Add support for Wayland security context

app/flatpak-builtins-build.c

@@ -200,6 +200,7 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError
  g_autofree char *runtime_extensions = NULL;
  g_autofree char *runtime_ld_path = NULL;
  g_autofree char *instance_id_host_dir = NULL;
+ g_autofree char *instance_id = NULL;
  char pid_str[64];
  g_autofree char *pid_path = NULL;
  g_autoptr(GFile) app_id_dir = NULL;
@@ -549,12 +550,13 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError
  FALSE, TRUE, TRUE,
  &app_info_path, -1,
  &instance_id_host_dir,
+ &instance_id,
  error))
  return FALSE;
 
  if (!flatpak_run_add_environment_args (bwrap, app_info_path, run_flags, id,
  app_context, app_id_dir, NULL, -1,
- NULL, cancellable, error))
+ instance_id, NULL, cancellable, error))
  return FALSE;
 
  for (i = 0; opt_bind_mounts != NULL && opt_bind_mounts[i] != NULL; i++)

common/Makefile.am.inc

@@ -69,8 +69,21 @@ common/flatpak-systemd-dbus-generated.c: data/org.freedesktop.systemd1.xml Makef
 common/%-dbus-generated.h: common/%-dbus-generated.c
  @true # Built as a side-effect of the rules for the .c
 
+if ENABLE_WAYLAND_SECURITY_CONTEXT
+wayland_built_sources = common/security-context-v1-protocol.c common/security-context-v1-protocol.h
+endif
+
+wl_security_context_xml = $(WAYLAND_PROTOCOLS_DATADIR)/staging/security-context/security-context-v1.xml
+
+common/security-context-v1-protocol.c: $(wl_security_context_xml)
+ $(AM_V_GEN) $(WAYLAND_SCANNER) code $(wl_security_context_xml) $(builddir)/common/security-context-v1-protocol.c
+
+common/security-context-v1-protocol.h: $(wl_security_context_xml)
+ $(AM_V_GEN) $(WAYLAND_SCANNER) client-header $(wl_security_context_xml) $(builddir)/common/security-context-v1-protocol.h
+
 nodist_libflatpak_common_base_la_SOURCES = \
  $(dbus_built_sources) \
+ $(wayland_built_sources) \
  $(NULL)
 
 BUILT_SOURCES += $(nodist_libflatpak_common_base_la_SOURCES)
@@ -173,6 +186,8 @@ libflatpak_common_la_SOURCES = \
  common/flatpak-run-pulseaudio.c \
  common/flatpak-run-sockets-private.h \
  common/flatpak-run-sockets.c \
+ common/flatpak-run-wayland-private.h \
+ common/flatpak-run-wayland.c \
  common/flatpak-run-x11-private.h \
  common/flatpak-run-x11.c \
  common/flatpak-syscalls-private.h \
@@ -218,6 +233,7 @@ libflatpak_common_la_CFLAGS = \
  $(SOUP_CFLAGS) \
  $(SYSTEMD_CFLAGS) \
  $(XAUTH_CFLAGS) \
+ $(WAYLAND_CLIENT_CFLAGS) \
  $(XML_CFLAGS) \
  $(NULL)
 libflatpak_common_la_LIBADD = \
@@ -236,6 +252,7 @@ libflatpak_common_la_LIBADD = \
  $(SOUP_LIBS) \
  $(SYSTEMD_LIBS) \
  $(XAUTH_LIBS) \
+ $(WAYLAND_CLIENT_LIBS) \
  $(XML_LIBS) \
  $(NULL)
 

common/flatpak-bwrap-private.h

@@ -28,6 +28,7 @@ typedef struct
  GArray *fds;
  GStrv envp;
  GPtrArray *runtime_dir_members;
+ int sync_fds[2];
 } FlatpakBwrap;
 
 extern char *flatpak_bwrap_empty_env[1];
@@ -92,6 +93,8 @@ void flatpak_bwrap_child_setup_cb (gpointer user_data);
 void flatpak_bwrap_child_setup (GArray *fd_array,
  gboolean close_fd_workaround);
 
+int flatpak_bwrap_add_sync_fd (FlatpakBwrap *bwrap);
+
 G_DEFINE_AUTOPTR_CLEANUP_FUNC (FlatpakBwrap, flatpak_bwrap_free)
 
 

common/flatpak-bwrap.c

@@ -68,6 +68,9 @@ flatpak_bwrap_new (char **env)
  else
  bwrap->envp = g_get_environ ();
 
+ bwrap->sync_fds[0] = -1;
+ bwrap->sync_fds[1] = -1;
+
  return bwrap;
 }
 
@@ -526,3 +529,19 @@ flatpak_bwrap_child_setup_cb (gpointer user_data)
 
  flatpak_bwrap_child_setup (fd_array, TRUE);
 }
+
+/* Add a --sync-fd argument for bwrap(1). Returns the write end of the pipe on
+ * success, or -1 on error. */
+int
+flatpak_bwrap_add_sync_fd (FlatpakBwrap *bwrap)
+{
+ /* --sync-fd is only allowed once */
+ if (bwrap->sync_fds[1] >= 0)
+ return bwrap->sync_fds[1];
+
+ if (pipe2 (bwrap->sync_fds, O_CLOEXEC) < 0)
+ return -1;
+
+ flatpak_bwrap_add_args_data_fd (bwrap, "--sync-fd", bwrap->sync_fds[0], NULL);
+ return bwrap->sync_fds[1];
+}

common/flatpak-dir.c

@@ -8352,7 +8352,7 @@ apply_extra_data (FlatpakDir *self,
 
  if (!flatpak_run_add_environment_args (bwrap, NULL, run_flags, id,
  app_context, NULL, NULL, -1,
- NULL, cancellable, error))
+ NULL, NULL, cancellable, error))
  return FALSE;
 
  flatpak_bwrap_populate_runtime_dir (bwrap, NULL);

common/flatpak-run-dbus.c

@@ -117,8 +117,8 @@ flatpak_run_maybe_start_dbus_proxy (FlatpakBwrap *app_bwrap,
  const char *proxy;
  g_autofree char *commandline = NULL;
  g_autoptr(FlatpakBwrap) proxy_bwrap = NULL;
- int sync_fds[2] = {-1, -1};
  int proxy_start_index;
+ int sync_fd;
 
  if (flatpak_bwrap_is_empty (proxy_arg_bwrap))
  {
@@ -139,19 +139,16 @@ flatpak_run_maybe_start_dbus_proxy (FlatpakBwrap *app_bwrap,
 
  proxy_start_index = proxy_bwrap->argv->len;
 
- if (pipe2 (sync_fds, O_CLOEXEC) < 0)
+ sync_fd = flatpak_bwrap_add_sync_fd (app_bwrap);
+ if (sync_fd < 0)
  {
  g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (errno),
  _("Unable to create sync pipe"));
  return FALSE;
  }
 
- /* read end goes to app */
- flatpak_bwrap_add_args_data_fd (app_bwrap, "--sync-fd", sync_fds[0], NULL);
-
- /* write end goes to proxy */
- flatpak_bwrap_add_fd (proxy_bwrap, sync_fds[1]);
- flatpak_bwrap_add_arg_printf (proxy_bwrap, "--fd=%d", sync_fds[1]);
+ flatpak_bwrap_add_fd (proxy_bwrap, sync_fd);
+ flatpak_bwrap_add_arg_printf (proxy_bwrap, "--fd=%d", sync_fd);
 
  /* Note: This steals the fds from proxy_arg_bwrap */
  flatpak_bwrap_append_bwrap (proxy_bwrap, proxy_arg_bwrap);
@@ -178,7 +175,7 @@ flatpak_run_maybe_start_dbus_proxy (FlatpakBwrap *app_bwrap,
  g_clear_pointer (&proxy_bwrap, flatpak_bwrap_free);
 
  /* Sync with proxy, i.e. wait until its listening on the sockets */
- if (read (sync_fds[0], &x, 1) != 1)
+ if (read (app_bwrap->sync_fds[0], &x, 1) != 1)
  {
  g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (errno),
  _("Failed to sync with dbus proxy"));

common/flatpak-run-private.h

@@ -52,6 +52,7 @@ gboolean flatpak_run_add_environment_args (FlatpakBwrap *bwrap,
  GFile *app_id_dir,
  GPtrArray *previous_app_id_dirs,
  int per_app_dir_lock_fd,
+ const char *instance_id,
  FlatpakExports **exports_out,
  GCancellable *cancellable,
  GError **error);
@@ -95,6 +96,7 @@ gboolean flatpak_run_add_app_info_args (FlatpakBwrap *bwrap,
  char **app_info_path_out,
  int instance_id_fd,
  char **host_instance_id_host_dir_out,
+ char **instance_id_out,
  GError **error);
 
 gboolean flatpak_run_app (FlatpakDecomposed *app_ref,

common/flatpak-run-sockets-private.h

@@ -30,7 +30,9 @@ G_BEGIN_DECLS
 
 void flatpak_run_add_socket_args_environment (FlatpakBwrap *bwrap,
  FlatpakContextShares shares,
- FlatpakContextSockets sockets);
+ FlatpakContextSockets sockets,
+ const char *app_id,
+ const char *instance_id);
 void flatpak_run_add_socket_args_late (FlatpakBwrap *bwrap,
  FlatpakContextShares shares);
 

common/flatpak-run-sockets.c

@@ -26,54 +26,10 @@
 
 #include "flatpak-run-cups-private.h"
 #include "flatpak-run-pulseaudio-private.h"
+#include "flatpak-run-wayland-private.h"
 #include "flatpak-run-x11-private.h"
 #include "flatpak-utils-private.h"
 
-/**
- * flatpak_run_add_wayland_args:
- *
- * Returns: %TRUE if a Wayland socket was found.
- */
-static gboolean
-flatpak_run_add_wayland_args (FlatpakBwrap *bwrap)
-{
- const char *wayland_display;
- g_autofree char *user_runtime_dir = flatpak_get_real_xdg_runtime_dir ();
- g_autofree char *wayland_socket = NULL;
- g_autofree char *sandbox_wayland_socket = NULL;
- gboolean res = FALSE;
- struct stat statbuf;
-
- wayland_display = g_getenv ("WAYLAND_DISPLAY");
- if (!wayland_display)
- wayland_display = "wayland-0";
-
- if (wayland_display[0] == '/')
- wayland_socket = g_strdup (wayland_display);
- else
- wayland_socket = g_build_filename (user_runtime_dir, wayland_display, NULL);
-
- if (!g_str_has_prefix (wayland_display, "wayland-") ||
- strchr (wayland_display, '/') != NULL)
- {
- wayland_display = "wayland-0";
- flatpak_bwrap_set_env (bwrap, "WAYLAND_DISPLAY", wayland_display, TRUE);
- }
-
- sandbox_wayland_socket = g_strdup_printf ("/run/flatpak/%s", wayland_display);
-
- if (stat (wayland_socket, &statbuf) == 0 &&
- (statbuf.st_mode & S_IFMT) == S_IFSOCK)
- {
- res = TRUE;
- flatpak_bwrap_add_args (bwrap,
- "--ro-bind", wayland_socket, sandbox_wayland_socket,
- NULL);
- flatpak_bwrap_add_runtime_dir_member (bwrap, wayland_display);
- }
- return res;
-}
-
 static void
 flatpak_run_add_gssproxy_args (FlatpakBwrap *bwrap)
 {
@@ -214,17 +170,20 @@ flatpak_run_add_ssh_args (FlatpakBwrap *bwrap)
  * use of a proxy.
  */
 void
-flatpak_run_add_socket_args_environment (FlatpakBwrap *bwrap,
- FlatpakContextShares shares,
- FlatpakContextSockets sockets)
+flatpak_run_add_socket_args_environment (FlatpakBwrap *bwrap,
+ FlatpakContextShares shares,
+ FlatpakContextSockets sockets,
+ const char *app_id,
+ const char *instance_id)
 {
  gboolean has_wayland = FALSE;
  gboolean allow_x11;
 
  if (sockets & FLATPAK_CONTEXT_SOCKET_WAYLAND)
  {
  g_info ("Allowing wayland access");
- has_wayland = flatpak_run_add_wayland_args (bwrap);
+ g_assert (app_id && instance_id);
+ has_wayland = flatpak_run_add_wayland_args (bwrap, app_id, instance_id);
  }
 
  if ((sockets & FLATPAK_CONTEXT_SOCKET_FALLBACK_X11) != 0)

common/flatpak-run-wayland-private.h

@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2014 Red Hat, Inc
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see <http:https://www.gnu.org/licenses/>.
+ *
+ * Authors:
+ * Alexander Larsson <[email protected]>
+ */
+
+#pragma once
+
+#include "libglnx.h"
+
+#include "flatpak-bwrap-private.h"
+#include "flatpak-common-types-private.h"
+#include "flatpak-context-private.h"
+
+G_BEGIN_DECLS
+
+gboolean
+flatpak_run_add_wayland_args (FlatpakBwrap *bwrap,
+ const char *app_id,
+ const char *instance_id);
+
+G_END_DECLS