/src/glib/gio/gportalsupport.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* GIO - GLib Input, Output and Streaming Library |
2 | | * |
3 | | * Copyright 2016 Red Hat, Inc. |
4 | | * |
5 | | * SPDX-License-Identifier: LGPL-2.1-or-later |
6 | | * |
7 | | * This library is free software; you can redistribute it and/or |
8 | | * modify it under the terms of the GNU Lesser General Public |
9 | | * License as published by the Free Software Foundation; either |
10 | | * version 2.1 of the License, or (at your option) any later version. |
11 | | * |
12 | | * This library is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
15 | | * Lesser General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU Lesser General |
18 | | * Public License along with this library; if not, see <http://www.gnu.org/licenses/>. |
19 | | */ |
20 | | |
21 | | #include "config.h" |
22 | | |
23 | | #include "glib-private.h" |
24 | | #include "gportalsupport.h" |
25 | | #include "gsandbox.h" |
26 | | |
27 | | static GSandboxType sandbox_type = G_SANDBOX_TYPE_UNKNOWN; |
28 | | static gboolean use_portal; |
29 | | static gboolean network_available; |
30 | | static gboolean dconf_access; |
31 | | |
32 | | #ifdef G_PORTAL_SUPPORT_TEST |
33 | | static const char *snapctl = "snapctl"; |
34 | | #else |
35 | | static const char *snapctl = "/usr/bin/snapctl"; |
36 | | #endif |
37 | | |
38 | | static gboolean |
39 | | snap_plug_is_connected (const gchar *plug_name) |
40 | 0 | { |
41 | 0 | gint wait_status; |
42 | 0 | const gchar *argv[] = { snapctl, "is-connected", plug_name, NULL }; |
43 | | |
44 | | /* Bail out if our process is privileged - we don't want to pass those |
45 | | * privileges to snapctl. It could be overridden and this would |
46 | | * allow arbitrary code execution. |
47 | | */ |
48 | 0 | if (GLIB_PRIVATE_CALL (g_check_setuid) ()) |
49 | 0 | return FALSE; |
50 | | |
51 | 0 | if (!g_spawn_sync (NULL, (gchar **) argv, NULL, |
52 | | #ifdef G_PORTAL_SUPPORT_TEST |
53 | | G_SPAWN_SEARCH_PATH | |
54 | | #endif |
55 | 0 | G_SPAWN_STDOUT_TO_DEV_NULL | |
56 | 0 | G_SPAWN_STDERR_TO_DEV_NULL, |
57 | 0 | NULL, NULL, NULL, NULL, &wait_status, |
58 | 0 | NULL)) |
59 | 0 | return FALSE; |
60 | | |
61 | 0 | return g_spawn_check_wait_status (wait_status, NULL); |
62 | 0 | } |
63 | | |
64 | | static void |
65 | | sandbox_info_read (void) |
66 | 0 | { |
67 | 0 | static gsize sandbox_info_is_read = 0; |
68 | | |
69 | | /* Sandbox type and Flatpak info is static, so only read once */ |
70 | 0 | if (!g_once_init_enter (&sandbox_info_is_read)) |
71 | 0 | return; |
72 | | |
73 | 0 | sandbox_type = glib_get_sandbox_type (); |
74 | |
|
75 | 0 | switch (sandbox_type) |
76 | 0 | { |
77 | 0 | case G_SANDBOX_TYPE_FLATPAK: |
78 | 0 | { |
79 | 0 | GKeyFile *keyfile; |
80 | 0 | const char *keyfile_path = "/.flatpak-info"; |
81 | |
|
82 | 0 | use_portal = TRUE; |
83 | 0 | network_available = FALSE; |
84 | 0 | dconf_access = FALSE; |
85 | |
|
86 | 0 | keyfile = g_key_file_new (); |
87 | |
|
88 | | #ifdef G_PORTAL_SUPPORT_TEST |
89 | | char *test_key_file = |
90 | | g_build_filename (g_get_user_runtime_dir (), keyfile_path, NULL); |
91 | | keyfile_path = test_key_file; |
92 | | #endif |
93 | |
|
94 | 0 | if (g_key_file_load_from_file (keyfile, keyfile_path, G_KEY_FILE_NONE, NULL)) |
95 | 0 | { |
96 | 0 | char **shared = NULL; |
97 | 0 | char *dconf_policy = NULL; |
98 | |
|
99 | 0 | shared = g_key_file_get_string_list (keyfile, "Context", "shared", NULL, NULL); |
100 | 0 | if (shared) |
101 | 0 | { |
102 | 0 | network_available = g_strv_contains ((const char *const *) shared, "network"); |
103 | 0 | g_strfreev (shared); |
104 | 0 | } |
105 | |
|
106 | 0 | dconf_policy = g_key_file_get_string (keyfile, "Session Bus Policy", "ca.desrt.dconf", NULL); |
107 | 0 | if (dconf_policy) |
108 | 0 | { |
109 | 0 | if (strcmp (dconf_policy, "talk") == 0) |
110 | 0 | dconf_access = TRUE; |
111 | 0 | g_free (dconf_policy); |
112 | 0 | } |
113 | 0 | } |
114 | |
|
115 | | #ifdef G_PORTAL_SUPPORT_TEST |
116 | | g_clear_pointer (&test_key_file, g_free); |
117 | | #endif |
118 | |
|
119 | 0 | g_key_file_unref (keyfile); |
120 | 0 | } |
121 | 0 | break; |
122 | 0 | case G_SANDBOX_TYPE_SNAP: |
123 | 0 | break; |
124 | 0 | case G_SANDBOX_TYPE_UNKNOWN: |
125 | 0 | { |
126 | 0 | const char *var; |
127 | |
|
128 | 0 | var = g_getenv ("GTK_USE_PORTAL"); |
129 | 0 | if (var && var[0] == '1') |
130 | 0 | use_portal = TRUE; |
131 | 0 | network_available = TRUE; |
132 | 0 | dconf_access = TRUE; |
133 | 0 | } |
134 | 0 | break; |
135 | 0 | } |
136 | | |
137 | 0 | g_once_init_leave (&sandbox_info_is_read, 1); |
138 | 0 | } |
139 | | |
140 | | gboolean |
141 | | glib_should_use_portal (void) |
142 | 0 | { |
143 | 0 | sandbox_info_read (); |
144 | |
|
145 | 0 | if (sandbox_type == G_SANDBOX_TYPE_SNAP) |
146 | 0 | return snap_plug_is_connected ("desktop"); |
147 | | |
148 | 0 | return use_portal; |
149 | 0 | } |
150 | | |
151 | | gboolean |
152 | | glib_network_available_in_sandbox (void) |
153 | 0 | { |
154 | 0 | sandbox_info_read (); |
155 | |
|
156 | 0 | if (sandbox_type == G_SANDBOX_TYPE_SNAP) |
157 | 0 | { |
158 | | /* FIXME: This is inefficient doing multiple calls to check connections. |
159 | | * See https://github.com/snapcore/snapd/pull/12301 for a proposed |
160 | | * improvement to snapd for this. |
161 | | */ |
162 | 0 | return snap_plug_is_connected ("desktop") || |
163 | 0 | snap_plug_is_connected ("network-status"); |
164 | 0 | } |
165 | | |
166 | 0 | return network_available; |
167 | 0 | } |
168 | | |
169 | | gboolean |
170 | | glib_has_dconf_access_in_sandbox (void) |
171 | 0 | { |
172 | 0 | sandbox_info_read (); |
173 | |
|
174 | 0 | if (sandbox_type == G_SANDBOX_TYPE_SNAP) |
175 | 0 | return snap_plug_is_connected ("gsettings"); |
176 | | |
177 | 0 | return dconf_access; |
178 | 0 | } |