[glib/sandboxed-dbus-activation: 3/3] Make dbus activation sandbox-aware
- From: Matthias Clasen <matthiasc src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib/sandboxed-dbus-activation: 3/3] Make dbus activation sandbox-aware
- Date: Fri, 26 May 2017 17:17:42 +0000 (UTC)
commit fab20387b49d5272614033d3e9d6b7a254899e5e
Author: Matthias Clasen <mclasen redhat com>
Date: Sat May 6 14:22:38 2017 -0400
Make dbus activation sandbox-aware
When we call org.freedesktop.Application.Open to activate
an application and pass file uris, the application may not
be able to see the files due to a flatpak sandbox.
Flatpak puts the flatpak app-id in the X-Flatpak key in
desktop files that it exports, so we can easily recognize
applications that may be affected by this.
In this case, call the document portal to export the files
and pass the resulting uri's instead of the original ones.
gio/gdesktopappinfo.c | 52 ++++++++++++++++++++++++++++++++++++++++++------
gio/gdocumentportal.c | 4 ---
2 files changed, 45 insertions(+), 11 deletions(-)
---
diff --git a/gio/gdesktopappinfo.c b/gio/gdesktopappinfo.c
index 81dff27..ef5fab5 100644
--- a/gio/gdesktopappinfo.c
+++ b/gio/gdesktopappinfo.c
@@ -36,6 +36,7 @@
#include "gdesktopappinfo.h"
#ifdef G_OS_UNIX
#include "glib-unix.h"
+#include "gunixfdlist.h"
#endif
#include "gfile.h"
#include "gioerror.h"
@@ -48,6 +49,10 @@
#include "gappinfoprivate.h"
#include "glocalfilemonitor.h"
+#ifdef G_OS_UNIX
+#include "gdocumentportal.h"
+#endif
+
/**
* SECTION:gdesktopappinfo
* @title: GDesktopAppInfo
@@ -2835,17 +2840,15 @@ g_desktop_app_info_make_platform_data (GDesktopAppInfo *info,
return g_variant_builder_end (&builder);
}
-static gboolean
-g_desktop_app_info_launch_uris_with_dbus (GDesktopAppInfo *info,
- GDBusConnection *session_bus,
- GList *uris,
- GAppLaunchContext *launch_context)
+static void
+launch_uris_with_dbus (GDesktopAppInfo *info,
+ GDBusConnection *session_bus,
+ GList *uris,
+ GAppLaunchContext *launch_context)
{
GVariantBuilder builder;
gchar *object_path;
- g_return_val_if_fail (info != NULL, FALSE);
-
g_variant_builder_init (&builder, G_VARIANT_TYPE_TUPLE);
if (uris)
@@ -2865,10 +2868,45 @@ g_desktop_app_info_launch_uris_with_dbus (GDesktopAppInfo *info,
* This is what startup-notification's job is...
*/
object_path = object_path_from_appid (info->app_id);
+
g_dbus_connection_call (session_bus, info->app_id, object_path, "org.freedesktop.Application",
uris ? "Open" : "Activate", g_variant_builder_end (&builder),
NULL, G_DBUS_CALL_FLAGS_NONE, -1, NULL, NULL, NULL);
+
g_free (object_path);
+}
+
+#ifdef G_OS_UNIX
+static gboolean
+should_rewrite_uris_for_portal (GDesktopAppInfo *info,
+ char **app_id)
+{
+ *app_id = g_desktop_app_info_get_string (info, "X-Flatpak");
+
+ return *app_id && (*app_id)[0];
+}
+#endif
+
+static gboolean
+g_desktop_app_info_launch_uris_with_dbus (GDesktopAppInfo *info,
+ GDBusConnection *session_bus,
+ GList *uris,
+ GAppLaunchContext *launch_context)
+{
+ GList *ruris = uris;
+ g_autofree char *app_id = NULL;
+
+ g_return_val_if_fail (info != NULL, FALSE);
+
+#ifdef G_OS_UNIX
+ if (should_rewrite_uris_for_portal (info, &app_id))
+ ruris = g_document_portal_add_documents (uris, app_id, NULL);
+#endif
+
+ launch_uris_with_dbus (info, session_bus, ruris, launch_context);
+
+ if (ruris != uris)
+ g_list_free_full (ruris, g_free);
return TRUE;
}
diff --git a/gio/gdocumentportal.c b/gio/gdocumentportal.c
index dacec6f..91a4f00 100644
--- a/gio/gdocumentportal.c
+++ b/gio/gdocumentportal.c
@@ -215,10 +215,6 @@ g_document_portal_add_documents (GList *uris,
as_is[i] = TRUE;
}
- g_variant_builder_add (&builder, "u", 1 << 2); /* as-needed-by-app */
- g_variant_builder_add (&builder, "s", app_id);
- g_variant_builder_add (&builder, "^as", permissions);
-
if (g_unix_fd_list_get_length (fd_list) > 0)
{
if (!gxdp_documents_call_add_full_sync (documents,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
