Add --dbus-*.see options

The SEE policy of xdg-dbus-proxy allows clients to see objects and bus
names, but not interact with them. The --call and --broadcast can allow
interactions with objects that have the SEE policy set. Profile support
for these proxy options will be added in a future commit.

1 files changed, 14 insertions, 0 deletions

diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 0be119903..f2959686a 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -452,6 +452,13 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 }
                 return 0;
         }
+        else if (strncmp(ptr, "dbus-user.see ", 14) == 0) {
+                if (!dbus_check_name(ptr + 14)) {
+                        printf("Invalid dbus-user.see name: %s\n", ptr + 15);
+                        exit(1);
+                }
+                return 1;
+        }
         else if (strncmp(ptr, "dbus-user.talk ", 15) == 0) {
                 if (!dbus_check_name(ptr + 15)) {
                         printf("Invalid dbus-user.talk name: %s\n", ptr + 15);
@@ -482,6 +489,13 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 }
                 return 0;
         }
+        else if (strncmp(ptr, "dbus-system.see ", 16) == 0) {
+                if (!dbus_check_name(ptr + 16)) {
+                        fprintf(stderr, "Invalid dbus-system.see name: %s\n", ptr + 17);
+                        exit(1);
+                }
+                return 1;
+        }
         else if (strncmp(ptr, "dbus-system.talk ", 17) == 0) {
                 if (!dbus_check_name(ptr + 17)) {
                         fprintf(stderr, "Invalid dbus-system.talk name: %s\n", ptr + 17);