crtxcr/qpdfviewsb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

basic sandboxing using qssb.h

Browse Source
This commit is contained in:
Albert S. 2019-11-17 15:17:53 +01:00
parent 0bbe0da55e
commit 8dcd1d7090
3 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitmodules vendored Normal file
View File

@ -0,0 +1,3 @@
[submodule "qssb.h"]
path = qssb.h
url = https://git.quitesimple.org/qssb.h

1
qssb.h Submodule

@ -0,0 +1 @@
Subproject commit 754764401368048dcdba39e153eb00f1f3c39898

42
sources/main.cpp
View File

@ -1,5 +1,6 @@
/* /*
Copyright 2019 Albert S.
Copyright 2018 Marshall Banana Copyright 2018 Marshall Banana
Copyright 2012-2013, 2018 Adam Reichold Copyright 2012-2013, 2018 Adam Reichold
Copyright 2014 Dorian Scholz Copyright 2014 Dorian Scholz
@ -33,7 +34,7 @@ along with qpdfview. If not, see <http://www.gnu.org/licenses/>.
#include <QMessageBox> #include <QMessageBox>
#include <QScopedPointer> #include <QScopedPointer>
#include <QTranslator> #include <QTranslator>
#include <QStandardPaths>
#ifdef WITH_DBUS #ifdef WITH_DBUS
#include <QDBusInterface> #include <QDBusInterface>
@ -76,6 +77,7 @@ const char* __attribute__((used)) stack_cookie = "\0$STACK:500000\0";
#endif // __amigaos4__ #endif // __amigaos4__
#include "../qssb.h/qssb.h"
namespace namespace
{ {
@ -455,6 +457,44 @@ void prepareSignalHandler()
int main(int argc, char** argv) int main(int argc, char** argv)
{ {
struct qssb_policy *policy = qssb_init_policy();
if(policy == NULL)
{
return 1;
}
const char *data_dir = strdup(QStandardPaths::writableLocation(QStandardPaths::DataLocation).toStdString().c_str());
const char *config_dir = strdup(QStandardPaths::writableLocation(QStandardPaths::ConfigLocation).toStdString().c_str());
struct qssb_path_policy config_dir_policy;
struct qssb_path_policy data_dir_policy;
//TODO: overkill, but what to do about the "file open" dialog?
//break it? only allow "reasonable" paths? (which would that be?)
struct qssb_path_policy root_policy;
root_policy.mountpoint = "/";
root_policy.policy = QSSB_MOUNT_ALLOW_READ | QSSB_MOUNT_ALLOW_EXEC;
root_policy.next = &data_dir_policy;
data_dir_policy.mountpoint = data_dir;
data_dir_policy.policy = QSSB_MOUNT_ALLOW_WRITE;
data_dir_policy.next = &config_dir_policy;
config_dir_policy.mountpoint = config_dir;
config_dir_policy.policy = QSSB_MOUNT_ALLOW_WRITE;
config_dir_policy.next = NULL;
policy->path_policies = &root_policy;
//a pdfreader has no business accessing the network
policy->namespace_options |= QSSB_UNSHARE_NETWORK;
if(qssb_enable_policy(policy) != 0)
{
qCritical() << QObject::tr("Could not initialize sandbox.");
return 1;
}
qRegisterMetaType< QList< QRectF > >("QList<QRectF>"); qRegisterMetaType< QList< QRectF > >("QList<QRectF>");
qRegisterMetaType< Rotation >("Rotation"); qRegisterMetaType< Rotation >("Rotation");
qRegisterMetaType< RenderParam >("RenderParam"); qRegisterMetaType< RenderParam >("RenderParam");