[gentoo-commits] repo/gentoo:master commit in: sys-apps/xdg-desktop-portal/, sys-apps/xdg-desktop-portal/files/

["Andreas Sturmlechner" <asturm@gentoo.org>]

commit:     0b58bf6bd3490c8f8daa62e3d8c1f8c5792bbf36
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 22 21:37:10 2021 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Jan 23 00:25:37 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b58bf6b

sys-apps/xdg-desktop-portal: xdp-utils: check if alternate doc portal

...path matches in path_for_fd()

See also: https://github.com/flatpak/xdg-desktop-portal/issues/545

Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 .../xdg-desktop-portal-1.8.0-fix-doc-portal.patch  | 135 +++++++++++++++++++++
 .../xdg-desktop-portal-1.8.0-r1.ebuild             |  45 +++++++
 2 files changed, 180 insertions(+)

diff --git a/sys-apps/xdg-desktop-portal/files/xdg-desktop-portal-1.8.0-fix-doc-portal.patch b/sys-apps/xdg-desktop-portal/files/xdg-desktop-portal-1.8.0-fix-doc-portal.patch
new file mode 100644
index 00000000000..46b3aaf0fb4
--- /dev/null
+++ b/sys-apps/xdg-desktop-portal/files/xdg-desktop-portal-1.8.0-fix-doc-portal.patch
@@ -0,0 +1,135 @@
+From 57096483afb069e69b9addcc39fe92b72051f1d2 Mon Sep 17 00:00:00 2001
+From: James Henstridge <james@jamesh.id.au>
+Date: Tue, 24 Nov 2020 15:48:19 +0800
+Subject: [PATCH] xdp-utils: check if alternate doc portal path matches in
+ path_for_fd()
+
+The document portal uses different inode number when exposing a
+particular document in different parts of the file system.  As sandboxed
+apps only have a subtree of the document portal file system mounted, the
+"same file" checks in xdp_app_info_get_path_for_fd() would fail for
+document portal paths.
+
+To fix this, we check to see whether the corresponding "by-app/$app_id"
+path matches the stat information of the file descriptor.
+
+Fixes #545
+---
+ document-portal/document-portal.c |  2 ++
+ src/documents.c                   |  2 ++
+ src/xdp-utils.c                   | 47 +++++++++++++++++++++++++++++--
+ src/xdp-utils.h                   |  3 ++
+ 5 files changed, 85 insertions(+), 2 deletions(-)
+
+diff --git a/document-portal/document-portal.c b/document-portal/document-portal.c
+index a4c044a..a4aacc4 100644
+--- a/document-portal/document-portal.c
++++ b/document-portal/document-portal.c
+@@ -1448,6 +1448,8 @@ on_name_acquired (GDBusConnection *connection,
+ 
+   fuse_dev = stbuf.st_dev;
+ 
++  xdp_set_documents_mountpoint (xdp_fuse_get_mountpoint ());
++
+   while ((invocation = g_queue_pop_head (&get_mount_point_invocations)) != NULL)
+     {
+       xdp_dbus_documents_complete_get_mount_point (dbus_api, invocation, xdp_fuse_get_mountpoint ());
+diff --git a/src/documents.c b/src/documents.c
+index 99de9e4..9ddc4ac 100644
+--- a/src/documents.c
++++ b/src/documents.c
+@@ -31,6 +31,7 @@
+ #include <gio/gunixfdlist.h>
+ 
+ #include "xdp-dbus.h"
++#include "xdp-utils.h"
+ #include "document-enums.h"
+ 
+ static XdpDocuments *documents = NULL;
+@@ -46,6 +47,7 @@ init_document_proxy (GDBusConnection *connection)
+   xdp_documents_call_get_mount_point_sync (documents,
+                                            &documents_mountpoint,
+                                            NULL, NULL);
++  xdp_set_documents_mountpoint (documents_mountpoint);
+ }
+ 
+ char *
+diff --git a/src/xdp-utils.c b/src/xdp-utils.c
+index fa6ca6f..ef68f0f 100644
+--- a/src/xdp-utils.c
++++ b/src/xdp-utils.c
+@@ -884,6 +884,35 @@ verify_proc_self_fd (XdpAppInfo *app_info,
+   return xdp_app_info_remap_path (app_info, path_buffer);
+ }
+ 
++static char *documents_mountpoint = NULL;
++
++void
++xdp_set_documents_mountpoint (const char *path)
++{
++  g_clear_pointer (&documents_mountpoint, g_free);
++  documents_mountpoint = g_strdup (path);
++}
++
++/* alternate_document_path converts a file path  */
++char *
++xdp_get_alternate_document_path (const char *path, const char *app_id)
++{
++  int len;
++
++  /* If we don't know where the document portal is mounted, then there
++   * is no alternate path */
++  if (documents_mountpoint == NULL)
++    return NULL;
++
++  /* If the path is not within the document portal, then there is no
++   * alternative path */
++  len = strlen (documents_mountpoint);
++  if (!g_str_has_prefix (path, documents_mountpoint) || path[len] != '/')
++    return NULL;
++
++  return g_strconcat (documents_mountpoint, "/by-app/", app_id, &path[len], NULL);
++}
++
+ char *
+ xdp_app_info_get_path_for_fd (XdpAppInfo *app_info,
+                               int fd,
+@@ -981,8 +1010,22 @@ xdp_app_info_get_path_for_fd (XdpAppInfo *app_info,
+       st_buf->st_dev != real_st_buf.st_dev ||
+       st_buf->st_ino != real_st_buf.st_ino)
+     {
+-      /* Different files on the inside and the outside, reject the request */
+-      return NULL;
++      /* If the path is provided by the document portal, the inode
++         number will not match, due to only a subtree being mounted in
++         the sandbox.  So we check to see if the equivalent path
++         within that subtree matches our file descriptor.
++
++         If the alternate path doesn't match either, then we treat it
++         as a failure.
++      */
++      g_autofree char *alt_path = NULL;
++      alt_path = xdp_get_alternate_document_path (path, xdp_app_info_get_id (app_info));
++
++      if (alt_path == NULL ||
++          stat (alt_path, &real_st_buf) < 0 ||
++          st_buf->st_dev != real_st_buf.st_dev ||
++          st_buf->st_ino != real_st_buf.st_ino)
++        return NULL;
+     }
+ 
+   if (writable_out)
+diff --git a/src/xdp-utils.h b/src/xdp-utils.h
+index 7105bce..fea28b8 100644
+--- a/src/xdp-utils.h
++++ b/src/xdp-utils.h
+@@ -88,6 +88,9 @@ char **     xdp_app_info_rewrite_commandline (XdpAppInfo *app_info,
+ 
+ G_DEFINE_AUTOPTR_CLEANUP_FUNC(XdpAppInfo, xdp_app_info_unref)
+ 
++void  xdp_set_documents_mountpoint    (const char *path);
++char *xdp_get_alternate_document_path (const char *path, const char *app_id);
++
+ XdpAppInfo *xdp_invocation_lookup_app_info_sync (GDBusMethodInvocation *invocation,
+                                                  GCancellable          *cancellable,
+                                                  GError               **error);

diff --git a/sys-apps/xdg-desktop-portal/xdg-desktop-portal-1.8.0-r1.ebuild b/sys-apps/xdg-desktop-portal/xdg-desktop-portal-1.8.0-r1.ebuild
new file mode 100644
index 00000000000..bb8cc5472f0
--- /dev/null
+++ b/sys-apps/xdg-desktop-portal/xdg-desktop-portal-1.8.0-r1.ebuild
@@ -0,0 +1,45 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools systemd
+
+DESCRIPTION="Desktop integration portal"
+HOMEPAGE="https://flatpak.org/ https://github.com/flatpak/xdg-desktop-portal"
+SRC_URI="https://github.com/flatpak/${PN}/releases/download/${PV}/${P}.tar.xz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+IUSE="geolocation screencast"
+
+BDEPEND="
+	dev-util/gdbus-codegen
+	sys-devel/gettext
+	virtual/pkgconfig
+"
+DEPEND="
+	dev-libs/glib:2
+	dev-libs/json-glib
+	media-libs/fontconfig
+	sys-fs/fuse:0
+	geolocation? ( >=app-misc/geoclue-2.5.3:2.0 )
+	screencast? ( >=media-video/pipewire-0.3:= )
+"
+RDEPEND="${DEPEND}
+	sys-apps/dbus
+"
+
+PATCHES=( "${FILESDIR}/${P}-fix-doc-portal.patch" )
+
+src_configure() {
+	local myeconfargs=(
+		--with-systemduserunitdir="$(systemd_get_userunitdir)"
+		$(use_enable geolocation geoclue)
+		$(use_enable screencast pipewire)
+		--disable-docbook-docs # flatpak not packaged
+		--disable-libportal # not packaged
+	)
+	econf "${myeconfargs[@]}"
+}