portal: Add flags for sharing display/sound/gpu when spawning sandboxed

This allows you to open up things (if the calling app has access) for the sandboxed child. Rather than duplicating all possible sandboxing technical details we specify things at a higher level. We just assume you want the same access as the caller (i.e. x11[-fallback] and/or wayland), as this is easier to use for the caller and more flexible for us to later add new technical details as needed.
2026-02-04 21:11:28 -05:00 · 2019-11-25 11:51:38 +01:00
parent 7071c38acf
commit fa1bc8ca16
3 changed files with 56 additions and 1 deletions
--- a/portal/flatpak-portal-app-info.h
+++ b/portal/flatpak-portal-app-info.h
@@ -33,6 +33,8 @@
 #define FLATPAK_METADATA_KEY_APP_COMMIT "app-commit"
 #define FLATPAK_METADATA_KEY_RUNTIME_COMMIT "runtime-commit"
 #define FLATPAK_METADATA_KEY_SHARED "shared"
+#define FLATPAK_METADATA_KEY_SOCKETS "sockets"
+#define FLATPAK_METADATA_KEY_DEVICES "devices"
 #define FLATPAK_METADATA_KEY_DEVEL "devel"
 #define FLATPAK_METADATA_KEY_INSTANCE_PATH "instance-path"

--- a/portal/flatpak-portal.c
+++ b/portal/flatpak-portal.c
@@ -391,8 +391,11 @@ handle_spawn (PortalFlatpak         *object,
  g_autofree char *instance_path = NULL;
  g_auto(GStrv) extra_args = NULL;
  g_auto(GStrv) shares = NULL;
+  g_auto(GStrv) sockets = NULL;
+  g_auto(GStrv) devices = NULL;
  g_auto(GStrv) sandbox_expose = NULL;
  g_auto(GStrv) sandbox_expose_ro = NULL;
+  guint sandbox_flags = 0;
  gboolean sandboxed;
  gboolean devel;

@@ -464,12 +467,25 @@ handle_spawn (PortalFlatpak         *object,
                                          FLATPAK_METADATA_KEY_RUNTIME_COMMIT, NULL);
  shares = g_key_file_get_string_list (app_info, FLATPAK_METADATA_GROUP_CONTEXT,
                                       FLATPAK_METADATA_KEY_SHARED, NULL, NULL);
+  sockets = g_key_file_get_string_list (app_info, FLATPAK_METADATA_GROUP_CONTEXT,
+                                       FLATPAK_METADATA_KEY_SOCKETS, NULL, NULL);
+  devices = g_key_file_get_string_list (app_info, FLATPAK_METADATA_GROUP_CONTEXT,
+                                        FLATPAK_METADATA_KEY_DEVICES, NULL, NULL);

  devel = g_key_file_get_boolean (app_info, FLATPAK_METADATA_GROUP_INSTANCE,
                                  FLATPAK_METADATA_KEY_DEVEL, NULL);

  g_variant_lookup (arg_options, "sandbox-expose", "^as", &sandbox_expose);
  g_variant_lookup (arg_options, "sandbox-expose-ro", "^as", &sandbox_expose_ro);
+  g_variant_lookup (arg_options, "sandbox-flags", "u", &sandbox_flags);
+
+
+  if ((sandbox_flags & ~FLATPAK_SPAWN_SANDBOX_FLAGS_ALL) != 0)
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
+                                             "Unsupported sandbox flags enabled: 0x%x", arg_flags & ~FLATPAK_SPAWN_SANDBOX_FLAGS_ALL);
+      return TRUE;
+    }

  if (instance_path == NULL &&
      ((sandbox_expose != NULL && sandbox_expose[0] != NULL) ||
@@ -593,7 +609,33 @@ handle_spawn (PortalFlatpak         *object,
  sandboxed = (arg_flags & FLATPAK_SPAWN_FLAGS_SANDBOX) != 0;

  if (sandboxed)
-    g_ptr_array_add (flatpak_argv, g_strdup ("--sandbox"));
+    {
+      g_ptr_array_add (flatpak_argv, g_strdup ("--sandbox"));
+
+      if (sandbox_flags & FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_DISPLAY)
+        {
+          if (sockets != NULL && g_strv_contains ((const char * const *) sockets, "wayland"))
+            g_ptr_array_add (flatpak_argv, g_strdup ("--socket=wayland"));
+          if (sockets != NULL && g_strv_contains ((const char * const *) sockets, "fallback-x11"))
+            g_ptr_array_add (flatpak_argv, g_strdup ("--socket=fallback-x11"));
+          if (sockets != NULL && g_strv_contains ((const char * const *) sockets, "x11"))
+            g_ptr_array_add (flatpak_argv, g_strdup ("--socket=x11"));
+          if (shares != NULL && g_strv_contains ((const char * const *) shares, "ipc") &&
+              sockets != NULL && (g_strv_contains ((const char * const *) sockets, "fallback-x11") ||
+                                  g_strv_contains ((const char * const *) sockets, "x11")))
+            g_ptr_array_add (flatpak_argv, g_strdup ("--share=ipc"));
+        }
+      if (sandbox_flags & FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_SOUND)
+        {
+          if (sockets != NULL && g_strv_contains ((const char * const *) sockets, "pulseaudio"))
+            g_ptr_array_add (flatpak_argv, g_strdup ("--socket=pulseaudio"));
+        }
+      if (sandbox_flags & FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_GPU)
+        {
+          if (devices != NULL && g_strv_contains ((const char * const *) devices, "dri"))
+            g_ptr_array_add (flatpak_argv, g_strdup ("--device=dri"));
+        }
+    }
  else
    {
      for (i = 0; extra_args != NULL && extra_args[i] != NULL; i++)
@@ -611,6 +653,7 @@ handle_spawn (PortalFlatpak         *object,
  else
    g_ptr_array_add (flatpak_argv, g_strdup ("--unshare=network"));

+
  if (instance_path)
    {
      for (i = 0; sandbox_expose != NULL && sandbox_expose[i] != NULL; i++)
--- a/portal/flatpak-portal.h
+++ b/portal/flatpak-portal.h
@@ -29,10 +29,20 @@ typedef enum {
  FLATPAK_SPAWN_FLAGS_WATCH_BUS = 1 << 4,
 } FlatpakSpawnFlags;

+typedef enum {
+  FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_DISPLAY = 1 << 0,
+  FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_SOUND = 1 << 1,
+  FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_GPU = 1 << 2,
+} FlatpakSpawnSandboxFlags;
+
 #define FLATPAK_SPAWN_FLAGS_ALL (FLATPAK_SPAWN_FLAGS_CLEAR_ENV | \
                                 FLATPAK_SPAWN_FLAGS_LATEST_VERSION | \
                                 FLATPAK_SPAWN_FLAGS_SANDBOX | \
                                 FLATPAK_SPAWN_FLAGS_NO_NETWORK | \
                                 FLATPAK_SPAWN_FLAGS_WATCH_BUS)

+#define FLATPAK_SPAWN_SANDBOX_FLAGS_ALL (FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_DISPLAY | \
+                                         FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_SOUND | \
+                                         FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_GPU)
+
 #endif /* __FLATPAK_PORTAL_H__ */