gui: main: Enable sandbox post call to Common::setupAppInfo()
Move sandboxing code to own function
This commit is contained in:
parent
b10c2edf05
commit
ea1d027621
92
gui/main.cpp
92
gui/main.cpp
@ -3,6 +3,7 @@
|
|||||||
#include <QMessageBox>
|
#include <QMessageBox>
|
||||||
#include <QStandardPaths>
|
#include <QStandardPaths>
|
||||||
#include <QProcess>
|
#include <QProcess>
|
||||||
|
#include <QDir>
|
||||||
|
|
||||||
#include "mainwindow.h"
|
#include "mainwindow.h"
|
||||||
#include "searchresult.h"
|
#include "searchresult.h"
|
||||||
@ -11,6 +12,54 @@
|
|||||||
#include "../submodules/exile.h/exile.h"
|
#include "../submodules/exile.h/exile.h"
|
||||||
#include "ipcserver.h"
|
#include "ipcserver.h"
|
||||||
|
|
||||||
|
void enableSandbox(QString socketPath)
|
||||||
|
{
|
||||||
|
struct exile_policy *policy = exile_init_policy();
|
||||||
|
if(policy == NULL)
|
||||||
|
{
|
||||||
|
qCritical() << "Failed to init policy for sandbox";
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
QDir dir;
|
||||||
|
dir.mkpath(QStandardPaths::writableLocation(QStandardPaths::AppLocalDataLocation));
|
||||||
|
dir.mkpath(QStandardPaths::writableLocation(QStandardPaths::CacheLocation));
|
||||||
|
|
||||||
|
std::string appDataLocation = QStandardPaths::writableLocation(QStandardPaths::AppLocalDataLocation).toStdString();
|
||||||
|
std::string cacheDataLocation = QStandardPaths::writableLocation(QStandardPaths::CacheLocation).toStdString();
|
||||||
|
|
||||||
|
std::string sockPath = socketPath.toStdString();
|
||||||
|
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
|
||||||
|
policy->vow_promises = EXILE_SYSCALL_VOW_THREAD | EXILE_SYSCALL_VOW_CPATH | EXILE_SYSCALL_VOW_WPATH |
|
||||||
|
EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_UNIX | EXILE_SYSCALL_VOW_STDIO |
|
||||||
|
EXILE_SYSCALL_VOW_PROT_EXEC | EXILE_SYSCALL_VOW_PROC | EXILE_SYSCALL_VOW_SHM |
|
||||||
|
EXILE_SYSCALL_VOW_FSNOTIFY | EXILE_SYSCALL_VOW_IOCTL;
|
||||||
|
|
||||||
|
if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_REMOVE_FILE, "/") != 0)
|
||||||
|
{
|
||||||
|
qCritical() << "Failed to append a path to the path policy";
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, appDataLocation.c_str()) !=
|
||||||
|
0)
|
||||||
|
{
|
||||||
|
qCritical() << "Failed to append a path to the path policy";
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE,
|
||||||
|
cacheDataLocation.c_str()) != 0)
|
||||||
|
{
|
||||||
|
qCritical() << "Failed to append a path to the path policy";
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
int ret = exile_enable_policy(policy);
|
||||||
|
if(ret != 0)
|
||||||
|
{
|
||||||
|
qDebug() << "Failed to establish sandbox";
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
exile_free_policy(policy);
|
||||||
|
}
|
||||||
int main(int argc, char *argv[])
|
int main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
QString socketPath = "/tmp/looqs-spawner";
|
QString socketPath = "/tmp/looqs-spawner";
|
||||||
@ -41,49 +90,8 @@ int main(int argc, char *argv[])
|
|||||||
qDebug() << errorMsg;
|
qDebug() << errorMsg;
|
||||||
QMessageBox::critical(nullptr, "Error", errorMsg);
|
QMessageBox::critical(nullptr, "Error", errorMsg);
|
||||||
}
|
}
|
||||||
|
|
||||||
struct exile_policy *policy = exile_init_policy();
|
|
||||||
if(policy == NULL)
|
|
||||||
{
|
|
||||||
qCritical() << "Failed to init policy for sandbox";
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
std::string appDataLocation = QStandardPaths::writableLocation(QStandardPaths::AppLocalDataLocation).toStdString();
|
|
||||||
std::string cacheDataLocation = QStandardPaths::writableLocation(QStandardPaths::CacheLocation).toStdString();
|
|
||||||
std::string sockPath = socketPath.toStdString();
|
|
||||||
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
|
|
||||||
policy->vow_promises = EXILE_SYSCALL_VOW_THREAD | EXILE_SYSCALL_VOW_CPATH | EXILE_SYSCALL_VOW_WPATH |
|
|
||||||
EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_UNIX | EXILE_SYSCALL_VOW_STDIO |
|
|
||||||
EXILE_SYSCALL_VOW_PROT_EXEC | EXILE_SYSCALL_VOW_PROC | EXILE_SYSCALL_VOW_SHM |
|
|
||||||
EXILE_SYSCALL_VOW_FSNOTIFY | EXILE_SYSCALL_VOW_IOCTL;
|
|
||||||
|
|
||||||
if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_REMOVE_FILE, "/") != 0)
|
|
||||||
{
|
|
||||||
qCritical() << "Failed to append a path to the path policy";
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, appDataLocation.c_str()) !=
|
|
||||||
0)
|
|
||||||
{
|
|
||||||
qCritical() << "Failed to append a path to the path policy";
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE,
|
|
||||||
cacheDataLocation.c_str()) != 0)
|
|
||||||
{
|
|
||||||
qCritical() << "Failed to append a path to the path policy";
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
int ret = exile_enable_policy(policy);
|
|
||||||
if(ret != 0)
|
|
||||||
{
|
|
||||||
qDebug() << "Failed to establish sandbox";
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
exile_free_policy(policy);
|
|
||||||
|
|
||||||
Common::setupAppInfo();
|
Common::setupAppInfo();
|
||||||
|
enableSandbox(socketPath);
|
||||||
QApplication a(argc, argv);
|
QApplication a(argc, argv);
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user