Search
SailfishOS Open Build Service
>
Projects
>
nemo
:
testing:hw
:
motorola
:
moto_msm8960_jbbl
:
4.4.0.68
>
udisks2
> _service:tar_git:0010-Allow-whitelisting-filesystems-that-can-be-mounted.patch
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File _service:tar_git:0010-Allow-whitelisting-filesystems-that-can-be-mounted.patch of Package udisks2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Raine Makelainen <raine.makelainen@jolla.com> Date: Fri, 15 Feb 2019 15:15:48 +0200 Subject: [PATCH] Allow whitelisting filesystems that can be mounted If whitelist is empty when 'well-know', '/proc/filesystems/', and '/etc/filesystems' are used like before. Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com> --- configure.ac | 5 +++ src/Makefile.am | 3 ++ src/udiskslinuxfilesystem.c | 65 +++++++++++++++++++++++++++++++++++-- 3 files changed, 71 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 6e09a1c0..a9156d7e 100644 --- a/configure.ac +++ b/configure.ac @@ -183,6 +183,11 @@ if test "x$enable_daemon" = "xyes"; then ]) ])]) + + PKG_CHECK_MODULES(DCONF, [dconf >= 0.28.0]) + AC_SUBST(DCONF_CFLAGS) + AC_SUBST(DCONF_LIBS) + PKG_CHECK_MODULES(LIBMOUNT, [mount >= 2.18]) AC_SUBST(LIBMOUNT_CFLAGS) AC_SUBST(LIBMOUNT_LIBS) diff --git a/src/Makefile.am b/src/Makefile.am index 1aed534a..eb7d912b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -27,6 +27,7 @@ CPPFLAGS = \ $(GIO_CFLAGS) \ $(GMODULE_CFLAGS) \ $(BLOCKDEV_CFLAGS) \ + $(DCONF_CFLAGS) \ $(WARN_CFLAGS) \ $(NULL) @@ -151,6 +152,7 @@ libudisks_daemon_la_LIBADD = \ $(LIBELOGIND_LIBS) \ $(PART_LDFLAGS) \ $(SWAP_LIBS) \ + $(DCONF_LIBS) \ $(top_builddir)/udisks/libudisks2.la \ $(NULL) @@ -172,6 +174,7 @@ udisksd_LDADD = \ $(GIO_LIBS) \ $(GMODULE_LIBS) \ $(BLOCKDEV_LIBS) \ + $(DCONF_LIBS) \ libudisks-daemon.la \ $(NULL) diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c index 64057c72..833f9b1c 100644 --- a/src/udiskslinuxfilesystem.c +++ b/src/udiskslinuxfilesystem.c @@ -41,6 +41,8 @@ #include <glib/gstdio.h> +#include <dconf.h> + #include "udiskslogging.h" #include "udiskslinuxfilesystem.h" #include "udiskslinuxfilesystemhelpers.h" @@ -369,15 +371,61 @@ is_well_known_filesystem (const gchar *fstype) return ret; } +static gboolean read_whitelist = FALSE; +static gsize num_whitelite_fs = 0; +static gchar **whitelisted_filesystems = NULL; + +static void +build_filesystem_whitelist (void) +{ + if (!read_whitelist) + { + DConfClient *client = dconf_client_new(); + GVariant *value = dconf_client_read(client, "/org/freedesktop/udisks2/filesystem/whitelist"); + if (value) + { + const GVariantType *type = g_variant_get_type(value); + if (g_variant_type_equal(type, G_VARIANT_TYPE_STRING_ARRAY)) + { + whitelisted_filesystems = g_variant_dup_strv(value, &num_whitelite_fs); + } + g_variant_unref(value); + } + + if (client) + { + g_object_unref(client); + } + read_whitelist = TRUE; + } +}; + /* this is not a very efficient implementation but it's very rarely * called so no real point in optimizing it... */ static gboolean is_allowed_filesystem (const gchar *fstype) { - return is_well_known_filesystem (fstype) || + gboolean allowed = FALSE; + gsize i = 0; + + // Builds fs whitelist only once. + build_filesystem_whitelist(); + + allowed = (num_whitelite_fs == 0); + + for (i = 0; i < num_whitelite_fs; ++i) + { + if (g_strcmp0 (whitelisted_filesystems[i], fstype) == 0) + { + allowed = TRUE; + break; + } + } + + return allowed && (is_well_known_filesystem (fstype) || is_in_filesystem_file ("/proc/filesystems", fstype) || - is_in_filesystem_file ("/etc/filesystems", fstype); + is_in_filesystem_file ("/etc/filesystems", fstype)); } /* ---------------------------------------------------------------------------------------------------- */ @@ -456,6 +504,19 @@ calculate_fs_type (UDisksBlock *block, out: g_assert (fs_type_to_use == NULL || g_utf8_validate (fs_type_to_use, -1, NULL)); + // If we have whitelist in use test that fs_type_to_use is part of allowed types. + if ((*error == NULL) && !is_allowed_filesystem (fs_type_to_use)) + { + g_set_error (error, + UDISKS_ERROR, + UDISKS_ERROR_OPTION_NOT_PERMITTED, + "Requested filesystem type `%s' is neither well-known nor " + "in /proc/filesystems nor in /etc/filesystems", + fs_type_to_use); + g_free(fs_type_to_use); + fs_type_to_use = NULL; + } + return fs_type_to_use; } -- 2.33.1