From 87ebc137d54164a3d5fdf05f19770bf802f74179 Mon Sep 17 00:00:00 2001
From: Albert S <mail@quitesimple.org>
Date: Mon, 6 Jun 2022 23:18:58 +0200
Subject: [PATCH] shared/gui: Add LOOQS_DISABLE_SANDBOX env to allow disabling
 sandboxing

Mainly for devs to check whether a problem is caused by sandboxing.
---
 HACKING.md                    |  2 ++
 gui/main.cpp                  |  9 ++++++++-
 shared/common.cpp             | 10 ++++++++++
 shared/common.h               |  1 +
 shared/sandboxedprocessor.cpp |  5 +++++
 5 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/HACKING.md b/HACKING.md
index b89a3df..ba107f8 100644
--- a/HACKING.md
+++ b/HACKING.md
@@ -12,6 +12,8 @@ The architecture ensures that the parsing of documents and the preview generatio
 
 Qt code is considered trusted in this model. While one may critize this, it was the only practical solution. looqs uses its serialization mechanism and other classes to communicate between the non-sandboxed GUI process and the sandboxed processes. 
 
+Set the enviornment variable `LOOQS_DISABLE_SANDBOX=1` to disable sandboxing. It's intended for troublehshooting.
+
 ## Database
 The heart is sqlite, with the FTS5 extensions behind the full-text search. I definitly did not
 want to run some heavy Java based solutions. I explored other options like Postgresql, I've discard them due to some limitations back then.
diff --git a/gui/main.cpp b/gui/main.cpp
index eb11553..79c3665 100644
--- a/gui/main.cpp
+++ b/gui/main.cpp
@@ -58,7 +58,14 @@ int main(int argc, char *argv[])
 		if(arg == "ipc")
 		{
 			Common::setupAppInfo();
-			enableIpcSandbox();
+			if(Common::noSandboxModeRequested())
+			{
+				qInfo() << "Launching with no sandbox!" << Qt::endl;
+			}
+			else
+			{
+				enableIpcSandbox();
+			}
 			QApplication a(argc, argv);
 
 			IpcServer *ipcserver = new IpcServer();
diff --git a/shared/common.cpp b/shared/common.cpp
index 3a7836e..7944b89 100644
--- a/shared/common.cpp
+++ b/shared/common.cpp
@@ -157,6 +157,16 @@ QString Common::databasePath()
 	return env;
 }
 
+bool Common::noSandboxModeRequested()
+{
+	QString env = getenv("LOOQS_DISABLE_SANDBOX");
+	if(env == "1")
+	{
+		return true;
+	}
+	return false;
+}
+
 QString Common::ipcSocketPath()
 {
 	return "/tmp/.looqs/looqs-ipc-socket";
diff --git a/shared/common.h b/shared/common.h
index 0971e79..14968b0 100644
--- a/shared/common.h
+++ b/shared/common.h
@@ -15,6 +15,7 @@ QStringList excludedPaths();
 QStringList mountPaths();
 bool isTextFile(QFileInfo fileInfo);
 bool isMountPath(QString path);
+bool noSandboxModeRequested();
 QString versionText();
 } // namespace Common
 #endif
diff --git a/shared/sandboxedprocessor.cpp b/shared/sandboxedprocessor.cpp
index a92aa75..c45a0ab 100644
--- a/shared/sandboxedprocessor.cpp
+++ b/shared/sandboxedprocessor.cpp
@@ -27,6 +27,11 @@ static QMap<QString, Processor *> processors{
 
 void SandboxedProcessor::enableSandbox(QString readablePath)
 {
+	if(Common::noSandboxModeRequested())
+	{
+		qInfo() << "Sandbox is disabled!" << Qt::endl;
+		return;
+	}
 	struct exile_policy *policy = exile_init_policy();
 	if(policy == NULL)
 	{