gui: main: Add --no-sandbox

Move sandboxing code to own function

gui/main.cpp

@@ -3,6 +3,8 @@
 #include <QMessageBox>
 #include <QStandardPaths>
 #include <QProcess>
+#include <QDir>
+#include <QCommandLineParser>
 
 #include "mainwindow.h"
 #include "searchresult.h"
@@ -11,45 +13,21 @@
 #include "../submodules/exile.h/exile.h"
 #include "ipcserver.h"
 
-int main(int argc, char *argv[])
+void enableSandbox(QString socketPath)
 {
-	QString socketPath = "/tmp/looqs-spawner";
-	if(argc > 1)
-	{
-		Common::setupAppInfo();
-		QApplication a(argc, argv);
-		QString arg = argv[1];
-		if(arg == "ipc")
-		{
-			IpcServer *ipcserver = new IpcServer();
-			qDebug() << "Launching ipc";
-			if(!ipcserver->startSpawner(socketPath))
-			{
-				qCritical() << "Error failed to spawn";
-				return 1;
-			}
-			qDebug() << "Launched";
-		}
-		return a.exec();
-	}
-	QProcess process;
-	QStringList args;
-	args << "ipc";
-	if(!process.startDetached("/proc/self/exe", args))
-	{
-		QString errorMsg = "Failed to start IPC server";
-		qDebug() << errorMsg;
-		QMessageBox::critical(nullptr, "Error", errorMsg);
-	}
-
 	struct exile_policy *policy = exile_init_policy();
 	if(policy == NULL)
 	{
 		qCritical() << "Failed to init policy for sandbox";
-		return 1;
+		exit(EXIT_FAILURE);
 	}
+	QDir dir;
+	dir.mkpath(QStandardPaths::writableLocation(QStandardPaths::AppLocalDataLocation));
+	dir.mkpath(QStandardPaths::writableLocation(QStandardPaths::CacheLocation));
+
 	std::string appDataLocation = QStandardPaths::writableLocation(QStandardPaths::AppLocalDataLocation).toStdString();
 	std::string cacheDataLocation = QStandardPaths::writableLocation(QStandardPaths::CacheLocation).toStdString();
+
 	std::string sockPath = socketPath.toStdString();
 	policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
 	policy->vow_promises = EXILE_SYSCALL_VOW_THREAD | EXILE_SYSCALL_VOW_CPATH | EXILE_SYSCALL_VOW_WPATH |
@@ -60,30 +38,80 @@ int main(int argc, char *argv[])
 	if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_REMOVE_FILE, "/") != 0)
 	{
 		qCritical() << "Failed to append a path to the path policy";
-		return 1;
+		exit(EXIT_FAILURE);
 	}
 
 	if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, appDataLocation.c_str()) !=
 	   0)
 	{
 		qCritical() << "Failed to append a path to the path policy";
-		return 1;
+		exit(EXIT_FAILURE);
 	}
 	if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE,
 								cacheDataLocation.c_str()) != 0)
 	{
 		qCritical() << "Failed to append a path to the path policy";
-		return 1;
+		exit(EXIT_FAILURE);
 	}
 	int ret = exile_enable_policy(policy);
 	if(ret != 0)
 	{
 		qDebug() << "Failed to establish sandbox";
-		return 1;
+		exit(EXIT_FAILURE);
 	}
 	exile_free_policy(policy);
+}
+int main(int argc, char *argv[])
+{
+	QString socketPath = "/tmp/looqs-spawner";
+	if(argc > 1)
+	{
+		QString arg = argv[1];
+		if(arg == "ipc")
+		{
+			Common::setupAppInfo();
+			QApplication a(argc, argv);
 
+			IpcServer *ipcserver = new IpcServer();
+			qDebug() << "Launching IPC Server";
+			if(!ipcserver->startSpawner(socketPath))
+			{
+				qCritical() << "Error failed to spawn";
+				return 1;
+			}
+			qDebug() << "Launched IPC Server";
+			return a.exec();
+		}
+	}
+	QProcess process;
+	QStringList args;
+	args << "ipc";
+	if(!process.startDetached("/proc/self/exe", args))
+	{
+		QString errorMsg = "Failed to start IPC server";
+		qDebug() << errorMsg;
+		QMessageBox::critical(nullptr, "Error", errorMsg);
+	}
 	Common::setupAppInfo();
+	QCommandLineParser parser;
+	parser.addOption({{"s", "no-sandbox"}, "Disable sandboxing"});
+	QStringList appArgs;
+	for(int i = 0; i < argc; i++)
+	{
+		appArgs.append(argv[i]);
+	}
+	parser.parse(appArgs);
+
+	if(!parser.isSet("no-sandbox"))
+	{
+		enableSandbox(socketPath);
+		qInfo() << "Sandbox: on";
+	}
+	else
+	{
+		qInfo() << "Sandbox: off";
+	}
+	// Keep this post sandbox, afterwards does not work (suspect due to threads, but unconfirmed)
 	QApplication a(argc, argv);
 	try
 	{