-show.xml"/>
       <xi:include href="@srcdir@/flatpak-permission-reset.xml"/>
+      <xi:include href="@srcdir@/flatpak-permission-set.xml"/>
       <xi:include href="@srcdir@/flatpak-ps.xml"/>
       <xi:include href="@srcdir@/flatpak-remote-add.xml"/>
       <xi:include href="@srcdir@/flatpak-remote-delete.xml"/>
diff --git a/doc/flatpak-permission-set.xml b/doc/flatpak-permission-set.xml
new file mode 100644
index 00000000..1fb3b7ee
--- /dev/null
+++ b/doc/flatpak-permission-set.xml
@@ -0,0 +1,104 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+    "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<refentry id="flatpak-permission-set">
+
+    <refentryinfo>
+        <title>flatpak permission-set</title>
+        <productname>flatpak</productname>
+
+        <authorgroup>
+            <author>
+                <contrib>Developer</contrib>
+                <firstname>Matthias</firstname>
+                <surname>Clasen</surname>
+                <email>mclasen@redhat.com</email>
+            </author>
+        </authorgroup>
+    </refentryinfo>
+
+    <refmeta>
+        <refentrytitle>flatpak permission-set</refentrytitle>
+        <manvolnum>1</manvolnum>
+    </refmeta>
+
+    <refnamediv>
+        <refname>flatpak-permission-set</refname>
+        <refpurpose>Set permissions</refpurpose>
+    </refnamediv>
+
+    <refsynopsisdiv>
+            <cmdsynopsis>
+                <command>flatpak permission-set</command>
+                <arg choice="opt" rep="repeat">OPTION</arg>
+                <arg choice="plain">TABLE</arg>
+                <arg choice="plain">ID</arg>
+                <arg choice="plain">APP_ID</arg>
+                <arg choice="opt" rep="repeat">PERMISSION</arg>
+            </cmdsynopsis>
+    </refsynopsisdiv>
+
+    <refsect1>
+        <title>Description</title>
+
+        <para>
+          Set the permissions for an application in an entry in the permission store.
+          The entry is identified by TABLE and ID, the application is identified by
+          APP_ID. The PERMISSION strings must be in a format suitable for the table.
+        </para>
+        <para>
+          The permission store is used by portals.
+          Each portal generally has its own table in the permission
+          store, and the format of the table entries is specific to
+          each portal.
+        </para>
+
+    </refsect1>
+
+    <refsect1>
+        <title>Options</title>
+
+        <para>The following options are understood:</para>
+
+        <variablelist>
+            <varlistentry>
+                <term><option>-h</option></term>
+                <term><option>--help</option></term>
+
+                <listitem><para>
+                    Show help options and exit.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>-v</option></term>
+                <term><option>--verbose</option></term>
+
+                <listitem><para>
+                    Print debug information during command processing.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>--ostree-verbose</option></term>
+
+                <listitem><para>
+                    Print OSTree debug information during command processing.
+                </para></listitem>
+            </varlistentry>
+        </variablelist>
+    </refsect1>
+
+    <refsect1>
+        <title>See also</title>
+
+        <para>
+            <citerefentry><refentrytitle>flatpak</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>flatpak-permissions</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>flatpak-permission-add</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+        </para>
+
+    </refsect1>
+
+</refentry>