[gnome-software] snap: Only show snaps as sandboxed if snapd supports confinmenent

From: Robert Ancell <rancell src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-software] snap: Only show snaps as sandboxed if snapd supports confinmenent
Date: Thu, 6 Jul 2017 23:43:50 +0000 (UTC)

commit a8792cb1e4d22f0a95c9d8ec276f920eac5c94f8
Author: Robert Ancell <robert ancell canonical com>
Date:   Fri Jul 7 11:43:03 2017 +1200

    snap: Only show snaps as sandboxed if snapd supports confinmenent

 meson.build                   |    2 +-
 plugins/snap/gs-plugin-snap.c |   18 +++++++++++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)
---
diff --git a/meson.build b/meson.build
index 1acb878..717bd65 100644
--- a/meson.build
+++ b/meson.build
@@ -164,7 +164,7 @@ if get_option('enable-gudev')
 endif
 
 if get_option('enable-snap')
-  snap = dependency('snapd-glib', version : '>= 1.14')
+  snap = dependency('snapd-glib', version : '>= 1.15')
 endif
 
 gnome = import('gnome')
diff --git a/plugins/snap/gs-plugin-snap.c b/plugins/snap/gs-plugin-snap.c
index 7424343..504348d 100644
--- a/plugins/snap/gs-plugin-snap.c
+++ b/plugins/snap/gs-plugin-snap.c
@@ -26,8 +26,9 @@
 #include <gnome-software.h>
 
 struct GsPluginData {
-       GsAuth          *auth;
-       GHashTable      *store_snaps;
+       SnapdSystemConfinement   system_confinement;
+       GsAuth                  *auth;
+       GHashTable              *store_snaps;
 };
 
 void
@@ -64,6 +65,16 @@ gboolean
 gs_plugin_setup (GsPlugin *plugin, GCancellable *cancellable, GError **error)
 {
        GsPluginData *priv = gs_plugin_get_data (plugin);
+       g_autoptr(SnapdClient) client = NULL;
+       g_autoptr(SnapdSystemInformation) system_information = NULL;
+
+       client = snapd_client_new ();
+       if (!snapd_client_connect_sync (client, cancellable, error))
+               return FALSE;
+       system_information = snapd_client_get_system_information_sync (client, cancellable, error);
+       if (system_information == NULL)
+               return FALSE;
+       priv->system_confinement = snapd_system_information_get_confinement (system_information);
 
        /* load from disk */
        gs_auth_add_metadata (priv->auth, "macaroon", NULL);
@@ -181,6 +192,7 @@ find_snaps (GsPlugin *plugin, SnapdFindFlags flags, const gchar *section, const
 static GsApp *
 snap_to_app (GsPlugin *plugin, SnapdSnap *snap)
 {
+       GsPluginData *priv = gs_plugin_get_data (plugin);
        GsApp *app;
 
        /* create a unique ID for deduplication, TODO: branch? */
@@ -205,7 +217,7 @@ snap_to_app (GsPlugin *plugin, SnapdSnap *snap)
        gs_app_add_quirk (app, AS_APP_QUIRK_NOT_REVIEWABLE);
        if (gs_plugin_check_distro_id (plugin, "ubuntu"))
                gs_app_add_quirk (app, AS_APP_QUIRK_PROVENANCE);
-       if (snapd_snap_get_confinement (snap) == SNAPD_CONFINEMENT_STRICT)
+       if (priv->system_confinement == SNAPD_SYSTEM_CONFINEMENT_STRICT && snapd_snap_get_confinement (snap) 
== SNAPD_CONFINEMENT_STRICT)
                gs_app_add_kudo (app, GS_APP_KUDO_SANDBOXED);
 
        return app;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]