Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[harbour-validator] Validate X-Sailjail section. JB#54752
  • Loading branch information
@vigejolla
vigejolla committed Jun 23, 2021
1 parent 3f3f18e commit 9988aa5
Show file tree
Hide file tree
Showing 6 changed files with 97 additions and 0 deletions.
18 changes: 18 additions & 0 deletions allowed_permissions.conf
View file
@@ -0,0 +1,18 @@
# Allowed permissions in X-Sailjail
Audio
Bluetooth
Camera
Internet
Location
MediaIndexing
Microphone
NFC
RemovableMedia
UserDirs
WebView
Documents
Downloads
Music
Pictures
PublicDir
Videos
4 changes: 4 additions & 0 deletions allowed_sailjailkeys.conf
View file
@@ -0,0 +1,4 @@
# Allowed keys in X-Sailjail section of desktop file
Permissions
OrganizationName
ApplicationName
3 changes: 3 additions & 0 deletions disallowed_orgnames.conf
View file
@@ -0,0 +1,3 @@
# Disallowed OrganizationNames in X-Sailjail section of desktop file
com.jolla
org.sailfishos
3 changes: 3 additions & 0 deletions rpm/sdk-harbour-rpmvalidator.spec
View file
Expand Up @@ -85,6 +85,9 @@ install -D -m 0644 deprecated_libraries.conf %{buildroot}%{_datadir}/%{name}/dep
install -D -m 0644 deprecated_qmlimports.conf %{buildroot}%{_datadir}/%{name}/deprecated_qmlimports.conf
install -D -m 0644 deprecated_requires.conf %{buildroot}%{_datadir}/%{name}/deprecated_requires.conf
install -D -m 0644 disallowed_qmlimport_patterns.conf %{buildroot}%{_datadir}/%{name}/disallowed_qmlimport_patterns.conf
install -D -m 0644 allowed_sailjailkeys.conf %{buildroot}%{_datadir}/%{name}/allowed_sailjailkeys.conf
install -D -m 0644 allowed_permissions.conf %{buildroot}%{_datadir}/%{name}/allowed_permissions.conf
install -D -m 0644 disallowed_orgnames.conf %{buildroot}%{_datadir}/%{name}/disallowed_orgnames.conf
install -D -m 0644 rpmvalidation.conf %{buildroot}%{_datadir}/%{name}/rpmvalidation.conf
install -D -m 0644 harbour.ini %{buildroot}%{_datadir}/rpmvalidation/suites/harbour.ini

Expand Down
6 changes: 6 additions & 0 deletions rpmvalidation.conf
View file
Expand Up @@ -32,6 +32,12 @@ GLIBC_MAIN_VERSION_I486='2.0'
ALLOWED_REQUIRES="allowed_libraries.conf allowed_requires.conf"
DEPRECATED_REQUIRES="deprecated_libraries.conf deprecated_requires.conf"

#
# X-Sailjail validation: Allowed keys, Permissions and OrganizationNames
#
ALLOWED_SAILJAILKEYS="allowed_sailjailkeys.conf"
ALLOWED_PERMISSIONS="allowed_permissions.conf"
DISALLOWED_ORGNAMES="disallowed_orgnames.conf"

#
# Binaries
Expand Down
63 changes: 63 additions & 0 deletions rpmvalidation.sh
View file
Expand Up @@ -515,6 +515,11 @@ validatedesktopfile() {
INFO_MSG_PRINTED=1
fi

$GREP "^\[X-Sailjail\]$" $DESKTOP_NAME >/dev/null 2>&1
if [[ $? -eq 0 ]] ; then
validatexsailjail <<<$(sed '1,/^\[X-Sailjail\]/d;/\[/,$d' $DESKTOP_NAME)
fi

$GREP "^X-Nemo-Application-Type=silica-qt5[[:space:]]*$" $DESKTOP_NAME >/dev/null 2>&1
if [[ $? -ne 0 ]] ; then
if [ $USES_SAILFISH_SILICA_QML_IMPORT -eq 1 ]; then
Expand Down Expand Up @@ -545,6 +550,64 @@ validatedesktopfile() {
fi
}

validatexsailjail() {
local validatedlinesfound=0
while read line; do
if [[ ! -z "$line" ]]; then
validatesailjailkey "$line"
validatedlinesfound=1
fi
done
if [ $validatedlinesfound -eq 0 ]; then
validation_error $DESKTOP_NAME "Empty X-Sailjail section not allowed"
INFO_MSG_PRINTED=1
fi
}

validatesailjailkey() {
local key=$(echo $1 | sed "s/=.*//")
local value=$(echo $1 | sed "s/[^=]*=\(.*\)/\1/")
if ! check_contained_in "$key" $ALLOWED_SAILJAILKEYS; then
validation_error $DESKTOP_NAME "X-Sailjail key is not allowed: $key"
INFO_MSG_PRINTED=1
elif [[ $key == Permissions ]]; then
validatesailjailpermissions <<<$value
elif [[ $key == OrganizationName ]]; then
validateorganizationname "$value"
elif [[ $key == ApplicationName ]]; then
if [[ ! $value =~ ^[A-Za-z_-][A-Z0-9a-z_-]*$ ]]; then
echo ApplicationName=$value
validation_error "ApplicationName contains illegal characters"
INFO_MSG_PRINTED=1
fi
fi
}

validateorganizationname () {
if [[ ! $1 =~ ^[0-9a-z._-]+$ ]]; then
validation_error $DESKTOP_NAME "Organization name contains illegal characters"
INFO_MSG_PRINTED=1
fi
if [[ $1 =~ (^|[.])[0-9] ]]; then
validation_error $DESKTOP_NAME "Organization name component may not start with a number"
INFO_MSG_PRINTED=1
fi
if check_contained_in "$1" $DISALLOWED_ORGNAMES; then
validation_error $DESKTOP_NAME "OrganizationName not allowed: $1"
INFO_MSG_PRINTED=1
fi
}

validatesailjailpermissions() {
IFS=';' read -ra PERMISSIONS
for permission in "${PERMISSIONS[@]}"; do
if ! check_contained_in "$permission" $ALLOWED_PERMISSIONS; then
validation_error $DESKTOP_NAME "X-Sailjail permission not allowed: $permission"
INFO_MSG_PRINTED=1
fi
done
}

isLibraryAllowed() {
if check_contained_in "$1" $ALLOWED_LIBRARIES; then
:
Expand Down

0 comments on commit 9988aa5

Please sign in to comment.