mirror of
https://github.com/flatpak/flatpak.git
synced 2026-03-19 23:48:25 -04:00
document-portal: *always* use the by-app location
This is better as you can't accidentally access another apps docs (although you can still see the backing real files)
This commit is contained in:
Alexander Larsson
@@ -24,7 +24,6 @@
|
||||
"org.gnome.gedit/" (APP_DIR:app id)
|
||||
"$id/" (APP_DOC_DIR:app_id<<32|doc_id)
|
||||
<same as DOC_DIR>
|
||||
"in-homedir/" (APP_DOC_DIR:1)
|
||||
"$id" (DOC_DIR:doc_idid)
|
||||
$basename (DOC_FILE:doc_id)
|
||||
$tmpfile (TMPFILE:tmp_id)
|
||||
@@ -32,8 +31,6 @@
|
||||
|
||||
#define BY_APP_INO 2
|
||||
|
||||
#define IN_HOMEDIR_APP_ID 1
|
||||
|
||||
#define NON_DOC_DIR_PERMS 0500
|
||||
#define DOC_DIR_PERMS 0700
|
||||
|
||||
@@ -56,7 +53,6 @@ typedef enum {
|
||||
} XdpInodeClass;
|
||||
|
||||
#define BY_APP_NAME "by-app"
|
||||
#define IN_HOMEDIR_NAME "in-homedir"
|
||||
|
||||
static XdpDocDb *db;
|
||||
|
||||
@@ -302,18 +298,11 @@ static gboolean
|
||||
app_can_see_doc (GVariant *doc, guint32 app_id)
|
||||
{
|
||||
const char *app_name = get_app_name_from_id (app_id);
|
||||
|
||||
if (app_name != NULL &&
|
||||
xdp_doc_has_permissions (doc, app_name, XDP_PERMISSION_FLAGS_READ))
|
||||
return TRUE;
|
||||
|
||||
if (app_id == IN_HOMEDIR_APP_ID)
|
||||
{
|
||||
g_autofree char *path = xdp_doc_dup_path (doc);
|
||||
|
||||
if (g_str_has_prefix (path, g_get_home_dir ()))
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -353,7 +342,7 @@ xdp_stat (fuse_ino_t ino,
|
||||
break;
|
||||
|
||||
case APP_DIR_INO_CLASS:
|
||||
if (class_ino != IN_HOMEDIR_APP_ID && get_app_name_from_id (class_ino) == 0)
|
||||
if (get_app_name_from_id (class_ino) == 0)
|
||||
return ENOENT;
|
||||
|
||||
stbuf->st_mode = S_IFDIR | NON_DOC_DIR_PERMS;
|
||||
@@ -366,8 +355,7 @@ xdp_stat (fuse_ino_t ino,
|
||||
guint32 doc_id = get_doc_id_from_app_doc_ino (class_ino);
|
||||
|
||||
doc = xdp_doc_db_lookup_doc (db, doc_id);
|
||||
if (doc == NULL ||
|
||||
!app_can_see_doc (doc, app_id))
|
||||
if (doc == NULL || !app_can_see_doc (doc, app_id))
|
||||
return ENOENT;
|
||||
|
||||
stbuf->st_mode = S_IFDIR | DOC_DIR_PERMS;
|
||||
@@ -543,12 +531,6 @@ xdp_lookup (fuse_ino_t parent,
|
||||
if (xdp_stat (*inode, stbuf, NULL) == 0)
|
||||
return 0;
|
||||
}
|
||||
else if (strcmp (name, IN_HOMEDIR_NAME) == 0)
|
||||
{
|
||||
*inode = make_inode (APP_DIR_INO_CLASS, IN_HOMEDIR_APP_ID);
|
||||
if (xdp_stat (*inode, stbuf, NULL) == 0)
|
||||
return 0;
|
||||
}
|
||||
else if (name_looks_like_id (name))
|
||||
{
|
||||
*inode = make_inode (DOC_DIR_INO_CLASS,
|
||||
@@ -813,8 +795,6 @@ xdp_fuse_opendir (fuse_req_t req,
|
||||
dirbuf_add (req, &b, "..", FUSE_ROOT_ID);
|
||||
dirbuf_add (req, &b, BY_APP_NAME,
|
||||
make_inode (STD_DIRS_INO_CLASS, BY_APP_INO));
|
||||
dirbuf_add (req, &b, IN_HOMEDIR_NAME,
|
||||
make_inode (APP_DIR_INO_CLASS, IN_HOMEDIR_APP_ID));
|
||||
dirbuf_add_docs (req, &b, 0);
|
||||
break;
|
||||
|
||||
@@ -1757,7 +1737,7 @@ xdp_fuse_init (XdpDocDb *_db,
|
||||
g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
|
||||
app_id_to_name =
|
||||
g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, NULL);
|
||||
next_app_id = IN_HOMEDIR_APP_ID + 1;
|
||||
next_app_id = 1;
|
||||
next_tmp_id = 1;
|
||||
|
||||
mount_path = g_build_filename (g_get_user_runtime_dir(), "doc", NULL);
|
||||
|
||||
@@ -1104,34 +1104,17 @@ xdg_app_run_add_environment_args (GPtrArray *argv_array,
|
||||
g_debug ("Allowing host-fs access");
|
||||
opts[i++] = 'f';
|
||||
home_access = TRUE;
|
||||
|
||||
if (doc_mount_path)
|
||||
{
|
||||
g_ptr_array_add (argv_array, g_strdup ("-b"));
|
||||
g_ptr_array_add (argv_array, g_strdup_printf ("/run/user/%d/doc=%s", getuid(), doc_mount_path));
|
||||
}
|
||||
}
|
||||
else if (g_hash_table_lookup (context->filesystems, "home"))
|
||||
{
|
||||
g_debug ("Allowing homedir access");
|
||||
opts[i++] = 'H';
|
||||
home_access = TRUE;
|
||||
if (doc_mount_path)
|
||||
{
|
||||
g_ptr_array_add (argv_array, g_strdup ("-b"));
|
||||
g_ptr_array_add (argv_array, g_strdup_printf ("/run/user/%d/doc=%s/in-homedir", getuid(), doc_mount_path));
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Enable persistant mapping only if no access to real home dir */
|
||||
|
||||
if (doc_mount_path && app_id)
|
||||
{
|
||||
g_ptr_array_add (argv_array, g_strdup ("-b"));
|
||||
g_ptr_array_add (argv_array, g_strdup_printf ("/run/user/%d/doc=%s/by-app/%s", getuid(), doc_mount_path, app_id));
|
||||
}
|
||||
|
||||
g_hash_table_iter_init (&iter, context->persistent);
|
||||
while (g_hash_table_iter_next (&iter, &key, NULL))
|
||||
{
|
||||
@@ -1146,6 +1129,13 @@ xdg_app_run_add_environment_args (GPtrArray *argv_array,
|
||||
}
|
||||
}
|
||||
|
||||
if (doc_mount_path && app_id)
|
||||
{
|
||||
g_ptr_array_add (argv_array, g_strdup ("-b"));
|
||||
g_ptr_array_add (argv_array, g_strdup_printf ("/run/user/%d/doc=%s/by-app/%s",
|
||||
getuid(), doc_mount_path, app_id));
|
||||
}
|
||||
|
||||
g_hash_table_iter_init (&iter, context->filesystems);
|
||||
while (g_hash_table_iter_next (&iter, &key, NULL))
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user