diff options
Diffstat (limited to 'src/firejail/fs_whitelist.c')
-rw-r--r-- | src/firejail/fs_whitelist.c | 184 |
1 files changed, 10 insertions, 174 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 6a6e91bc9..a2803ccbc 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -370,185 +370,21 @@ void fs_whitelist(void) { | |||
370 | } | 370 | } |
371 | char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | 371 | char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; |
372 | 372 | ||
373 | // resolve ${DOWNLOADS} | 373 | // resolve macros |
374 | if (strcmp(dataptr, "${DOWNLOADS}") == 0) { | 374 | if (is_macro(dataptr)) { |
375 | char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_DOWNLOAD_DIR=\"$HOME/", 24, "Downloads"); | 375 | char *tmp = resolve_macro(dataptr); |
376 | char *tmpw1 = NULL; | 376 | if (tmp != NULL) |
377 | if (tmp1 != NULL) | 377 | tmp = parse_nowhitelist(nowhitelist_flag, tmp); |
378 | tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1); | 378 | |
379 | char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, dentry, "Downloads"); | 379 | if (tmp) { |
380 | char *tmpw2 = NULL; | 380 | entry->data = tmp; |
381 | if (tmp2 != NULL) | ||
382 | tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2); | ||
383 | if (tmp1 && tmpw1) { | ||
384 | entry->data = tmpw1; | ||
385 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
386 | } | ||
387 | else if (tmp2 && tmpw2) { | ||
388 | entry->data = tmpw2; | ||
389 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
390 | } | ||
391 | else { | ||
392 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { | ||
393 | fprintf(stderr, "***\n"); | ||
394 | fprintf(stderr, "*** Warning: cannot whitelist Downloads directory\n"); | ||
395 | fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n"); | ||
396 | fprintf(stderr, "*** \tPlease create a proper Downloads directory for your application.\n"); | ||
397 | fprintf(stderr, "***\n"); | ||
398 | } | ||
399 | entry->data = EMPTY_STRING; | ||
400 | continue; | ||
401 | } | ||
402 | } | ||
403 | |||
404 | // resolve ${MUSIC} | ||
405 | if (strcmp(dataptr, "${MUSIC}") == 0) { | ||
406 | char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_MUSIC_DIR=\"$HOME/", 21, "Music"); | ||
407 | char *tmpw1 = NULL; | ||
408 | if (tmp1 != NULL) | ||
409 | tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1); | ||
410 | char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, mentry, "Music"); | ||
411 | char *tmpw2 = NULL; | ||
412 | if (tmp2 != NULL) | ||
413 | tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2); | ||
414 | if (tmp1 && tmpw1) { | ||
415 | entry->data = tmpw1; | ||
416 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
417 | } | ||
418 | else if (tmp2 && tmpw2) { | ||
419 | entry->data = tmpw2; | ||
420 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
421 | } | ||
422 | else { | ||
423 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { | ||
424 | fprintf(stderr, "***\n"); | ||
425 | fprintf(stderr, "*** Warning: cannot whitelist Music directory\n"); | ||
426 | fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n"); | ||
427 | fprintf(stderr, "*** \tPlease create a proper Music directory for your application.\n"); | ||
428 | fprintf(stderr, "***\n"); | ||
429 | } | ||
430 | entry->data = EMPTY_STRING; | ||
431 | continue; | ||
432 | } | ||
433 | } | ||
434 | |||
435 | // resolve ${VIDEOS} | ||
436 | if (strcmp(dataptr, "${VIDEOS}") == 0) { | ||
437 | char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_VIDEOS_DIR=\"$HOME/", 22, "Videos"); | ||
438 | char *tmpw1 = NULL; | ||
439 | if (tmp1 != NULL) | ||
440 | tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1); | ||
441 | char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, ventry, "Videos"); | ||
442 | char *tmpw2 = NULL; | ||
443 | if (tmp2 != NULL) | ||
444 | tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2); | ||
445 | if (tmp1 && tmpw1) { | ||
446 | entry->data = tmpw1; | ||
447 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
448 | } | ||
449 | else if (tmp2 && tmpw2) { | ||
450 | entry->data = tmpw2; | ||
451 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
452 | } | ||
453 | else { | ||
454 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { | ||
455 | fprintf(stderr, "***\n"); | ||
456 | fprintf(stderr, "*** Warning: cannot whitelist Videos directory\n"); | ||
457 | fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n"); | ||
458 | fprintf(stderr, "*** \tPlease create a proper Videos directory for your application.\n"); | ||
459 | fprintf(stderr, "***\n"); | ||
460 | } | ||
461 | entry->data = EMPTY_STRING; | ||
462 | continue; | ||
463 | } | ||
464 | } | ||
465 | |||
466 | // resolve ${PICTURES} | ||
467 | if (strcmp(dataptr, "${PICTURES}") == 0) { | ||
468 | char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_PICTURES_DIR=\"$HOME/", 24, "Pictures"); | ||
469 | char *tmpw1 = NULL; | ||
470 | if (tmp1 != NULL) | ||
471 | tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1); | ||
472 | char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, pentry, "Pictures"); | ||
473 | char *tmpw2 = NULL; | ||
474 | if (tmp2 != NULL) | ||
475 | tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2); | ||
476 | if (tmp1 && tmpw1) { | ||
477 | entry->data = tmpw1; | ||
478 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | 381 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; |
479 | } | 382 | } |
480 | else if (tmp2 && tmpw2) { | ||
481 | entry->data = tmpw2; | ||
482 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
483 | } | ||
484 | else { | ||
485 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { | ||
486 | fprintf(stderr, "***\n"); | ||
487 | fprintf(stderr, "*** Warning: cannot whitelist Pictures directory\n"); | ||
488 | fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n"); | ||
489 | fprintf(stderr, "*** \tPlease create a proper Pictures directory for your application.\n"); | ||
490 | fprintf(stderr, "***\n"); | ||
491 | } | ||
492 | entry->data = EMPTY_STRING; | ||
493 | continue; | ||
494 | } | ||
495 | } | ||
496 | |||
497 | // resolve ${DESKTOP} | ||
498 | if (strcmp(dataptr, "${DESKTOP}") == 0) { | ||
499 | char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_DESKTOP_DIR=\"$HOME/", 24, "Desktop"); | ||
500 | char *tmpw1 = NULL; | ||
501 | if (tmp1 != NULL) | ||
502 | tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1); | ||
503 | char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, deentry, "Desktop"); | ||
504 | char *tmpw2 = NULL; | ||
505 | if (tmp2 != NULL) | ||
506 | tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2); | ||
507 | if (tmp1 && tmpw1) { | ||
508 | entry->data = tmpw1; | ||
509 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
510 | } | ||
511 | else if (tmp2 && tmpw2) { | ||
512 | entry->data = tmpw2; | ||
513 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
514 | } | ||
515 | else { | ||
516 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { | ||
517 | fprintf(stderr, "***\n"); | ||
518 | fprintf(stderr, "*** Warning: cannot whitelist Desktop directory\n"); | ||
519 | fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n"); | ||
520 | fprintf(stderr, "*** \tPlease create a proper Desktop directory for your application.\n"); | ||
521 | fprintf(stderr, "***\n"); | ||
522 | } | ||
523 | entry->data = EMPTY_STRING; | ||
524 | continue; | ||
525 | } | ||
526 | } | ||
527 | |||
528 | // resolve ${DOCUMENTS} | ||
529 | if (strcmp(dataptr, "${DOCUMENTS}") == 0) { | ||
530 | char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_DOCUMENTS_DIR=\"$HOME/", 25, "Documents"); | ||
531 | char *tmpw1 = NULL; | ||
532 | if (tmp1 != NULL) | ||
533 | tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1); | ||
534 | char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, doentry, "Documents"); | ||
535 | char *tmpw2 = NULL; | ||
536 | if (tmp2 != NULL) | ||
537 | tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2); | ||
538 | if (tmp1 && tmpw1) { | ||
539 | entry->data = tmpw1; | ||
540 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
541 | } | ||
542 | else if (tmp2 && tmpw2) { | ||
543 | entry->data = tmpw2; | ||
544 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | ||
545 | } | ||
546 | else { | 383 | else { |
547 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { | 384 | if (!nowhitelist_flag && !arg_quiet && !arg_private) { |
548 | fprintf(stderr, "***\n"); | 385 | fprintf(stderr, "***\n"); |
549 | fprintf(stderr, "*** Warning: cannot whitelist Documents directory\n"); | 386 | fprintf(stderr, "*** Warning: cannot whitelist %s directory\n", dataptr); |
550 | fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n"); | 387 | fprintf(stderr, "*** Any file saved in this directory will be lost when the sandbox is closed.\n"); |
551 | fprintf(stderr, "*** \tPlease create a proper Documents directory for your application.\n"); | ||
552 | fprintf(stderr, "***\n"); | 388 | fprintf(stderr, "***\n"); |
553 | } | 389 | } |
554 | entry->data = EMPTY_STRING; | 390 | entry->data = EMPTY_STRING; |