From 8281e614cec3f8af676d05118bf3f451ddf13fe2 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 10 Jun 2016 15:57:45 -0400 Subject: [PATCH] flatpak: Add a way to revoke privileges for exported documents This adds --forbid-read, --forbid-write, --forbid-delete and --forbid-grant-permissons options to flatpaks document-export command, to let it revoke permissions on exported documents. --- app/flatpak-builtins-document-export.c | 43 +++++++++++++++++---- doc/flatpak-document-export.xml | 53 +++++++++++++++++++++++--- 2 files changed, 84 insertions(+), 12 deletions(-) diff --git a/app/flatpak-builtins-document-export.c b/app/flatpak-builtins-document-export.c index e06d11a7..ecac5d56 100644 --- a/app/flatpak-builtins-document-export.c +++ b/app/flatpak-builtins-document-export.c @@ -37,21 +37,31 @@ #include "flatpak-run.h" static gboolean opt_unique = FALSE; -static gboolean opt_allow_write = FALSE; -static gboolean opt_allow_delete = FALSE; static gboolean opt_transient = FALSE; static gboolean opt_noexist = FALSE; +static gboolean opt_allow_read = TRUE; +static gboolean opt_forbid_read = FALSE; +static gboolean opt_allow_write = FALSE; +static gboolean opt_forbid_write = FALSE; +static gboolean opt_allow_delete = FALSE; +static gboolean opt_forbid_delete = FALSE; static gboolean opt_allow_grant_permissions = FALSE; +static gboolean opt_forbid_grant_permissions = FALSE; static char **opt_apps = NULL; static GOptionEntry options[] = { { "unique", 'u', 0, G_OPTION_ARG_NONE, &opt_unique, "Create a unique document reference", NULL }, { "transient", 't', 0, G_OPTION_ARG_NONE, &opt_transient, "Make the document transient for the current session", NULL }, { "noexist", 'n', 0, G_OPTION_ARG_NONE, &opt_noexist, "Don't require the file to exist already", NULL }, + { "allow-read", 'r', 0, G_OPTION_ARG_NONE, &opt_allow_read, "Give the app read permissions", NULL }, { "allow-write", 'w', 0, G_OPTION_ARG_NONE, &opt_allow_write, "Give the app write permissions", NULL }, - { "allow-delete", 'd', 0, G_OPTION_ARG_NONE, &opt_allow_delete, "Give the app permissions to delete the document id", NULL }, - { "allow-grant-permission", 'd', 0, G_OPTION_ARG_NONE, &opt_allow_grant_permissions, "Give the app permissions to grant furthern permissions", NULL }, - { "app", 'a', 0, G_OPTION_ARG_STRING_ARRAY, &opt_apps, "Add permissions for this app", NULL }, + { "allow-delete", 'd', 0, G_OPTION_ARG_NONE, &opt_allow_delete, "Give the app delete permissions", NULL }, + { "allow-grant-permission", 'g', 0, G_OPTION_ARG_NONE, &opt_allow_grant_permissions, "Give the app permissions to grant further permissions", NULL }, + { "forbid-read", 0, 0, G_OPTION_ARG_NONE, &opt_forbid_read, "Revoke read permissions of the app", NULL }, + { "forbid-write", 0, 0, G_OPTION_ARG_NONE, &opt_forbid_write, "Revoke write permissions of the app", NULL }, + { "forbid-delete", 0, 0, G_OPTION_ARG_NONE, &opt_forbid_delete, "Revoke delete permissions of the app", NULL }, + { "forbid-grant-permission", 0, 0, G_OPTION_ARG_NONE, &opt_forbid_grant_permissions, "Revoke the permission to grant further permissions", NULL }, + { "app", 'a', 0, G_OPTION_ARG_STRING_ARRAY, &opt_apps, "Add permissions for this app", "APPID" }, { NULL } }; @@ -64,6 +74,7 @@ flatpak_builtin_document_export (int argc, char **argv, g_autoptr(GVariant) reply = NULL; g_autoptr(GDBusConnection) session_bus = NULL; g_autoptr(GPtrArray) permissions = NULL; + g_autoptr(GPtrArray) revocations = NULL; const char *file; g_autofree char *mountpoint = NULL; g_autofree char *basename = NULL; @@ -157,8 +168,8 @@ flatpak_builtin_document_export (int argc, char **argv, g_variant_get (reply, "(&s)", &doc_id); permissions = g_ptr_array_new (); - - g_ptr_array_add (permissions, "read"); + if (opt_allow_read) + g_ptr_array_add (permissions, "read"); if (opt_allow_write) g_ptr_array_add (permissions, "write"); if (opt_allow_delete) @@ -167,6 +178,17 @@ flatpak_builtin_document_export (int argc, char **argv, g_ptr_array_add (permissions, "grant-permissions"); g_ptr_array_add (permissions, NULL); + revocations = g_ptr_array_new (); + if (opt_forbid_read) + g_ptr_array_add (revocations, "read"); + if (opt_forbid_write) + g_ptr_array_add (revocations, "write"); + if (opt_forbid_delete) + g_ptr_array_add (revocations, "delete"); + if (opt_forbid_grant_permissions) + g_ptr_array_add (revocations, "grant-permissions"); + g_ptr_array_add (revocations, NULL); + for (i = 0; opt_apps != NULL && opt_apps[i] != NULL; i++) { if (!xdp_dbus_documents_call_grant_permissions_sync (documents, @@ -177,6 +199,13 @@ flatpak_builtin_document_export (int argc, char **argv, error)) return FALSE; + if (!xdp_dbus_documents_call_revoke_permissions_sync (documents, + doc_id, + opt_apps[i], + (const char **) revocations->pdata, + NULL, + error)) + return FALSE; } doc_path = g_build_filename (mountpoint, doc_id, basename, NULL); diff --git a/doc/flatpak-document-export.xml b/doc/flatpak-document-export.xml index da0881f7..40108c3d 100644 --- a/doc/flatpak-document-export.xml +++ b/doc/flatpak-document-export.xml @@ -47,8 +47,8 @@ This command also lets you modify the per-application - permissions of the documents, granting access to the - file on a per-application basis. + permissions of the documents, granting or revoking access + to the file on a per-application basis. @@ -91,6 +91,24 @@ Grant read access to the specified application. + This option can be used multiple times. + + + + + + + + Grant read access to the applications specified with --app. + This defaults to TRUE. + + + + + + + + Revoke read access for the applications specified with --app. @@ -98,7 +116,15 @@ - Also grant write access to the applications specified with --app. + Grant write access to the applications specified with --app. + + + + + + + + Revoke write access for the applications specified with --app. @@ -106,7 +132,15 @@ - Also grant the ability to delete a document id to the applications specified with --app. + Grant the ability to delete a document id to the applications specified with --app. + + + + + + + + Remove the ability to delete a document id from the applications specified with --app. @@ -114,7 +148,15 @@ - Also grant the ability further grant permissions to the applications specified with --app. + Grant the ability to grant further permissions to the applications specified with --app. + + + + + + + + Revoke the ability to grant further permissions for the applications specified with --app. @@ -160,3 +202,4 @@ +