[gnome-software/1701-permissions-context-tile-says-has-access-to-no-files-even-if-flatpak-app-has-access-to: 16/21] flatpak: Restructure how filesystem permissions are calculated
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-software/1701-permissions-context-tile-says-has-access-to-no-files-even-if-flatpak-app-has-access-to: 16/21] flatpak: Restructure how filesystem permissions are calculated
- Date: Wed, 13 Apr 2022 15:07:28 +0000 (UTC)
commit cd97c676e046e78c2f6ca2261638538938bfb461
Author: Milan Crha <mcrha redhat com>
Date: Wed Apr 13 16:54:59 2022 +0200
flatpak: Restructure how filesystem permissions are calculated
This does no functional change, it only allows to detect whether there
are any leftover (unchecked) filesystem permissions, which will be
useful in a follow up commit.
plugins/flatpak/gs-flatpak.c | 48 ++++++++++++++++++++++++++++----------------
1 file changed, 31 insertions(+), 17 deletions(-)
---
diff --git a/plugins/flatpak/gs-flatpak.c b/plugins/flatpak/gs-flatpak.c
index 71d628035..bd7f4282f 100644
--- a/plugins/flatpak/gs-flatpak.c
+++ b/plugins/flatpak/gs-flatpak.c
@@ -241,23 +241,37 @@ perms_from_metadata (GKeyFile *keyfile)
g_strfreev (strv);
strv = g_key_file_get_string_list (keyfile, "Context", "filesystems", NULL, NULL);
- if (strv != NULL && (g_strv_contains ((const gchar * const *)strv, "home") ||
- g_strv_contains ((const gchar * const *)strv, "home:rw")))
- permissions |= GS_APP_PERMISSIONS_HOME_FULL;
- else if (strv != NULL && g_strv_contains ((const gchar * const *)strv, "home:ro"))
- permissions |= GS_APP_PERMISSIONS_HOME_READ;
- if (strv != NULL && (g_strv_contains ((const gchar * const *)strv, "host") ||
- g_strv_contains ((const gchar * const *)strv, "host:rw")))
- permissions |= GS_APP_PERMISSIONS_FILESYSTEM_FULL;
- else if (strv != NULL && g_strv_contains ((const gchar * const *)strv, "host:ro"))
- permissions |= GS_APP_PERMISSIONS_FILESYSTEM_READ;
- if (strv != NULL && (g_strv_contains ((const gchar * const *)strv, "xdg-download") ||
- g_strv_contains ((const gchar * const *)strv, "xdg-download:rw")))
- permissions |= GS_APP_PERMISSIONS_DOWNLOADS_FULL;
- else if (strv != NULL && g_strv_contains ((const gchar * const *)strv, "xdg-download:ro"))
- permissions |= GS_APP_PERMISSIONS_DOWNLOADS_READ;
- if (strv != NULL && g_strv_contains ((const gchar * const *)strv,
"xdg-data/flatpak/overrides:create"))
- permissions |= GS_APP_PERMISSIONS_ESCAPE_SANDBOX;
+ if (strv != NULL) {
+ const struct {
+ const gchar *key;
+ GsAppPermissions perm;
+ } filesystems_access[] = {
+ /* Reference:
https://docs.flatpak.org/en/latest/flatpak-command-reference.html#idm45858571325264 */
+ { "home", GS_APP_PERMISSIONS_HOME_FULL },
+ { "home:rw", GS_APP_PERMISSIONS_HOME_FULL },
+ { "home:ro", GS_APP_PERMISSIONS_HOME_READ },
+ { "host", GS_APP_PERMISSIONS_FILESYSTEM_FULL },
+ { "host:rw", GS_APP_PERMISSIONS_FILESYSTEM_FULL },
+ { "host:ro", GS_APP_PERMISSIONS_FILESYSTEM_READ },
+ { "xdg-download", GS_APP_PERMISSIONS_DOWNLOADS_FULL },
+ { "xdg-download:rw", GS_APP_PERMISSIONS_DOWNLOADS_FULL },
+ { "xdg-download:ro", GS_APP_PERMISSIONS_DOWNLOADS_READ },
+ { "xdg-data/flatpak/overrides:create", GS_APP_PERMISSIONS_ESCAPE_SANDBOX }
+ };
+
+ for (guint i = 0; i < G_N_ELEMENTS (filesystems_access); i++) {
+ if (g_strv_contains ((const gchar * const *) strv, filesystems_access[i].key)) {
+ permissions |= filesystems_access[i].perm;
+ }
+ }
+
+ if ((permissions & GS_APP_PERMISSIONS_HOME_FULL) != 0)
+ permissions = permissions & ~GS_APP_PERMISSIONS_HOME_READ;
+ if ((permissions & GS_APP_PERMISSIONS_FILESYSTEM_FULL) != 0)
+ permissions = permissions & ~GS_APP_PERMISSIONS_FILESYSTEM_READ;
+ if ((permissions & GS_APP_PERMISSIONS_DOWNLOADS_FULL) != 0)
+ permissions = permissions & ~GS_APP_PERMISSIONS_DOWNLOADS_READ;
+ }
g_strfreev (strv);
str = g_key_file_get_string (keyfile, "Session Bus Policy", "ca.desrt.dconf", NULL);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
