From edfc39dcb320163ab48e2e7d1fd04e5c0ba19fbe Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Thu, 13 Dec 2018 15:35:13 +0100
Subject: pulseaudio: use create_dir_as_user(); small adjustments

---
 src/firejail/firejail.h   |  2 +-
 src/firejail/fs.c         |  6 ++-
 src/firejail/pulseaudio.c | 98 ++++++++++++++---------------------------------
 src/firejail/util.c       |  8 ++--
 4 files changed, 38 insertions(+), 76 deletions(-)

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index c0072debe..bd392846a 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -540,7 +540,7 @@ uid_t pid_get_uid(pid_t pid);
 uid_t get_group_id(const char *group);
 int remove_overlay_directory(void);
 void flush_stdin(void);
-void create_empty_dir_as_user(const char *dir, mode_t mode);
+int create_empty_dir_as_user(const char *dir, mode_t mode);
 void create_empty_dir_as_root(const char *dir, mode_t mode);
 void create_empty_file_as_root(const char *dir, mode_t mode);
 int set_perms(const char *fname, uid_t uid, gid_t gid, mode_t mode);
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index c689a49fa..5edcdd58f 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -767,7 +767,8 @@ void fs_proc_sys_dev_boot(void) {
 			char *fnamegpg;
 			if (asprintf(&fnamegpg, "/run/user/%d/gnupg", getuid()) == -1)
 				errExit("asprintf");
-			create_empty_dir_as_user(fnamegpg, 0700);
+			if (create_empty_dir_as_user(fnamegpg, 0700))
+				fs_logger2("create", fnamegpg);
 			if (stat(fnamegpg, &s) == 0)
 				disable_file(BLACKLIST_FILE, fnamegpg);
 			free(fnamegpg);
@@ -776,7 +777,8 @@ void fs_proc_sys_dev_boot(void) {
 			char *fnamesysd;
 			if (asprintf(&fnamesysd, "/run/user/%d/systemd", getuid()) == -1)
 				errExit("asprintf");
-			create_empty_dir_as_user(fnamesysd, 0755);
+			if (create_empty_dir_as_user(fnamesysd, 0755))
+				fs_logger2("create", fnamesysd);
 			if (stat(fnamesysd, &s) == 0)
 				disable_file(BLACKLIST_FILE, fnamesysd);
 			free(fnamesysd);
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
index 4ddaba7ed..c683eea3a 100644
--- a/src/firejail/pulseaudio.c
+++ b/src/firejail/pulseaudio.c
@@ -92,7 +92,7 @@ void pulseaudio_init(void) {
 		errExit("asprintf");
 	if (copy_file("/etc/pulse/client.conf", pulsecfg, -1, -1, 0644)) // root needed
 		errExit("copy_file");
-	FILE *fp = fopen(pulsecfg, "a+");
+	FILE *fp = fopen(pulsecfg, "a");
 	if (!fp)
 		errExit("fopen");
 	fprintf(fp, "%s", "\nenable-shm = no\n");
@@ -103,91 +103,49 @@ void pulseaudio_init(void) {
 		errExit("set_perms");
 
 	// create ~/.config/pulse directory if not present
-	char *dir1;
-	if (asprintf(&dir1, "%s/.config", cfg.homedir) == -1)
+	char *homeusercfg;
+	if (asprintf(&homeusercfg, "%s/.config", cfg.homedir) == -1)
 		errExit("asprintf");
-	if (lstat(dir1, &s) == -1) {
-		pid_t child = fork();
-		if (child < 0)
-			errExit("fork");
-		if (child == 0) {
-			// drop privileges
-			drop_privs(0);
-
-			int rv = mkdir(dir1, 0755);
-			if (rv == 0) {
-				if (chmod(dir1, 0755))
-					{;} // do nothing
-			}
-#ifdef HAVE_GCOV
-			__gcov_flush();
-#endif
-			_exit(0);
-		}
-		// wait for the child to finish
-		waitpid(child, NULL, 0);
-		fs_logger2("create", dir1);
+	if (lstat(homeusercfg, &s) == -1) {
+		if (create_empty_dir_as_user(homeusercfg, 0700))
+			fs_logger2("create", homeusercfg);
 	}
-	else {
-		// we expect a user owned directory
-		if (!S_ISDIR(s.st_mode) || s.st_uid != getuid()) {
-			if (S_ISLNK(s.st_mode))
-				fprintf(stderr, "Error: user .config is a symbolic link\n");
-			else
-				fprintf(stderr, "Error: user .config is not a directory owned by the current user\n");
-			exit(1);
-		}
+	else if (!S_ISDIR(s.st_mode)) {
+		if (S_ISLNK(s.st_mode))
+			fprintf(stderr, "Error: %s is a symbolic link\n", homeusercfg);
+		else
+			fprintf(stderr, "Error: %s is not a directory\n", homeusercfg);
+		exit(1);
 	}
-	free(dir1);
+	free(homeusercfg);
 
-	if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
+	if (asprintf(&homeusercfg, "%s/.config/pulse", cfg.homedir) == -1)
 		errExit("asprintf");
-	if (lstat(dir1, &s) == -1) {
-		pid_t child = fork();
-		if (child < 0)
-			errExit("fork");
-		if (child == 0) {
-			// drop privileges
-			drop_privs(0);
-
-			int rv = mkdir(dir1, 0700);
-			if (rv == 0) {
-				if (chmod(dir1, 0700))
-					{;} // do nothing
-			}
-#ifdef HAVE_GCOV
-			__gcov_flush();
-#endif
-			_exit(0);
-		}
-		// wait for the child to finish
-		waitpid(child, NULL, 0);
-		fs_logger2("create", dir1);
+	if (lstat(homeusercfg, &s) == -1) {
+		if (create_empty_dir_as_user(homeusercfg, 0700))
+			fs_logger2("create", homeusercfg);
 	}
-	else {
-		// we expect a user owned directory
-		if (!S_ISDIR(s.st_mode) || s.st_uid != getuid()) {
-			if (S_ISLNK(s.st_mode))
-				fprintf(stderr, "Error: user .config/pulse is a symbolic link\n");
-			else
-				fprintf(stderr, "Error: user .config/pulse is not a directory owned by the current user\n");
-			exit(1);
-		}
+	else if (!S_ISDIR(s.st_mode)) {
+		if (S_ISLNK(s.st_mode))
+			fprintf(stderr, "Error: %s is a symbolic link\n", homeusercfg);
+		else
+			fprintf(stderr, "Error: %s is not a directory\n", homeusercfg);
+		exit(1);
 	}
-	free(dir1);
 
 	// if we have ~/.config/pulse mount the new directory, else set environment variable.
-	char *homeusercfg;
-	if (asprintf(&homeusercfg, "%s/.config/pulse", cfg.homedir) == -1)
-		errExit("asprintf");
 	if (stat(homeusercfg, &s) == 0) {
 		// get a file descriptor for ~/.config/pulse, fails if there is any symlink
 		int fd = safe_fd(homeusercfg, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
 		if (fd == -1)
 			errExit("safe_fd");
 		// confirm the actual mount destination is owned by the user
-		if (fstat(fd, &s) == -1 || s.st_uid != getuid())
+		if (fstat(fd, &s) == -1)
 			errExit("fstat");
+		if (s.st_uid != getuid()) {
+			fprintf(stderr, "Error: %s is not owned by the current user\n", homeusercfg);
+			exit(1);
+		}
 		// preserve a read-only mount
 		struct statvfs vfs;
 		if (fstatvfs(fd, &vfs) == -1)
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 9af41ffe2..8c474f966 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -961,7 +961,8 @@ void flush_stdin(void) {
 	}
 }
 
-void create_empty_dir_as_user(const char *dir, mode_t mode) {
+// return 1 if new directory was created, else return 0
+int create_empty_dir_as_user(const char *dir, mode_t mode) {
 	assert(dir);
 	mode &= 07777;
 	struct stat s;
@@ -980,7 +981,7 @@ void create_empty_dir_as_user(const char *dir, mode_t mode) {
 				if (chmod(dir, mode) == -1)
 					{;} // do nothing
 			}
-			else if (errno != EEXIST && arg_debug) {
+			else if (arg_debug) {
 				char *str;
 				if (asprintf(&str, "Directory %s not created", dir) == -1)
 					errExit("asprintf");
@@ -993,8 +994,9 @@ void create_empty_dir_as_user(const char *dir, mode_t mode) {
 		}
 		waitpid(child, NULL, 0);
 		if (stat(dir, &s) == 0)
-			fs_logger2("create", dir);
+			return 1;
 	}
+	return 0;
 }
 
 void create_empty_dir_as_root(const char *dir, mode_t mode) {
-- 
cgit v1.2.3-54-g00ecf