You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
136 lines
4.8 KiB
136 lines
4.8 KiB
From 57096483afb069e69b9addcc39fe92b72051f1d2 Mon Sep 17 00:00:00 2001
|
|
From: James Henstridge <james@jamesh.id.au>
|
|
Date: Tue, 24 Nov 2020 15:48:19 +0800
|
|
Subject: [PATCH] xdp-utils: check if alternate doc portal path matches in
|
|
path_for_fd()
|
|
|
|
The document portal uses different inode number when exposing a
|
|
particular document in different parts of the file system. As sandboxed
|
|
apps only have a subtree of the document portal file system mounted, the
|
|
"same file" checks in xdp_app_info_get_path_for_fd() would fail for
|
|
document portal paths.
|
|
|
|
To fix this, we check to see whether the corresponding "by-app/$app_id"
|
|
path matches the stat information of the file descriptor.
|
|
|
|
Fixes #545
|
|
---
|
|
document-portal/document-portal.c | 2 ++
|
|
src/documents.c | 2 ++
|
|
src/xdp-utils.c | 47 +++++++++++++++++++++++++++++--
|
|
src/xdp-utils.h | 3 ++
|
|
5 files changed, 85 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/document-portal/document-portal.c b/document-portal/document-portal.c
|
|
index a4c044a..a4aacc4 100644
|
|
--- a/document-portal/document-portal.c
|
|
+++ b/document-portal/document-portal.c
|
|
@@ -1448,6 +1448,8 @@ on_name_acquired (GDBusConnection *connection,
|
|
|
|
fuse_dev = stbuf.st_dev;
|
|
|
|
+ xdp_set_documents_mountpoint (xdp_fuse_get_mountpoint ());
|
|
+
|
|
while ((invocation = g_queue_pop_head (&get_mount_point_invocations)) != NULL)
|
|
{
|
|
xdp_dbus_documents_complete_get_mount_point (dbus_api, invocation, xdp_fuse_get_mountpoint ());
|
|
diff --git a/src/documents.c b/src/documents.c
|
|
index 99de9e4..9ddc4ac 100644
|
|
--- a/src/documents.c
|
|
+++ b/src/documents.c
|
|
@@ -31,6 +31,7 @@
|
|
#include <gio/gunixfdlist.h>
|
|
|
|
#include "xdp-dbus.h"
|
|
+#include "xdp-utils.h"
|
|
#include "document-enums.h"
|
|
|
|
static XdpDocuments *documents = NULL;
|
|
@@ -46,6 +47,7 @@ init_document_proxy (GDBusConnection *connection)
|
|
xdp_documents_call_get_mount_point_sync (documents,
|
|
&documents_mountpoint,
|
|
NULL, NULL);
|
|
+ xdp_set_documents_mountpoint (documents_mountpoint);
|
|
}
|
|
|
|
char *
|
|
diff --git a/src/xdp-utils.c b/src/xdp-utils.c
|
|
index fa6ca6f..ef68f0f 100644
|
|
--- a/src/xdp-utils.c
|
|
+++ b/src/xdp-utils.c
|
|
@@ -884,6 +884,35 @@ verify_proc_self_fd (XdpAppInfo *app_info,
|
|
return xdp_app_info_remap_path (app_info, path_buffer);
|
|
}
|
|
|
|
+static char *documents_mountpoint = NULL;
|
|
+
|
|
+void
|
|
+xdp_set_documents_mountpoint (const char *path)
|
|
+{
|
|
+ g_clear_pointer (&documents_mountpoint, g_free);
|
|
+ documents_mountpoint = g_strdup (path);
|
|
+}
|
|
+
|
|
+/* alternate_document_path converts a file path */
|
|
+char *
|
|
+xdp_get_alternate_document_path (const char *path, const char *app_id)
|
|
+{
|
|
+ int len;
|
|
+
|
|
+ /* If we don't know where the document portal is mounted, then there
|
|
+ * is no alternate path */
|
|
+ if (documents_mountpoint == NULL)
|
|
+ return NULL;
|
|
+
|
|
+ /* If the path is not within the document portal, then there is no
|
|
+ * alternative path */
|
|
+ len = strlen (documents_mountpoint);
|
|
+ if (!g_str_has_prefix (path, documents_mountpoint) || path[len] != '/')
|
|
+ return NULL;
|
|
+
|
|
+ return g_strconcat (documents_mountpoint, "/by-app/", app_id, &path[len], NULL);
|
|
+}
|
|
+
|
|
char *
|
|
xdp_app_info_get_path_for_fd (XdpAppInfo *app_info,
|
|
int fd,
|
|
@@ -981,8 +1010,22 @@ xdp_app_info_get_path_for_fd (XdpAppInfo *app_info,
|
|
st_buf->st_dev != real_st_buf.st_dev ||
|
|
st_buf->st_ino != real_st_buf.st_ino)
|
|
{
|
|
- /* Different files on the inside and the outside, reject the request */
|
|
- return NULL;
|
|
+ /* If the path is provided by the document portal, the inode
|
|
+ number will not match, due to only a subtree being mounted in
|
|
+ the sandbox. So we check to see if the equivalent path
|
|
+ within that subtree matches our file descriptor.
|
|
+
|
|
+ If the alternate path doesn't match either, then we treat it
|
|
+ as a failure.
|
|
+ */
|
|
+ g_autofree char *alt_path = NULL;
|
|
+ alt_path = xdp_get_alternate_document_path (path, xdp_app_info_get_id (app_info));
|
|
+
|
|
+ if (alt_path == NULL ||
|
|
+ stat (alt_path, &real_st_buf) < 0 ||
|
|
+ st_buf->st_dev != real_st_buf.st_dev ||
|
|
+ st_buf->st_ino != real_st_buf.st_ino)
|
|
+ return NULL;
|
|
}
|
|
|
|
if (writable_out)
|
|
diff --git a/src/xdp-utils.h b/src/xdp-utils.h
|
|
index 7105bce..fea28b8 100644
|
|
--- a/src/xdp-utils.h
|
|
+++ b/src/xdp-utils.h
|
|
@@ -88,6 +88,9 @@ char ** xdp_app_info_rewrite_commandline (XdpAppInfo *app_info,
|
|
|
|
G_DEFINE_AUTOPTR_CLEANUP_FUNC(XdpAppInfo, xdp_app_info_unref)
|
|
|
|
+void xdp_set_documents_mountpoint (const char *path);
|
|
+char *xdp_get_alternate_document_path (const char *path, const char *app_id);
|
|
+
|
|
XdpAppInfo *xdp_invocation_lookup_app_info_sync (GDBusMethodInvocation *invocation,
|
|
GCancellable *cancellable,
|
|
GError **error);
|