From 0838606e623fc11fac5fd8db8b197d63f3e21f32 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 8 Jul 2016 09:39:18 -0400
Subject: added mkfile profile command

---
 src/firejail/firejail.h      |  1 +
 src/firejail/fs_mkdir.c      | 33 +++++++++++++++++++++++++++++++++
 src/firejail/profile.c       |  5 +++++
 src/man/firejail-profile.txt |  4 ++++
 4 files changed, 43 insertions(+)

(limited to 'src')

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 24af41192..3d0e9a51b 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -548,6 +548,7 @@ char **build_paths(void);
 
 // fs_mkdir.c
 void fs_mkdir(const char *name);
+void fs_mkfile(const char *name);
 
 // x11.c
 void fs_x11(void);
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index 398c534bf..c4ce52079 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -48,3 +48,36 @@ void fs_mkdir(const char *name) {
 doexit:
 	free(expanded);
 }	
+
+void fs_mkfile(const char *name) {
+	EUID_ASSERT();
+	
+	// check file name
+	invalid_filename(name);
+	char *expanded = expand_home(name, cfg.homedir);
+	if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) {
+		fprintf(stderr, "Error: only files in user home are supported by mkfile\n");
+		exit(1);
+	}
+
+	struct stat s;
+	if (stat(expanded, &s) == 0) {
+		// file exists, do nothing
+		goto doexit;
+	}
+
+	// create file
+	FILE *fp = fopen(expanded, "w");
+	if (!fp)
+		fprintf(stderr, "Warning: cannot create %s file\n", expanded);
+	else {
+		fclose(fp);
+		int rv = chown(expanded, getuid(), getgid());
+		(void) rv;
+		rv = chmod(expanded, 0600);
+		(void) rv;
+	}
+
+doexit:
+	free(expanded);
+}
\ No newline at end of file
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 040efea74..bb834bf19 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -107,6 +107,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 		fs_mkdir(ptr + 6);
 		return 0;
 	}
+	// mkfile 
+	if (strncmp(ptr, "mkfile ", 7) == 0) {
+		fs_mkfile(ptr + 7);
+		return 0;
+	}
 	// sandbox name
 	else if (strncmp(ptr, "name ", 5) == 0) {
 		cfg.name = ptr + 5;
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index c2d5e7955..9c416b0f3 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -153,6 +153,10 @@ mkdir ~/.cache/mozilla/firefox
 .br
 whitelist ~/.cache/mozilla/firefox
 .TP
+\fBmkfile file
+Similar to mkdir, this command creates a file in user home before the sandbox is started.
+The file is created if it doesn't already exist.
+.TP
 \fBprivate
 Mount new /root and /home/user directories in temporary
 filesystems. All modifications are discarded when the sandbox is
-- 
cgit v1.2.3-70-g09d2