[gnome-desktop/wip/hadess/sandbox-flatpak-thumbnailer: 1/5] thumbnail: Prepare for additional sandboxing types




commit 74dc751ea1c78d170b829156fc74468605c69c3f
Author: Bastien Nocera <hadess hadess net>
Date:   Thu Oct 8 13:51:01 2020 +0200

    thumbnail: Prepare for additional sandboxing types
    
    Use an enum instead of a boolean to track which type of sandbox
    mechanism to use.

 libgnome-desktop/gnome-desktop-thumbnail-script.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)
---
diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c 
b/libgnome-desktop/gnome-desktop-thumbnail-script.c
index cfbbad04..95741301 100644
--- a/libgnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/libgnome-desktop/gnome-desktop-thumbnail-script.c
@@ -43,8 +43,13 @@
 
 #include "gnome-desktop-thumbnail-script.h"
 
+typedef enum {
+  SANDBOX_TYPE_NONE,
+  SANDBOX_TYPE_BWRAP
+} SandboxType;
+
 typedef struct {
-  gboolean sandbox;
+  SandboxType sandbox;
   char *thumbnailer_name;
   GArray *fd_array;
   /* Input/output file paths outside the sandbox */
@@ -631,7 +636,7 @@ expand_thumbnailing_cmd (const char  *cmd,
   array = g_ptr_array_new_with_free_func (g_free);
 
 #ifdef HAVE_BWRAP
-  if (script->sandbox)
+  if (script->sandbox == SANDBOX_TYPE_BWRAP)
     {
       if (!add_bwrap (array, script))
         {
@@ -643,7 +648,7 @@ expand_thumbnailing_cmd (const char  *cmd,
 #endif
 
 #ifdef ENABLE_SECCOMP
-  if (script->sandbox)
+  if (script->sandbox == SANDBOX_TYPE_BWRAP)
     {
       const char *arch;
 
@@ -771,7 +776,7 @@ script_exec_new (const char  *uri,
    * Flatpak as all privileges to create a new namespace are dropped when
    * the initial one is created. */
   if (!g_file_test ("/.flatpak-info", G_FILE_TEST_IS_REGULAR))
-    exec->sandbox = TRUE;
+    exec->sandbox = SANDBOX_TYPE_BWRAP;
 #endif
 
   file = g_file_new_for_uri (uri);
@@ -785,7 +790,7 @@ script_exec_new (const char  *uri,
     }
 
 #ifdef HAVE_BWRAP
-  if (exec->sandbox)
+  if (exec->sandbox == SANDBOX_TYPE_BWRAP)
     {
       char *tmpl;
       const char *infile;


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]