[tracker/wip/carlosg/portal: 11/29] libtracker-data: Check graph permissions on graph manipulation syntax



commit 5cc1090c386c3c28ca05bb093b483ccf0c0143d5
Author: Carlos Garnacho <carlosg gnome org>
Date:   Sat Jan 25 13:54:20 2020 +0100

    libtracker-data: Check graph permissions on graph manipulation syntax
    
    Check when handling CREATE/DROP/ADD/MOVE/COPY that the graph can be
    accessed.

 src/libtracker-data/tracker-sparql.c | 40 ++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
---
diff --git a/src/libtracker-data/tracker-sparql.c b/src/libtracker-data/tracker-sparql.c
index 55d802928..b3c031ea5 100644
--- a/src/libtracker-data/tracker-sparql.c
+++ b/src/libtracker-data/tracker-sparql.c
@@ -3808,6 +3808,14 @@ translate_Drop (TrackerSparql  *sparql,
        }
 
        for (l = graphs; l; l = l->next) {
+               if (!tracker_sparql_graph_is_whitelisted (sparql, l->data)) {
+                       inner_error = g_error_new (TRACKER_SPARQL_ERROR,
+                                                  TRACKER_SPARQL_ERROR_CONSTRAINT,
+                                                  "Graph '%s' disallowed by policy",
+                                                  (const gchar *) l->data);
+                       break;
+               }
+
                if (!tracker_data_manager_drop_graph (sparql->data_manager,
                                                      l->data, &inner_error))
                        break;
@@ -3846,6 +3854,14 @@ translate_Create (TrackerSparql  *sparql,
                goto error;
        }
 
+       if (!tracker_sparql_graph_is_whitelisted (sparql, graph_name)) {
+               inner_error = g_error_new (TRACKER_SPARQL_ERROR,
+                                          TRACKER_SPARQL_ERROR_CONSTRAINT,
+                                          "Graph '%s' disallowed by policy",
+                                          graph_name);
+               goto error;
+       }
+
        if (!tracker_data_manager_create_graph (sparql->data_manager,
                                                graph_name,
                                                &inner_error))
@@ -3894,6 +3910,14 @@ translate_Add (TrackerSparql  *sparql,
                goto error;
        }
 
+       if (!tracker_sparql_graph_is_whitelisted (sparql, destination)) {
+               inner_error = g_error_new (TRACKER_SPARQL_ERROR,
+                                          TRACKER_SPARQL_ERROR_CONSTRAINT,
+                                          "Graph '%s' disallowed by policy",
+                                          destination);
+               goto error;
+       }
+
        if (destination &&
            !tracker_sparql_find_graph (sparql, destination)) {
                if (!tracker_data_manager_create_graph (sparql->data_manager,
@@ -3956,6 +3980,14 @@ translate_Move (TrackerSparql  *sparql,
                goto error;
        }
 
+       if (!tracker_sparql_graph_is_whitelisted (sparql, destination)) {
+               inner_error = g_error_new (TRACKER_SPARQL_ERROR,
+                                          TRACKER_SPARQL_ERROR_CONSTRAINT,
+                                          "Graph '%s' disallowed by policy",
+                                          destination);
+               goto error;
+       }
+
        if (destination &&
            !tracker_sparql_find_graph (sparql, destination)) {
                if (!tracker_data_manager_create_graph (sparql->data_manager,
@@ -4030,6 +4062,14 @@ translate_Copy (TrackerSparql  *sparql,
                goto error;
        }
 
+       if (!tracker_sparql_graph_is_whitelisted (sparql, destination)) {
+               inner_error = g_error_new (TRACKER_SPARQL_ERROR,
+                                          TRACKER_SPARQL_ERROR_CONSTRAINT,
+                                          "Graph '%s' disallowed by policy",
+                                          destination);
+               goto error;
+       }
+
        if (destination &&
            !tracker_sparql_find_graph (sparql, destination)) {
                if (!tracker_data_manager_create_graph (sparql->data_manager,


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]