[tracker/wip/carlosg/portal: 122/141] libtracker-data: Filter down updates on forbidden graphs



commit fb83f9f072aa33ab3c93c28315e0a4a29a9ca30c
Author: Carlos Garnacho <carlosg gnome org>
Date:   Sat Jan 25 13:52:44 2020 +0100

    libtracker-data: Filter down updates on forbidden graphs
    
    Mostly for the case of insert/delete/update statements, check the current
    graph can be accessed before letting updates go through.

 src/libtracker-data/tracker-sparql.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
---
diff --git a/src/libtracker-data/tracker-sparql.c b/src/libtracker-data/tracker-sparql.c
index 55f98153f..55d802928 100644
--- a/src/libtracker-data/tracker-sparql.c
+++ b/src/libtracker-data/tracker-sparql.c
@@ -642,6 +642,27 @@ build_properties_string (TrackerSparql   *sparql,
        }
 }
 
+static gboolean
+tracker_sparql_graph_is_whitelisted (TrackerSparql *sparql,
+                                     const gchar   *graph)
+{
+       gint i;
+
+       if (!sparql->policy.graphs)
+               return TRUE;
+
+       for (i = 0; i < sparql->policy.graphs->len; i++) {
+               const gchar *policy_graph;
+
+               policy_graph = g_ptr_array_index (sparql->policy.graphs, i);
+
+               if (g_strcmp0 (graph, policy_graph) == 0)
+                       return TRUE;
+       }
+
+       return FALSE;
+}
+
 static GHashTable *
 tracker_sparql_get_effective_graphs (TrackerSparql *sparql)
 {
@@ -1903,6 +1924,15 @@ tracker_sparql_apply_quad (TrackerSparql  *sparql,
 {
        GError *inner_error = NULL;
 
+       if ((tracker_token_is_empty (&sparql->current_state.graph) &&
+            sparql->policy.filter_unnamed_graph) ||
+           (tracker_token_get_literal (&sparql->current_state.graph) &&
+            !tracker_sparql_graph_is_whitelisted (sparql, tracker_token_get_idstring 
(&sparql->current_state.graph)))) {
+               _raise (CONSTRAINT, "Access to graph is disallowed",
+                       tracker_token_is_empty (&sparql->current_state.graph) ? "DEFAULT" :
+                       tracker_token_get_idstring (&sparql->current_state.graph));
+       }
+
        switch (sparql->current_state.type) {
        case TRACKER_SPARQL_TYPE_SELECT:
                _add_quad (sparql,


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]