1 files changed, 10 insertions, 174 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 6a6e91bc9..a2803ccbc 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -370,185 +370,21 @@ void fs_whitelist(void) {
                }
                char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                // resolve ${DOWNLOADS}
+                // resolve macros
-                if (strcmp(dataptr, "${DOWNLOADS}") == 0) {
+                if (is_macro(dataptr)) {
-                  char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_DOWNLOAD_DIR=\"$HOME/", 24, "Downloads");
+                        char *tmp = resolve_macro(dataptr);
-                  char *tmpw1 = NULL;
+                        if (tmp != NULL)
-                  if (tmp1 != NULL)
+                                tmp = parse_nowhitelist(nowhitelist_flag, tmp);
-                    tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
-                  char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, dentry, "Downloads");
+                        if (tmp) {
-                  char *tmpw2 = NULL;
+                                entry->data = tmp;
-                  if (tmp2 != NULL)
-                    tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
-                  if (tmp1 && tmpw1) {
-                    entry->data = tmpw1;
-                    dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                  }
-                  else if (tmp2 && tmpw2) {
-                    entry->data = tmpw2;
-                    dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                  }
-                  else {
-                    if (!nowhitelist_flag && !arg_quiet && !arg_private) {
-                      fprintf(stderr, "***\n");
-                      fprintf(stderr, "*** Warning: cannot whitelist Downloads directory\n");
-                      fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
-                      fprintf(stderr, "*** \tPlease create a proper Downloads directory for your application.\n");
-                      fprintf(stderr, "***\n");
-                    }
-                    entry->data = EMPTY_STRING;
-                    continue;
-                  }
-                }
-                // resolve ${MUSIC}
-                if (strcmp(dataptr, "${MUSIC}") == 0) {
-                        char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_MUSIC_DIR=\"$HOME/", 21, "Music");
-                        char *tmpw1 = NULL;
-                        if (tmp1 != NULL)
-                          tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
-                        char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, mentry, "Music");
-                        char *tmpw2 = NULL;
-                        if (tmp2 != NULL)
-                          tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
-                        if (tmp1 && tmpw1) {
-                                entry->data = tmpw1;
-                                dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                        }
-                        else if (tmp2 && tmpw2) {
-                          entry->data = tmpw2;
-                          dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                        }
-                        else {
-                                if (!nowhitelist_flag && !arg_quiet && !arg_private) {
-                                        fprintf(stderr, "***\n");
-                                        fprintf(stderr, "*** Warning: cannot whitelist Music directory\n");
-                                        fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
-                                        fprintf(stderr, "*** \tPlease create a proper Music directory for your application.\n");
-                                        fprintf(stderr, "***\n");
-                                }
-                                entry->data = EMPTY_STRING;
-                                continue;
-                        }
-                }
-                // resolve ${VIDEOS}
-                if (strcmp(dataptr, "${VIDEOS}") == 0) {
-                        char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_VIDEOS_DIR=\"$HOME/", 22, "Videos");
-                        char *tmpw1 = NULL;
-                        if (tmp1 != NULL)
-                          tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
-                        char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, ventry, "Videos");
-                        char *tmpw2 = NULL;
-                        if (tmp2 != NULL)
-                          tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
-                        if (tmp1 && tmpw1) {
-                                entry->data = tmpw1;
-                                dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                        }
-                        else if (tmp2 && tmpw2) {
-                          entry->data = tmpw2;
-                          dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                        }
-                        else {
-                                if (!nowhitelist_flag && !arg_quiet && !arg_private) {
-                                        fprintf(stderr, "***\n");
-                                        fprintf(stderr, "*** Warning: cannot whitelist Videos directory\n");
-                                        fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
-                                        fprintf(stderr, "*** \tPlease create a proper Videos directory for your application.\n");
-                                        fprintf(stderr, "***\n");
-                                }
-                                entry->data = EMPTY_STRING;
-                                continue;
-                        }
-                }
-                // resolve ${PICTURES}
-                if (strcmp(dataptr, "${PICTURES}") == 0) {
-                        char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_PICTURES_DIR=\"$HOME/", 24, "Pictures");
-                        char *tmpw1 = NULL;
-                        if (tmp1 != NULL)
-                          tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
-                        char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, pentry, "Pictures");
-                        char *tmpw2 = NULL;
-                        if (tmp2 != NULL)
-                          tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
-                        if (tmp1 && tmpw1) {
-                                entry->data = tmpw1;
                                dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
                        }
-                        else if (tmp2 && tmpw2) {
-                          entry->data = tmpw2;
-                          dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                        }
-                        else {
-                                if (!nowhitelist_flag && !arg_quiet && !arg_private) {
-                                        fprintf(stderr, "***\n");
-                                        fprintf(stderr, "*** Warning: cannot whitelist Pictures directory\n");
-                                        fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
-                                        fprintf(stderr, "*** \tPlease create a proper Pictures directory for your application.\n");
-                                        fprintf(stderr, "***\n");
-                                }
-                                entry->data = EMPTY_STRING;
-                                continue;
-                        }
-                }
-                // resolve ${DESKTOP}
-                if (strcmp(dataptr, "${DESKTOP}") == 0) {
-                        char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_DESKTOP_DIR=\"$HOME/", 24, "Desktop");
-                        char *tmpw1 = NULL;
-                        if (tmp1 != NULL)
-                          tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
-                        char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, deentry, "Desktop");
-                        char *tmpw2 = NULL;
-                        if (tmp2 != NULL)
-                          tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
-                        if (tmp1 && tmpw1) {
-                                entry->data = tmpw1;
-                                dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                        }
-                        else if (tmp2 && tmpw2) {
-                          entry->data = tmpw2;
-                          dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                        }
-                        else {
-                                if (!nowhitelist_flag && !arg_quiet && !arg_private) {
-                                        fprintf(stderr, "***\n");
-                                        fprintf(stderr, "*** Warning: cannot whitelist Desktop directory\n");
-                                        fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
-                                        fprintf(stderr, "*** \tPlease create a proper Desktop directory for your application.\n");
-                                        fprintf(stderr, "***\n");
-                                }
-                                entry->data = EMPTY_STRING;
-                                continue;
-                        }
-                }
-                // resolve ${DOCUMENTS}
-                if (strcmp(dataptr, "${DOCUMENTS}") == 0) {
-                        char *tmp1 = resolve_xdg(arg_debug || arg_debug_whitelists, "XDG_DOCUMENTS_DIR=\"$HOME/", 25, "Documents");
-                        char *tmpw1 = NULL;
-                        if (tmp1 != NULL)
-                          tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
-                        char *tmp2 = resolve_hardcoded(arg_debug || arg_debug_whitelists, doentry, "Documents");
-                        char *tmpw2 = NULL;
-                        if (tmp2 != NULL)
-                          tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
-                        if (tmp1 && tmpw1) {
-                                entry->data = tmpw1;
-                                dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                        }
-                        else if (tmp2 && tmpw2) {
-                          entry->data = tmpw2;
-                          dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
-                        }
                        else {
                                if (!nowhitelist_flag && !arg_quiet && !arg_private) {
                                        fprintf(stderr, "***\n");
-                                        fprintf(stderr, "*** Warning: cannot whitelist Documents directory\n");
+                                        fprintf(stderr, "*** Warning: cannot whitelist %s directory\n", dataptr);
-                                        fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
+                                        fprintf(stderr, "*** Any file saved in this directory will be lost when the sandbox is closed.\n");
-                                        fprintf(stderr, "*** \tPlease create a proper Documents directory for your application.\n");
                                        fprintf(stderr, "***\n");
                                }
                                entry->data = EMPTY_STRING;

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 6a6e91bc9..a2803ccbc 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c
@@ -370,185 +370,21 @@ void fs_whitelist(void) {
370	}	370	}
371	char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;	371	char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
372		372
373	// resolve ${DOWNLOADS}	373	// resolve macros
374	if (strcmp(dataptr, "${DOWNLOADS}") == 0) {	374	if (is_macro(dataptr)) {
375	char *tmp1 = resolve_xdg(arg_debug \|\| arg_debug_whitelists, "XDG_DOWNLOAD_DIR=\"$HOME/", 24, "Downloads");	375	char *tmp = resolve_macro(dataptr);
376	char *tmpw1 = NULL;	376	if (tmp != NULL)
377	if (tmp1 != NULL)	377	tmp = parse_nowhitelist(nowhitelist_flag, tmp);
378	tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);	378
379	char *tmp2 = resolve_hardcoded(arg_debug \|\| arg_debug_whitelists, dentry, "Downloads");	379	if (tmp) {
380	char *tmpw2 = NULL;	380	entry->data = tmp;
381	if (tmp2 != NULL)
382	tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
383	if (tmp1 && tmpw1) {
384	entry->data = tmpw1;
385	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
386	}
387	else if (tmp2 && tmpw2) {
388	entry->data = tmpw2;
389	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
390	}
391	else {
392	if (!nowhitelist_flag && !arg_quiet && !arg_private) {
393	fprintf(stderr, "***\n");
394	fprintf(stderr, "*** Warning: cannot whitelist Downloads directory\n");
395	fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
396	fprintf(stderr, "*** \tPlease create a proper Downloads directory for your application.\n");
397	fprintf(stderr, "***\n");
398	}
399	entry->data = EMPTY_STRING;
400	continue;
401	}
402	}
403
404	// resolve ${MUSIC}
405	if (strcmp(dataptr, "${MUSIC}") == 0) {
406	char *tmp1 = resolve_xdg(arg_debug \|\| arg_debug_whitelists, "XDG_MUSIC_DIR=\"$HOME/", 21, "Music");
407	char *tmpw1 = NULL;
408	if (tmp1 != NULL)
409	tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
410	char *tmp2 = resolve_hardcoded(arg_debug \|\| arg_debug_whitelists, mentry, "Music");
411	char *tmpw2 = NULL;
412	if (tmp2 != NULL)
413	tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
414	if (tmp1 && tmpw1) {
415	entry->data = tmpw1;
416	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
417	}
418	else if (tmp2 && tmpw2) {
419	entry->data = tmpw2;
420	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
421	}
422	else {
423	if (!nowhitelist_flag && !arg_quiet && !arg_private) {
424	fprintf(stderr, "***\n");
425	fprintf(stderr, "*** Warning: cannot whitelist Music directory\n");
426	fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
427	fprintf(stderr, "*** \tPlease create a proper Music directory for your application.\n");
428	fprintf(stderr, "***\n");
429	}
430	entry->data = EMPTY_STRING;
431	continue;
432	}
433	}
434
435	// resolve ${VIDEOS}
436	if (strcmp(dataptr, "${VIDEOS}") == 0) {
437	char *tmp1 = resolve_xdg(arg_debug \|\| arg_debug_whitelists, "XDG_VIDEOS_DIR=\"$HOME/", 22, "Videos");
438	char *tmpw1 = NULL;
439	if (tmp1 != NULL)
440	tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
441	char *tmp2 = resolve_hardcoded(arg_debug \|\| arg_debug_whitelists, ventry, "Videos");
442	char *tmpw2 = NULL;
443	if (tmp2 != NULL)
444	tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
445	if (tmp1 && tmpw1) {
446	entry->data = tmpw1;
447	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
448	}
449	else if (tmp2 && tmpw2) {
450	entry->data = tmpw2;
451	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
452	}
453	else {
454	if (!nowhitelist_flag && !arg_quiet && !arg_private) {
455	fprintf(stderr, "***\n");
456	fprintf(stderr, "*** Warning: cannot whitelist Videos directory\n");
457	fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
458	fprintf(stderr, "*** \tPlease create a proper Videos directory for your application.\n");
459	fprintf(stderr, "***\n");
460	}
461	entry->data = EMPTY_STRING;
462	continue;
463	}
464	}
465
466	// resolve ${PICTURES}
467	if (strcmp(dataptr, "${PICTURES}") == 0) {
468	char *tmp1 = resolve_xdg(arg_debug \|\| arg_debug_whitelists, "XDG_PICTURES_DIR=\"$HOME/", 24, "Pictures");
469	char *tmpw1 = NULL;
470	if (tmp1 != NULL)
471	tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
472	char *tmp2 = resolve_hardcoded(arg_debug \|\| arg_debug_whitelists, pentry, "Pictures");
473	char *tmpw2 = NULL;
474	if (tmp2 != NULL)
475	tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
476	if (tmp1 && tmpw1) {
477	entry->data = tmpw1;
478	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;	381	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
479	}	382	}
480	else if (tmp2 && tmpw2) {
481	entry->data = tmpw2;
482	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
483	}
484	else {
485	if (!nowhitelist_flag && !arg_quiet && !arg_private) {
486	fprintf(stderr, "***\n");
487	fprintf(stderr, "*** Warning: cannot whitelist Pictures directory\n");
488	fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
489	fprintf(stderr, "*** \tPlease create a proper Pictures directory for your application.\n");
490	fprintf(stderr, "***\n");
491	}
492	entry->data = EMPTY_STRING;
493	continue;
494	}
495	}
496
497	// resolve ${DESKTOP}
498	if (strcmp(dataptr, "${DESKTOP}") == 0) {
499	char *tmp1 = resolve_xdg(arg_debug \|\| arg_debug_whitelists, "XDG_DESKTOP_DIR=\"$HOME/", 24, "Desktop");
500	char *tmpw1 = NULL;
501	if (tmp1 != NULL)
502	tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
503	char *tmp2 = resolve_hardcoded(arg_debug \|\| arg_debug_whitelists, deentry, "Desktop");
504	char *tmpw2 = NULL;
505	if (tmp2 != NULL)
506	tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
507	if (tmp1 && tmpw1) {
508	entry->data = tmpw1;
509	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
510	}
511	else if (tmp2 && tmpw2) {
512	entry->data = tmpw2;
513	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
514	}
515	else {
516	if (!nowhitelist_flag && !arg_quiet && !arg_private) {
517	fprintf(stderr, "***\n");
518	fprintf(stderr, "*** Warning: cannot whitelist Desktop directory\n");
519	fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");
520	fprintf(stderr, "*** \tPlease create a proper Desktop directory for your application.\n");
521	fprintf(stderr, "***\n");
522	}
523	entry->data = EMPTY_STRING;
524	continue;
525	}
526	}
527
528	// resolve ${DOCUMENTS}
529	if (strcmp(dataptr, "${DOCUMENTS}") == 0) {
530	char *tmp1 = resolve_xdg(arg_debug \|\| arg_debug_whitelists, "XDG_DOCUMENTS_DIR=\"$HOME/", 25, "Documents");
531	char *tmpw1 = NULL;
532	if (tmp1 != NULL)
533	tmpw1 = parse_nowhitelist(nowhitelist_flag, tmp1);
534	char *tmp2 = resolve_hardcoded(arg_debug \|\| arg_debug_whitelists, doentry, "Documents");
535	char *tmpw2 = NULL;
536	if (tmp2 != NULL)
537	tmpw2 = parse_nowhitelist(nowhitelist_flag, tmp2);
538	if (tmp1 && tmpw1) {
539	entry->data = tmpw1;
540	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
541	}
542	else if (tmp2 && tmpw2) {
543	entry->data = tmpw2;
544	dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
545	}
546	else {	383	else {
547	if (!nowhitelist_flag && !arg_quiet && !arg_private) {	384	if (!nowhitelist_flag && !arg_quiet && !arg_private) {
548	fprintf(stderr, "***\n");	385	fprintf(stderr, "***\n");
549	fprintf(stderr, "*** Warning: cannot whitelist Documents directory\n");	386	fprintf(stderr, "*** Warning: cannot whitelist %s directory\n", dataptr);
550	fprintf(stderr, "*** \tAny file saved will be lost when the sandbox is closed.\n");	387	fprintf(stderr, "*** Any file saved in this directory will be lost when the sandbox is closed.\n");
551	fprintf(stderr, "*** \tPlease create a proper Documents directory for your application.\n");
552	fprintf(stderr, "***\n");	388	fprintf(stderr, "***\n");
553	}	389	}
554	entry->data = EMPTY_STRING;	390	entry->data = EMPTY_STRING;