diff options
| author |  netblue30 <netblue30@yahoo.com> | 2019-01-21 09:50:43 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2019-01-21 09:50:43 -0500 |
| commit | 76a20bcedacdb7861b04a60e0cc5a35753ef2790 (patch) | |
| tree | fc34cfc1173273597e4483afa2d4c07e74924530 /src | |
| parent | release 0.9.58-rc1 (diff) | |
| download | firejail-76a20bcedacdb7861b04a60e0cc5a35753ef2790.tar.gz firejail-76a20bcedacdb7861b04a60e0cc5a35753ef2790.tar.zst firejail-76a20bcedacdb7861b04a60e0cc5a35753ef2790.zip | |
conditional testing0.9.58-rc1
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/profile.c | 52 |
1 files changed, 35 insertions, 17 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index a6d619f38..83caef199 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -34,11 +34,12 @@ static int profile_find(const char *name, const char *dir, int add_ext) { | |||
| 34 | int rv = 0; | 34 | int rv = 0; |
| 35 | DIR *dp; | 35 | DIR *dp; |
| 36 | char *pname = NULL; | 36 | char *pname = NULL; |
| 37 | if (add_ext) | 37 | if (add_ext) { |
| 38 | if (asprintf(&pname, "%s.profile", name) == -1) | 38 | if (asprintf(&pname, "%s.profile", name) == -1) |
| 39 | errExit("asprintf"); | 39 | errExit("asprintf"); |
| 40 | else | 40 | else |
| 41 | name = pname; | 41 | name = pname; |
| 42 | } | ||
| 42 | 43 | ||
| 43 | dp = opendir (dir); | 44 | dp = opendir (dir); |
| 44 | if (dp != NULL) { | 45 | if (dp != NULL) { |
| @@ -133,40 +134,54 @@ void profile_add_ignore(const char *str) { | |||
| 133 | } | 134 | } |
| 134 | } | 135 | } |
| 135 | 136 | ||
| 137 | typedef struct cond_t { | ||
| 138 | const char *name; // conditional name | ||
| 139 | int (*check)(void); // true if set | ||
| 140 | } Cond; | ||
| 141 | |||
| 142 | static int check_appimage(void) { | ||
| 143 | return arg_appimage != 0; | ||
| 144 | } | ||
| 145 | |||
| 146 | static int check_nodbus(void) { | ||
| 147 | return arg_nodbus != 0; | ||
| 148 | } | ||
| 149 | |||
| 150 | static int check_disable_u2f(void) { | ||
| 151 | return checkcfg(CFG_BROWSER_DISABLE_U2F) != 0; | ||
| 152 | } | ||
| 153 | |||
| 154 | Cond conditionals[] = { | ||
| 155 | {"HAS_APPIMAGE", check_appimage}, | ||
| 156 | {"HAS_NODBUS", check_nodbus}, | ||
| 157 | {"BROWSER_DISABLE_U2F", check_disable_u2f}, | ||
| 158 | { NULL, NULL } | ||
| 159 | }; | ||
| 136 | 160 | ||
| 137 | int profile_check_conditional(char *ptr, int lineno, const char *fname) { | 161 | int profile_check_conditional(char *ptr, int lineno, const char *fname) { |
| 138 | struct cond_t { | ||
| 139 | char *name; // conditional name | ||
| 140 | size_t len; // length of name | ||
| 141 | bool value; // true if set | ||
| 142 | } conditionals[] = { | ||
| 143 | {"HAS_APPIMAGE", strlen("HAS_APPIMAGE"), arg_appimage!=0}, | ||
| 144 | {"HAS_NODBUS", strlen("HAS_NODBUS"), arg_nodbus!=0}, | ||
| 145 | {"BROWSER_DISABLE_U2F", strlen("BROWSER_DISABLE_U2F"), checkcfg(CFG_BROWSER_DISABLE_U2F)!=0}, | ||
| 146 | NULL | ||
| 147 | }, *cond = conditionals; | ||
| 148 | char *tmp = ptr, *msg = NULL; | 162 | char *tmp = ptr, *msg = NULL; |
| 149 | 163 | ||
| 150 | if (*ptr++ != '?') | 164 | if (*ptr++ != '?') |
| 151 | return 1; | 165 | return 1; |
| 152 | 166 | ||
| 167 | Cond *cond = conditionals; | ||
| 153 | while (cond->name) { | 168 | while (cond->name) { |
| 154 | // continue if not this conditional | 169 | // continue if not this conditional |
| 155 | if (strncmp(ptr, cond->name, cond->len) != 0) { | 170 | if (strncmp(ptr, cond->name, strlen(cond->name)) != 0) { |
| 156 | cond++; | 171 | cond++; |
| 157 | continue; | 172 | continue; |
| 158 | } | 173 | } |
| 159 | ptr += cond->len; | 174 | ptr += strlen(cond->name); |
| 160 | 175 | ||
| 161 | if (*ptr == ' ') | 176 | if (*ptr == ' ') |
| 162 | ptr++; | 177 | ptr++; |
| 163 | if (*ptr++ != ':') { | 178 | if (*ptr++ != ':') { |
| 164 | msg = "invalid syntax: colon must come after conditional"; | 179 | msg = "invalid conditional syntax: colon must come after conditional"; |
| 165 | ptr = tmp; | 180 | ptr = tmp; |
| 166 | goto error; | 181 | goto error; |
| 167 | } | 182 | } |
| 168 | if (*ptr == '\0') { | 183 | if (*ptr == '\0') { |
| 169 | msg = "invalid conditional line: no profile line after conditional"; | 184 | msg = "invalid conditional syntax: no profile line after conditional"; |
| 170 | ptr = tmp; | 185 | ptr = tmp; |
| 171 | goto error; | 186 | goto error; |
| 172 | } | 187 | } |
| @@ -174,7 +189,8 @@ int profile_check_conditional(char *ptr, int lineno, const char *fname) { | |||
| 174 | ptr++; | 189 | ptr++; |
| 175 | 190 | ||
| 176 | // if set, continue processing statement in caller | 191 | // if set, continue processing statement in caller |
| 177 | if (cond->value) { | 192 | int value = cond->check(); |
| 193 | if (value) { | ||
| 178 | // move ptr to start of profile line | 194 | // move ptr to start of profile line |
| 179 | ptr = strdup(ptr); | 195 | ptr = strdup(ptr); |
| 180 | if (!ptr) | 196 | if (!ptr) |
| @@ -184,13 +200,15 @@ int profile_check_conditional(char *ptr, int lineno, const char *fname) { | |||
| 184 | // quiet or include directives | 200 | // quiet or include directives |
| 185 | if ((strncmp(ptr, "quiet", 5) == 0) || | 201 | if ((strncmp(ptr, "quiet", 5) == 0) || |
| 186 | (strncmp(ptr, "include", 7) == 0)) { | 202 | (strncmp(ptr, "include", 7) == 0)) { |
| 187 | msg = "invalid profile line: quiet and include not allowed in conditionals"; | 203 | msg = "invalid conditional syntax: quiet and include not allowed in conditionals"; |
| 188 | ptr = tmp; | 204 | ptr = tmp; |
| 189 | goto error; | 205 | goto error; |
| 190 | } | 206 | } |
| 191 | free(tmp); | 207 | free(tmp); |
| 192 | 208 | ||
| 193 | // verify syntax, exit in case of error | 209 | // verify syntax, exit in case of error |
| 210 | if (arg_debug) | ||
| 211 | printf("conditional %s, %s\n", cond->name, ptr); | ||
| 194 | if (profile_check_line(ptr, lineno, fname)) | 212 | if (profile_check_line(ptr, lineno, fname)) |
| 195 | profile_add(ptr); | 213 | profile_add(ptr); |
| 196 | } | 214 | } |