Albert S
40207c3399
While f67a37bc21
indicated the last remaining code could stay,
it can't because there is a launch failure of SandboxedProcessor.
This has been revealed by the changes of the previous commit,
aa03d0a4920e.
Hence, the GUI will be untouched by exile. We only sandbox
the preview generation and the indexing trough IPC.
145 satır
3.8 KiB
C++
145 satır
3.8 KiB
C++
#include <QApplication>
|
|
#include <QSettings>
|
|
#include <QMessageBox>
|
|
#include <QStandardPaths>
|
|
#include <QProcess>
|
|
#include <QDir>
|
|
#include <QCommandLineParser>
|
|
#include <QFileInfo>
|
|
|
|
#include "mainwindow.h"
|
|
#include "searchresult.h"
|
|
#include "previewresultpdf.h"
|
|
#include "../shared/common.h"
|
|
#include "../shared/sandboxedprocessor.h"
|
|
#include "../submodules/exile.h/exile.h"
|
|
#include "ipcserver.h"
|
|
|
|
void enableIpcSandbox()
|
|
{
|
|
struct exile_policy *policy = exile_create_policy();
|
|
if(policy == NULL)
|
|
{
|
|
qCritical() << "Failed to init policy for sandbox";
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
|
|
policy->no_new_privs = 1;
|
|
policy->drop_caps = 1;
|
|
policy->vow_promises =
|
|
exile_vows_from_str("thread cpath wpath rpath unix stdio prot_exec proc shm fsnotify ioctl error");
|
|
|
|
QString ipcSocketPath = Common::ipcSocketPath();
|
|
QFileInfo info{ipcSocketPath};
|
|
QString ipcSocketPathDir = info.absolutePath();
|
|
std::string stdIpcSocketPath = ipcSocketPathDir.toStdString();
|
|
|
|
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, "/");
|
|
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, stdIpcSocketPath.c_str());
|
|
int ret = exile_enable_policy(policy);
|
|
if(ret != 0)
|
|
{
|
|
qDebug() << "Failed to establish sandbox";
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
exile_free_policy(policy);
|
|
}
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
QString socketPath = Common::ipcSocketPath();
|
|
if(argc > 1)
|
|
{
|
|
QString arg = argv[1];
|
|
if(arg == "ipc")
|
|
{
|
|
Common::setupAppInfo();
|
|
enableIpcSandbox();
|
|
QApplication a(argc, argv);
|
|
|
|
IpcServer *ipcserver = new IpcServer();
|
|
qDebug() << "Launching IPC Server";
|
|
if(!ipcserver->startSpawner(socketPath))
|
|
{
|
|
qCritical() << "Error failed to spawn";
|
|
return 1;
|
|
}
|
|
qDebug() << "Launched IPC Server";
|
|
return a.exec();
|
|
}
|
|
if(arg == "process")
|
|
{
|
|
Common::setupAppInfo();
|
|
QCoreApplication a(argc, argv);
|
|
|
|
QStringList args = a.arguments();
|
|
if(args.length() < 3)
|
|
{
|
|
qDebug() << "Filename is required";
|
|
return 1;
|
|
}
|
|
|
|
QString file = args.at(2);
|
|
SandboxedProcessor processor(file);
|
|
return processor.process();
|
|
}
|
|
}
|
|
QString ipcSocketPath = Common::ipcSocketPath();
|
|
QFileInfo info{ipcSocketPath};
|
|
QString ipcSocketPathDir = info.absolutePath();
|
|
|
|
QDir dir;
|
|
if(!dir.mkpath(ipcSocketPathDir))
|
|
{
|
|
qCritical() << "Failed to create dir for ipc socket" << Qt::endl;
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
QProcess process;
|
|
QStringList args;
|
|
args << "ipc";
|
|
process.setProcessChannelMode(QProcess::ForwardedChannels);
|
|
|
|
process.start("/proc/self/exe", args);
|
|
if(!process.waitForStarted(5000))
|
|
{
|
|
QString errorMsg = "Failed to start IPC server";
|
|
qDebug() << errorMsg;
|
|
QMessageBox::critical(nullptr, "Error", errorMsg);
|
|
}
|
|
Common::setupAppInfo();
|
|
QCommandLineParser parser;
|
|
parser.addOption({{"s", "no-sandbox"}, "Disable sandboxing"});
|
|
QStringList appArgs;
|
|
for(int i = 0; i < argc; i++)
|
|
{
|
|
appArgs.append(argv[i]);
|
|
}
|
|
parser.parse(appArgs);
|
|
|
|
try
|
|
{
|
|
Common::ensureConfigured();
|
|
}
|
|
catch(LooqsGeneralException &e)
|
|
{
|
|
qDebug() << e.message;
|
|
QMessageBox::critical(nullptr, "Error", e.message);
|
|
return 1;
|
|
}
|
|
QApplication a(argc, argv);
|
|
a.setWindowIcon(QIcon(":/icon.svg"));
|
|
QObject::connect(&a, &QApplication::aboutToQuit, &process, &QProcess::kill);
|
|
|
|
qRegisterMetaType<QVector<SearchResult>>("QVector<SearchResult>");
|
|
qRegisterMetaType<QVector<PreviewResultPdf>>("QVector<PreviewResultPdf>");
|
|
qRegisterMetaType<PreviewResultPdf>("PreviewResultPdf");
|
|
qRegisterMetaType<FileScanResult>("FileScanResult");
|
|
qRegisterMetaType<RenderConfig>("RenderConfig");
|
|
qRegisterMetaType<QVector<RenderTarget>>("QVector<RenderTarget>");
|
|
qRegisterMetaType<QSharedPointer<PreviewResult>>("QSharedPointer<PreviewResult>");
|
|
MainWindow w{0, socketPath};
|
|
w.showMaximized();
|
|
return a.exec();
|
|
}
|