gui: Begin basic sandboxing

This commit is contained in:
Albert S. 2021-08-07 12:03:35 +02:00
parent 4dede9538c
commit ebea074fcb

View File

@ -1,13 +1,34 @@
#include <QApplication> #include <QApplication>
#include <QSettings> #include <QSettings>
#include <QMessageBox> #include <QMessageBox>
#include <QStandardPaths>
#include "mainwindow.h" #include "mainwindow.h"
#include "searchresult.h" #include "searchresult.h"
#include "pdfpreview.h" #include "pdfpreview.h"
#include "../shared/common.h" #include "../shared/common.h"
#include "../submodules/qssb.h/qssb.h"
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
struct qssb_policy *policy = qssb_init_policy();
std::string appDataLocation = QStandardPaths::writableLocation(QStandardPaths::AppLocalDataLocation).toStdString();
std::string cacheDataLocation = QStandardPaths::writableLocation(QStandardPaths::CacheLocation).toStdString();
policy->namespace_options = QSSB_UNSHARE_NETWORK | QSSB_UNSHARE_USER;
qssb_append_path_policy(policy, QSSB_FS_ALLOW_READ | QSSB_FS_ALLOW_REMOVE_FILE, "/");
qssb_append_path_policy(policy, QSSB_FS_ALLOW_READ | QSSB_FS_ALLOW_REMOVE_FILE | QSSB_FS_ALLOW_WRITE,
appDataLocation.c_str());
qssb_append_path_policy(policy, QSSB_FS_ALLOW_READ | QSSB_FS_ALLOW_REMOVE_FILE | QSSB_FS_ALLOW_WRITE,
cacheDataLocation.c_str());
int ret = qssb_enable_policy(policy);
if(ret != 0)
{
qDebug() << "Failed to establish sandbox";
return 1;
}
qssb_free_policy(policy);
Common::setupAppInfo(); Common::setupAppInfo();
QApplication a(argc, argv); QApplication a(argc, argv);
try try