[tracker/wip/carlosg/portal: 93/113] libtracker-data: Filter down updates on forbidden graphs

From: Carlos Garnacho <carlosg src gnome org>
To: commits-list gnome org
Cc:
Subject: [tracker/wip/carlosg/portal: 93/113] libtracker-data: Filter down updates on forbidden graphs
Date: Sun, 21 Jun 2020 09:57:42 +0000 (UTC)

commit adc46877b977472f45c0bfd0c9277306d4773e5f
Author: Carlos Garnacho <carlosg gnome org>
Date:   Sat Jan 25 13:52:44 2020 +0100

    libtracker-data: Filter down updates on forbidden graphs
    
    Mostly for the case of insert/delete/update statements, check the current
    graph can be accessed before letting updates go through.

 src/libtracker-data/tracker-sparql.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
---
diff --git a/src/libtracker-data/tracker-sparql.c b/src/libtracker-data/tracker-sparql.c
index d6b229984..c544776b2 100644
--- a/src/libtracker-data/tracker-sparql.c
+++ b/src/libtracker-data/tracker-sparql.c
@@ -654,6 +654,27 @@ build_properties_string (TrackerSparql   *sparql,
        }
 }
 
+static gboolean
+tracker_sparql_graph_is_whitelisted (TrackerSparql *sparql,
+                                     const gchar   *graph)
+{
+       gint i;
+
+       if (!sparql->policy.graphs)
+               return TRUE;
+
+       for (i = 0; i < sparql->policy.graphs->len; i++) {
+               const gchar *policy_graph;
+
+               policy_graph = g_ptr_array_index (sparql->policy.graphs, i);
+
+               if (g_strcmp0 (graph, policy_graph) == 0)
+                       return TRUE;
+       }
+
+       return FALSE;
+}
+
 static GHashTable *
 tracker_sparql_get_effective_graphs (TrackerSparql *sparql)
 {
@@ -1940,6 +1961,15 @@ tracker_sparql_apply_quad (TrackerSparql  *sparql,
 {
        GError *inner_error = NULL;
 
+       if ((tracker_token_is_empty (&sparql->current_state.graph) &&
+            sparql->policy.filter_unnamed_graph) ||
+           (tracker_token_get_literal (&sparql->current_state.graph) &&
+            !tracker_sparql_graph_is_whitelisted (sparql, tracker_token_get_idstring 
(&sparql->current_state.graph)))) {
+               _raise (CONSTRAINT, "Access to graph is disallowed",
+                       tracker_token_is_empty (&sparql->current_state.graph) ? "DEFAULT" :
+                       tracker_token_get_idstring (&sparql->current_state.graph));
+       }
+
        switch (sparql->current_state.type) {
        case TRACKER_SPARQL_TYPE_SELECT:
                _add_quad (sparql,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]