From f76f6a39ef6b7169fd2102f3167a5dded920ee74 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Sat, 11 Jul 2015 10:48:53 +0200
Subject: [PATCH] document-portal: *always* use the by-app location

This is better as you can't accidentally access another apps docs (although
you can still see the backing real files)
---
 document-portal/xdp-fuse.c | 28 ++++------------------------
 lib/xdg-app-run.c          | 24 +++++++-----------------
 2 files changed, 11 insertions(+), 41 deletions(-)

diff --git a/document-portal/xdp-fuse.c b/document-portal/xdp-fuse.c
index 5d2fd099..ed87fb22 100644
--- a/document-portal/xdp-fuse.c
+++ b/document-portal/xdp-fuse.c
@@ -24,7 +24,6 @@
       "org.gnome.gedit/" (APP_DIR:app id)
         "$id/" (APP_DOC_DIR:app_id<<32|doc_id)
           <same as DOC_DIR>
-    "in-homedir/" (APP_DOC_DIR:1)
     "$id" (DOC_DIR:doc_idid)
       $basename (DOC_FILE:doc_id)
       $tmpfile (TMPFILE:tmp_id)
@@ -32,8 +31,6 @@
 
 #define BY_APP_INO 2
 
-#define IN_HOMEDIR_APP_ID 1
-
 #define NON_DOC_DIR_PERMS 0500
 #define DOC_DIR_PERMS 0700
 
@@ -56,7 +53,6 @@ typedef enum {
 } XdpInodeClass;
 
 #define BY_APP_NAME "by-app"
-#define IN_HOMEDIR_NAME "in-homedir"
 
 static XdpDocDb *db;
 
@@ -302,18 +298,11 @@ static gboolean
 app_can_see_doc (GVariant *doc, guint32 app_id)
 {
   const char *app_name = get_app_name_from_id (app_id);
+
   if (app_name != NULL &&
       xdp_doc_has_permissions (doc, app_name, XDP_PERMISSION_FLAGS_READ))
     return TRUE;
 
-  if (app_id == IN_HOMEDIR_APP_ID)
-    {
-      g_autofree char *path = xdp_doc_dup_path (doc);
-
-      if (g_str_has_prefix (path, g_get_home_dir ()))
-        return TRUE;
-    }
-
   return FALSE;
 }
 
@@ -353,7 +342,7 @@ xdp_stat (fuse_ino_t ino,
       break;
 
     case APP_DIR_INO_CLASS:
-      if (class_ino != IN_HOMEDIR_APP_ID && get_app_name_from_id (class_ino) == 0)
+      if (get_app_name_from_id (class_ino) == 0)
         return ENOENT;
 
       stbuf->st_mode = S_IFDIR | NON_DOC_DIR_PERMS;
@@ -366,8 +355,7 @@ xdp_stat (fuse_ino_t ino,
         guint32 doc_id = get_doc_id_from_app_doc_ino (class_ino);
 
         doc = xdp_doc_db_lookup_doc (db, doc_id);
-        if (doc == NULL ||
-            !app_can_see_doc (doc, app_id))
+        if (doc == NULL || !app_can_see_doc (doc, app_id))
           return ENOENT;
 
         stbuf->st_mode = S_IFDIR | DOC_DIR_PERMS;
@@ -543,12 +531,6 @@ xdp_lookup (fuse_ino_t parent,
               if (xdp_stat (*inode, stbuf, NULL) == 0)
                 return 0;
             }
-          else if (strcmp (name, IN_HOMEDIR_NAME) == 0)
-            {
-              *inode = make_inode (APP_DIR_INO_CLASS, IN_HOMEDIR_APP_ID);
-              if (xdp_stat (*inode, stbuf, NULL) == 0)
-                return 0;
-            }
           else if (name_looks_like_id (name))
             {
               *inode = make_inode (DOC_DIR_INO_CLASS,
@@ -813,8 +795,6 @@ xdp_fuse_opendir (fuse_req_t req,
           dirbuf_add (req, &b, "..", FUSE_ROOT_ID);
           dirbuf_add (req, &b, BY_APP_NAME,
                       make_inode (STD_DIRS_INO_CLASS, BY_APP_INO));
-          dirbuf_add (req, &b, IN_HOMEDIR_NAME,
-                      make_inode (APP_DIR_INO_CLASS, IN_HOMEDIR_APP_ID));
           dirbuf_add_docs (req, &b, 0);
           break;
 
@@ -1757,7 +1737,7 @@ xdp_fuse_init (XdpDocDb *_db,
     g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
   app_id_to_name =
     g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, NULL);
-  next_app_id = IN_HOMEDIR_APP_ID + 1;
+  next_app_id = 1;
   next_tmp_id = 1;
 
   mount_path = g_build_filename (g_get_user_runtime_dir(), "doc", NULL);
diff --git a/lib/xdg-app-run.c b/lib/xdg-app-run.c
index 87a9b1eb..e2030fed 100644
--- a/lib/xdg-app-run.c
+++ b/lib/xdg-app-run.c
@@ -1104,34 +1104,17 @@ xdg_app_run_add_environment_args (GPtrArray *argv_array,
       g_debug ("Allowing host-fs access");
       opts[i++] = 'f';
       home_access = TRUE;
-
-      if (doc_mount_path)
-        {
-          g_ptr_array_add (argv_array, g_strdup ("-b"));
-          g_ptr_array_add (argv_array, g_strdup_printf ("/run/user/%d/doc=%s", getuid(), doc_mount_path));
-        }
     }
   else if (g_hash_table_lookup (context->filesystems, "home"))
     {
       g_debug ("Allowing homedir access");
       opts[i++] = 'H';
       home_access = TRUE;
-      if (doc_mount_path)
-        {
-          g_ptr_array_add (argv_array, g_strdup ("-b"));
-          g_ptr_array_add (argv_array, g_strdup_printf ("/run/user/%d/doc=%s/in-homedir", getuid(), doc_mount_path));
-        }
     }
   else
     {
       /* Enable persistant mapping only if no access to real home dir */
 
-      if (doc_mount_path && app_id)
-        {
-          g_ptr_array_add (argv_array, g_strdup ("-b"));
-          g_ptr_array_add (argv_array, g_strdup_printf ("/run/user/%d/doc=%s/by-app/%s", getuid(), doc_mount_path, app_id));
-        }
-
       g_hash_table_iter_init (&iter, context->persistent);
       while (g_hash_table_iter_next (&iter, &key, NULL))
         {
@@ -1146,6 +1129,13 @@ xdg_app_run_add_environment_args (GPtrArray *argv_array,
         }
     }
 
+  if (doc_mount_path && app_id)
+    {
+      g_ptr_array_add (argv_array, g_strdup ("-b"));
+      g_ptr_array_add (argv_array, g_strdup_printf ("/run/user/%d/doc=%s/by-app/%s",
+                                                    getuid(), doc_mount_path, app_id));
+    }
+
   g_hash_table_iter_init (&iter, context->filesystems);
   while (g_hash_table_iter_next (&iter, &key, NULL))
     {