diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-09-25 11:19:30 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-09-25 11:19:30 -0400 |
| commit | 3e69deba3519aade7d2be64d2687de3459c7c229 (patch) | |
| tree | 4c726887ca009744db85996412f1019ec9ae1b76 /src/firecfg/desktop_files.c | |
| parent | fix nginx and apache2, possible fix for #1534 (diff) | |
| download | firejail-3e69deba3519aade7d2be64d2687de3459c7c229.tar.gz firejail-3e69deba3519aade7d2be64d2687de3459c7c229.tar.zst firejail-3e69deba3519aade7d2be64d2687de3459c7c229.zip | |
fix firecfg
Diffstat (limited to 'src/firecfg/desktop_files.c')
| -rw-r--r-- | src/firecfg/desktop_files.c | 118 |
1 files changed, 74 insertions, 44 deletions
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index eaedc4b64..c1d456147 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c | |||
| @@ -19,33 +19,15 @@ | |||
| 19 | */ | 19 | */ |
| 20 | 20 | ||
| 21 | #include "firecfg.h" | 21 | #include "firecfg.h" |
| 22 | #include <ctype.h> | ||
| 22 | 23 | ||
| 23 | // look for a profile file in /etc/firejail diectory and in homedir/.config/firejail directory | 24 | static int check_profile(const char *name, const char *homedir) { |
| 24 | static int have_profile(const char *filename, const char *homedir) { | ||
| 25 | assert(filename); | ||
| 26 | assert(homedir); | ||
| 27 | |||
| 28 | if (arg_debug) | ||
| 29 | printf("checking profile for %s\n", filename); | ||
| 30 | |||
| 31 | // remove .desktop extension; if file name starts with org.gnome... remove it | ||
| 32 | char *f1; | ||
| 33 | if (strncmp(filename, "org.gnome.", 10) == 0) | ||
| 34 | f1 = strdup(filename + 10); | ||
| 35 | else | ||
| 36 | f1 = strdup(filename); | ||
| 37 | if (!f1) | ||
| 38 | errExit("strdup"); | ||
| 39 | f1[strlen(f1) - 8] = '\0'; | ||
| 40 | if (arg_debug) | ||
| 41 | printf("looking for a profile for %s - %s\n", filename, f1); | ||
| 42 | |||
| 43 | // build profile name | 25 | // build profile name |
| 44 | char *profname1; | 26 | char *profname1; |
| 45 | char *profname2; | 27 | char *profname2; |
| 46 | if (asprintf(&profname1, "%s/%s.profile", SYSCONFDIR, f1) == -1) | 28 | if (asprintf(&profname1, "%s/%s.profile", SYSCONFDIR, name) == -1) |
| 47 | errExit("asprintf"); | 29 | errExit("asprintf"); |
| 48 | if (asprintf(&profname2, "%s/.config/firejail/%s.profile", homedir, f1) == -1) | 30 | if (asprintf(&profname2, "%s/.config/firejail/%s.profile", homedir, name) == -1) |
| 49 | errExit("asprintf"); | 31 | errExit("asprintf"); |
| 50 | 32 | ||
| 51 | int rv = 0; | 33 | int rv = 0; |
| @@ -60,14 +42,57 @@ static int have_profile(const char *filename, const char *homedir) { | |||
| 60 | rv = 1; | 42 | rv = 1; |
| 61 | } | 43 | } |
| 62 | 44 | ||
| 63 | if (arg_debug) | ||
| 64 | printf("Profile for %s %s\n", f1, (rv)? "found": "not found"); | ||
| 65 | free(f1); | ||
| 66 | free(profname1); | 45 | free(profname1); |
| 67 | free(profname2); | 46 | free(profname2); |
| 68 | return rv; | 47 | return rv; |
| 69 | } | 48 | } |
| 70 | 49 | ||
| 50 | |||
| 51 | // look for a profile file in /etc/firejail diectory and in homedir/.config/firejail directory | ||
| 52 | static int have_profile(const char *filename, const char *homedir) { | ||
| 53 | assert(filename); | ||
| 54 | assert(homedir); | ||
| 55 | |||
| 56 | if (arg_debug) | ||
| 57 | printf("checking profile for %s\n", filename); | ||
| 58 | |||
| 59 | // we get strange names here, such as .org.gnom.gedit.desktop, com.uploadedlobster.peek.desktop, | ||
| 60 | // or io.github.Pithos.desktop; extract the word before .desktop | ||
| 61 | |||
| 62 | char *tmpfname = strdup(filename); | ||
| 63 | if (!tmpfname) | ||
| 64 | errExit("strdup"); | ||
| 65 | |||
| 66 | // check .desktop extension | ||
| 67 | int len = strlen(tmpfname); | ||
| 68 | if (len <= 8) | ||
| 69 | return 0; | ||
| 70 | if (strcmp(tmpfname + len - 8, ".desktop")) | ||
| 71 | return 0; | ||
| 72 | tmpfname[len - 8] = '\0'; | ||
| 73 | |||
| 74 | // extract last word | ||
| 75 | char *last_word = strrchr(tmpfname, '.'); | ||
| 76 | if (last_word) | ||
| 77 | last_word++; | ||
| 78 | else | ||
| 79 | last_word = tmpfname; | ||
| 80 | |||
| 81 | // try lowercase | ||
| 82 | last_word[0] = tolower(last_word[0]); | ||
| 83 | int rv = check_profile(last_word, homedir); | ||
| 84 | if (rv) { | ||
| 85 | free(tmpfname); | ||
| 86 | return rv; | ||
| 87 | } | ||
| 88 | |||
| 89 | // try uppercase | ||
| 90 | last_word[0] = toupper(last_word[0]); | ||
| 91 | rv = check_profile(last_word, homedir); | ||
| 92 | free(tmpfname); | ||
| 93 | return rv; | ||
| 94 | } | ||
| 95 | |||
| 71 | void fix_desktop_files(char *homedir) { | 96 | void fix_desktop_files(char *homedir) { |
| 72 | assert(homedir); | 97 | assert(homedir); |
| 73 | struct stat sb; | 98 | struct stat sb; |
| @@ -174,34 +199,36 @@ void fix_desktop_files(char *homedir) { | |||
| 174 | continue; | 199 | continue; |
| 175 | } | 200 | } |
| 176 | 201 | ||
| 177 | |||
| 178 | // try to decide if we need to covert this file | 202 | // try to decide if we need to covert this file |
| 179 | char *change_exec = NULL; | 203 | char *change_exec = NULL; |
| 180 | int change_dbus = 0; | 204 | int change_dbus = 0; |
| 181 | 205 | ||
| 206 | if (strstr(buf, "\nDBusActivatable=true")) | ||
| 207 | change_dbus = 1; | ||
| 208 | |||
| 182 | // https://specifications.freedesktop.org/desktop-entry-spec/latest/ar01s06.html | 209 | // https://specifications.freedesktop.org/desktop-entry-spec/latest/ar01s06.html |
| 183 | // The executable program can either be specified with its full path | 210 | // The executable program can either be specified with its full path |
| 184 | // or with the name of the executable only | 211 | // or with the name of the executable only |
| 185 | if (execname[0] == '/') { | 212 | if (execname[0] == '/') { |
| 186 | char *end_name = strchr(execname, ' '); | 213 | // mark end of line |
| 187 | if (end_name) { | 214 | char *end = strchr(execname, '\n'); |
| 188 | *end_name = '\0'; | 215 | if (end) |
| 189 | char *start_name = strrchr(execname, '/'); | 216 | *end = '\0'; |
| 190 | if (start_name) { | 217 | end = strchr(execname, ' '); |
| 191 | start_name++; | 218 | if (end) |
| 192 | // check if we have the executable on the regular path | 219 | *end = '\0'; |
| 193 | if (which(start_name)) { | 220 | char *start_name = strrchr(execname, '/'); |
| 194 | change_exec = strdup(start_name); | 221 | if (start_name) { |
| 195 | if (!change_exec) | 222 | start_name++; |
| 196 | errExit("strdup"); | 223 | // check if we have the executable on the regular path |
| 197 | } | 224 | if (which(start_name)) { |
| 225 | change_exec = strdup(start_name); | ||
| 226 | if (!change_exec) | ||
| 227 | errExit("strdup"); | ||
| 198 | } | 228 | } |
| 199 | } | 229 | } |
| 200 | } | 230 | } |
| 201 | 231 | ||
| 202 | if (strstr(buf, "\nDBusActivatable=true")) | ||
| 203 | change_dbus = 1; | ||
| 204 | |||
| 205 | if (change_exec == NULL && change_dbus == 0) { | 232 | if (change_exec == NULL && change_dbus == 0) { |
| 206 | munmap(buf, sb.st_size + 1); | 233 | munmap(buf, sb.st_size + 1); |
| 207 | continue; | 234 | continue; |
| @@ -242,9 +269,12 @@ void fix_desktop_files(char *homedir) { | |||
| 242 | fprintf(fpout, "DBusActivatable=false\n"); | 269 | fprintf(fpout, "DBusActivatable=false\n"); |
| 243 | else if (change_exec && strncmp(fbuf, "Exec=", 5) == 0) { | 270 | else if (change_exec && strncmp(fbuf, "Exec=", 5) == 0) { |
| 244 | char *start_params = strchr(fbuf + 5, ' '); | 271 | char *start_params = strchr(fbuf + 5, ' '); |
| 245 | assert(start_params); | 272 | if (start_params) { |
| 246 | start_params++; | 273 | start_params++; |
| 247 | fprintf(fpout, "Exec=%s %s", change_exec, start_params); | 274 | fprintf(fpout, "Exec=%s %s", change_exec, start_params); |
| 275 | } | ||
| 276 | else | ||
| 277 | fprintf(fpout, "Exec=%s\n", change_exec); | ||
| 248 | } | 278 | } |
| 249 | else | 279 | else |
| 250 | fprintf(fpout, "%s", fbuf); | 280 | fprintf(fpout, "%s", fbuf); |