xdg macro testing

2026-05-15 14:16:14 -06:00 · 2018-08-07 09:08:21 -04:00 · 2018-08-07 09:08:21 -04:00 · 2155203b3e
commit 2155203b3e
parent 04c503bc37
7 changed files with 209 additions and 110 deletions
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@ -35,6 +35,7 @@
 #define EMPTY_STRING ("")
 #define MAXBUF 4098

+// returns mallocated memory
 char *parse_nowhitelist(int nowhitelist_flag, char *ptr1) {
  char *rv;
  if (nowhitelist_flag) {
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@ -69,7 +69,7 @@ Macro macro[] = {
 };

 // return -1 if not found
-int macro_id(const char *name) {
+static int macro_id(const char *name) {
 	int i = 0;
 	while (macro[i].name != NULL) {
 		if (strcmp(name, macro[i].name) == 0)
@ -90,6 +90,7 @@ int is_macro(const char *name) {
 	return 0;
 }

+// returns mallocated memory
 static char *resolve_xdg(const char *var) {
 	char *fname;
 	struct stat s;
@ -145,6 +146,7 @@ static char *resolve_xdg(const char *var) {
 	return NULL;
 }

+// returns mallocated memory
 static char *resolve_hardcoded(char *entries[]) {
 	char *fname;
 	struct stat s;
@ -156,7 +158,10 @@ static char *resolve_hardcoded(char *entries[]) {

 		if (stat(fname, &s) == 0) {
 			free(fname);
-			return entries[i];
+			char *rv = strdup(entries[i]);
+			if (!rv)
+				errExit("strdup");
+			return rv;
 		}
 		free(fname);
 		i++;
@ -165,6 +170,7 @@ static char *resolve_hardcoded(char *entries[]) {
 	return NULL;
 }

+// returns mallocated memory
 char *resolve_macro(const char *name) {
 	char *rv = NULL;
 	int id = macro_id(name);
@ -223,121 +229,18 @@ char *expand_home(const char *path, const char *homedir) {
 			EUID_ROOT();
 		return new_name;
 	}
-#if 0
-	else if (strncmp(path, "${DOWNLOADS}", 12) == 0) {
-		char *tmp = resolve_xdg("XDG_DOWNLOAD_DIR=\"$HOME/", 24, "Downloads");
-		char *tmp2 = resolve_hardcoded(dentry, "Downloads");
-		if(tmp) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 12) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-		else if(tmp2) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 12) == -1)
+	else {
+		char *directory = resolve_macro(path);
+		if (directory) {
+			if (asprintf(&new_name, "%s/%s", cfg.homedir, directory) == -1)
 				errExit("asprintf");
 			if(called_as_root)
 				EUID_ROOT();
+			free(directory);
 			return new_name;
 		}
 	}

-	else if (strncmp(path, "${MUSIC}", 8) == 0) {
-		char *tmp = resolve_xdg("XDG_MUSIC_DIR=\"$HOME/", 21, "Music");
-		char *tmp2 = resolve_hardcoded(mentry, "Music");
-		if(tmp) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 8) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-		else if(tmp2) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 8) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-	}
-
-	else if (strncmp(path, "${VIDEOS}", 9) == 0) {
-		char *tmp = resolve_xdg("XDG_VIDEOS_DIR=\"$HOME/", 22, "Videos");
-		char *tmp2 = resolve_hardcoded(ventry, "Videos");
-		if(tmp) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 9) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-		else if(tmp2) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 9) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-	}
-
-	else if (strncmp(path, "${PICTURES}", 11) == 0) {
-		char *tmp = resolve_xdg("XDG_PICTURES_DIR=\"$HOME/", 24, "Pictures");
-		char *tmp2 = resolve_hardcoded(pentry, "Pictures");
-		if(tmp) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 11) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-		else if(tmp2) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 11) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-	}
-
-	else if (strncmp(path, "${DESKTOP}", 10) == 0) {
-		char *tmp = resolve_xdg("XDG_DESKTOP_DIR=\"$HOME/", 24, "Desktop");
-		char *tmp2 = resolve_hardcoded(deentry, "Desktop");
-		if(tmp) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 10) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-		else if(tmp2) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 10) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-	}
-
-	else if (strncmp(path, "${DOCUMENTS}", 12) == 0) {
-		char *tmp = resolve_xdg("XDG_DOCUMENTS_DIR=\"$HOME/", 25, "Documents");
-		char *tmp2 = resolve_hardcoded(doentry, "Documents");
-		if(tmp) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp, path + 12) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-		else if(tmp2) {
-			if (asprintf(&new_name, "%s/%s%s", homedir, tmp2, path + 12) == -1)
-				errExit("asprintf");
-			if(called_as_root)
-				EUID_ROOT();
-			return new_name;
-		}
-	}
-#endif
 	char *rv = strdup(path);
 	if (!rv)
 		errExit("strdup");
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@ -58,6 +58,9 @@ echo "TESTING: empty private-etc (test/fs/private-etc-empty.exp)"
 echo "TESTING: private-bin (test/fs/private-bin.exp)"
 ./private-bin.exp

+echo "TESTING: macros (test/fs/macro..exp)"
+./macro.exp
+
 echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)"
 ./whitelist-empty.exp

--- a/test/fs/macro-blacklist.profile
+++ b/test/fs/macro-blacklist.profile
@ -0,0 +1,6 @@
+blacklist ${VIDEOS}
+blacklist ${DOCUMENTS}
+blacklist ${MUSIC}
+blacklist ${DOWNLOADS}
+blacklist ${PICTURES}
+blacklist ${DESKTOP}
--- a/test/fs/macro-readonly.profile
+++ b/test/fs/macro-readonly.profile
@ -0,0 +1,6 @@
+read-only ${VIDEOS}
+read-only ${DOCUMENTS}
+read-only ${MUSIC}
+read-only ${DOWNLOADS}
+read-only ${PICTURES}
+read-only ${DESKTOP}
--- a/test/fs/macro-whitelist.profile
+++ b/test/fs/macro-whitelist.profile
@ -0,0 +1,6 @@
+whitelist ${VIDEOS}
+whitelist ${DOCUMENTS}
+whitelist ${MUSIC}
+whitelist ${DOWNLOADS}
+whitelist ${PICTURES}
+whitelist ${DESKTOP}
--- a/test/fs/macro.exp
+++ b/test/fs/macro.exp
@ -0,0 +1,174 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+
+send -- "firejail --profile=macro-whitelist.profile ls ~\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	"Desktop"
+}
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"Documents"
+}
+expect {
+	timeout {puts "TESTING ERROR 3\n";exit}
+	"Downloads"
+}
+expect {
+	timeout {puts "TESTING ERROR 4\n";exit}
+	"Music"
+}
+expect {
+	timeout {puts "TESTING ERROR 5\n";exit}
+	"Pictures"
+}
+expect {
+	timeout {puts "TESTING ERROR 6\n";exit}
+	"Videos"
+}
+sleep 1
+
+send -- "firejail --profile=macro-blacklist.profile ls ~/Desktop\r"
+expect {
+	timeout {puts "TESTING ERROR 7\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 8\n";exit}
+	"Permission denied"
+}
+sleep 1
+
+send -- "firejail --profile=macro-blacklist.profile ls ~/Documents\r"
+expect {
+	timeout {puts "TESTING ERROR 9n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 10\n";exit}
+	"Permission denied"
+}
+sleep 1
+
+send -- "firejail --profile=macro-blacklist.profile ls ~/Downloads\r"
+expect {
+	timeout {puts "TESTING ERROR 11n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 12n";exit}
+	"Permission denied"
+}
+sleep 1
+
+send -- "firejail --profile=macro-blacklist.profile ls ~/Music\r"
+expect {
+	timeout {puts "TESTING ERROR 13\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 14\n";exit}
+	"Permission denied"
+}
+sleep 1
+
+send -- "firejail --profile=macro-blacklist.profile ls ~/Pictures\r"
+expect {
+	timeout {puts "TESTING ERROR 15\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 16\n";exit}
+	"Permission denied"
+}
+sleep 1
+
+send -- "firejail --profile=macro-blacklist.profile ls ~/Videos\r"
+expect {
+	timeout {puts "TESTING ERROR 17\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 18\n";exit}
+	"Permission denied"
+}
+sleep 1
+
+send -- "firejail --profile=macro-readonly.profile touch ~/Desktop/blablabla\r"
+expect {
+	timeout {puts "TESTING ERROR 19\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 20\n";exit}
+	"Read-only file system"
+}
+sleep 1
+
+send -- "firejail --profile=macro-readonly.profile touch ~/Documents/blablabla\r"
+expect {
+	timeout {puts "TESTING ERROR 21\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 22\n";exit}
+	"Read-only file system"
+}
+sleep 1
+
+send -- "firejail --profile=macro-readonly.profile touch ~/Downloads/blablabla\r"
+expect {
+	timeout {puts "TESTING ERROR 23\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 24\n";exit}
+	"Read-only file system"
+}
+sleep 1
+
+send -- "firejail --profile=macro-readonly.profile touch ~/Music/blablabla\r"
+expect {
+	timeout {puts "TESTING ERROR 25\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 26\n";exit}
+	"Read-only file system"
+}
+sleep 1
+
+send -- "firejail --profile=macro-readonly.profile touch ~/Pictures/blablabla\r"
+expect {
+	timeout {puts "TESTING ERROR 27\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 28\n";exit}
+	"Read-only file system"
+}
+sleep 1
+
+send -- "firejail --profile=macro-readonly.profile touch ~/Videos/blablabla\r"
+expect {
+	timeout {puts "TESTING ERROR 29\n";exit}
+	"Child process initialized"
+}
+expect {
+	timeout {puts "TESTING ERROR 30\n";exit}
+	"Read-only file system"
+}
+sleep 1
+
+puts "\nall done\n"