Add --dbus-*.see options

The SEE policy of xdg-dbus-proxy allows clients to see objects and bus names, but not interact with them. The --call and --broadcast can allow interactions with objects that have the SEE policy set. Profile support for these proxy options will be added in a future commit.
author: Kristóf Marussy <kris7topher@gmail.com> 2020-05-03 18:24:53 +0200
committer: Kristóf Marussy <kristof@marussy.com> 2020-05-07 01:56:39 +0200
commit: 8b5cb76fd4f0ae52922a198ab50ad3799aac44a3 (patch)
tree: 4b9f24e63cba0ed328ee7d843772f1ecda7d4e78 /src/firejail/main.c
parent: add ommitted scripts from contrib (#3405) (diff)
download: firejail-8b5cb76fd4f0ae52922a198ab50ad3799aac44a3.tar.gz
firejail-8b5cb76fd4f0ae52922a198ab50ad3799aac44a3.tar.zst
firejail-8b5cb76fd4f0ae52922a198ab50ad3799aac44a3.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index dc213b988..fa2b0e2e1 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2073,6 +2073,14 @@ int main(int argc, char **argv, char **envp) {
                                exit(1);
                        }
                }
+                else if (strncmp(argv[i], "--dbus-user.see=", 16) == 0) {
+                        char *line;
+                        if (asprintf(&line, "dbus-user.see %s", argv[i] + 16) == -1)
+                                errExit("asprintf");
+                        profile_check_line(line, 0, NULL); // will exit if something wrong
+                        profile_add(line);
+                }
                else if (strncmp(argv[i], "--dbus-user.talk=", 17) == 0) {
                        char *line;
                        if (asprintf(&line, "dbus-user.talk %s", argv[i] + 17) == -1)
@@ -2103,6 +2111,14 @@ int main(int argc, char **argv, char **envp) {
                                exit(1);
                        }
                }
+                else if (strncmp(argv[i], "--dbus-system.see=", 18) == 0) {
+                        char *line;
+                        if (asprintf(&line, "dbus-system.see %s", argv[i] + 18) == -1)
+                                errExit("asprintf");
+                        profile_check_line(line, 0, NULL); // will exit if something wrong
+                        profile_add(line);
+                }
                else if (strncmp(argv[i], "--dbus-system.talk=", 19) == 0) {
                        char *line;
                        if (asprintf(&line, "dbus-system.talk %s", argv[i] + 19) == -1)
author	Kristóf Marussy <kris7topher@gmail.com>	2020-05-03 18:24:53 +0200
committer	Kristóf Marussy <kristof@marussy.com>	2020-05-07 01:56:39 +0200
commit	8b5cb76fd4f0ae52922a198ab50ad3799aac44a3 (patch)
tree	4b9f24e63cba0ed328ee7d843772f1ecda7d4e78 /src/firejail/main.c
parent	add ommitted scripts from contrib (#3405) (diff)
download	firejail-8b5cb76fd4f0ae52922a198ab50ad3799aac44a3.tar.gz firejail-8b5cb76fd4f0ae52922a198ab50ad3799aac44a3.tar.zst firejail-8b5cb76fd4f0ae52922a198ab50ad3799aac44a3.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index dc213b988..fa2b0e2e1 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -2073,6 +2073,14 @@ int main(int argc, char argv, char envp) {
2073	exit(1);	2073	exit(1);
2074	}	2074	}
2075	}	2075	}
		2076	else if (strncmp(argv[i], "--dbus-user.see=", 16) == 0) {
		2077	char *line;
		2078	if (asprintf(&line, "dbus-user.see %s", argv[i] + 16) == -1)
		2079	errExit("asprintf");
		2080
		2081	profile_check_line(line, 0, NULL); // will exit if something wrong
		2082	profile_add(line);
		2083	}
2076	else if (strncmp(argv[i], "--dbus-user.talk=", 17) == 0) {	2084	else if (strncmp(argv[i], "--dbus-user.talk=", 17) == 0) {
2077	char *line;	2085	char *line;
2078	if (asprintf(&line, "dbus-user.talk %s", argv[i] + 17) == -1)	2086	if (asprintf(&line, "dbus-user.talk %s", argv[i] + 17) == -1)
@@ -2103,6 +2111,14 @@ int main(int argc, char argv, char envp) {
2103	exit(1);	2111	exit(1);
2104	}	2112	}
2105	}	2113	}
		2114	else if (strncmp(argv[i], "--dbus-system.see=", 18) == 0) {
		2115	char *line;
		2116	if (asprintf(&line, "dbus-system.see %s", argv[i] + 18) == -1)
		2117	errExit("asprintf");
		2118
		2119	profile_check_line(line, 0, NULL); // will exit if something wrong
		2120	profile_add(line);
		2121	}
2106	else if (strncmp(argv[i], "--dbus-system.talk=", 19) == 0) {	2122	else if (strncmp(argv[i], "--dbus-system.talk=", 19) == 0) {
2107	char *line;	2123	char *line;
2108	if (asprintf(&line, "dbus-system.talk %s", argv[i] + 19) == -1)	2124	if (asprintf(&line, "dbus-system.talk %s", argv[i] + 19) == -1)