Merge lp:~ken-vandine/content-hub/lp1456628 into lp:content-hub
- lp1456628
- Merge into trunk
Status: | Merged |
---|---|
Approved by: | Michael Sheldon |
Approved revision: | 223 |
Merged at revision: | 212 |
Proposed branch: | lp:~ken-vandine/content-hub/lp1456628 |
Merge into: | lp:content-hub |
Diff against target: |
489 lines (+192/-27) 16 files modified
CMakeLists.txt (+1/-0) debian/apparmor/content-hub-testability (+15/-0) debian/content-hub-testability.install (+1/-0) debian/control (+4/-0) debian/rules (+4/-0) debian/tests/aa-check (+41/-0) debian/tests/control (+3/-0) src/com/ubuntu/content/CMakeLists.txt (+2/-0) src/com/ubuntu/content/detail/service.h (+1/-1) src/com/ubuntu/content/detail/transfer.cpp (+19/-2) src/com/ubuntu/content/detail/transfer.h (+4/-2) src/com/ubuntu/content/utils.cpp (+51/-7) tests/peers/exporter/CMakeLists.txt (+2/-0) tests/peers/exporter/autoexporter.cpp (+21/-12) tests/peers/exporter/autoexporter.h (+4/-0) tests/peers/exporter/exporter.cpp (+19/-3) |
To merge this branch: | bzr merge lp:~ken-vandine/content-hub/lp1456628 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Michael Sheldon (community) | Approve | ||
Review via email: mp+260191@code.launchpad.net |
Commit message
* SECURITY UPDATE: file disclosure via unchecked AppArmor profile
(LP: #1456628)
- Don't allow exporting of files that aren't allowed by the source apparmor profile
- CVE-2015-1327
Description of the change
Verify the source app has read access to local files being transferred
Debs can be found at http://
This can be tested by installing the content-
"content-
Should exit 0
"content-
Should exit 1
Michael Sheldon (michael-sheldon) wrote : | # |
Ken VanDine (ken-vandine) wrote : | # |
Are there any related MPs required for this MP to build/function as expected? Please list.
* No
Is your branch in sync with latest trunk (e.g. bzr pull lp:trunk -> no changes)
* Yes
Did you perform an exploratory manual test run of your code change and any related functionality on device or emulator?
* Yes
Did you successfully run all tests found in your component's Test Plan (https:/
* Yes
If you changed the UI, was the change specified/approved by design?
* No change
If you changed UI labels, did you update the pot file?
* No change
If you changed the packaging (debian), did you add a core-dev as a reviewer to this MP?
* I'm a core-dev, added autopkgtests, apparmor profile for testing and build depends for apparmor
Michael Sheldon (michael-sheldon) wrote : | # |
Did you perform an exploratory manual test run of the code change and any related functionality on device or emulator?
* Yes
Did CI run pass? If not, please explain why.
* No CI due to private MR
Have you checked that submitter has accurately filled out the submitter checklist and has taken no shortcut?
* Yes
Preview Diff
1 | === modified file 'CMakeLists.txt' | |||
2 | --- CMakeLists.txt 2015-04-20 21:21:19 +0000 | |||
3 | +++ CMakeLists.txt 2015-06-02 12:46:00 +0000 | |||
4 | @@ -68,6 +68,7 @@ | |||
5 | 68 | pkg_check_modules(DBUS REQUIRED dbus-1) | 68 | pkg_check_modules(DBUS REQUIRED dbus-1) |
6 | 69 | pkg_check_modules(UBUNTU_DOWNLOAD_MANAGER REQUIRED ubuntu-download-manager-client) | 69 | pkg_check_modules(UBUNTU_DOWNLOAD_MANAGER REQUIRED ubuntu-download-manager-client) |
7 | 70 | pkg_check_modules(NOTIFY REQUIRED libnotify) | 70 | pkg_check_modules(NOTIFY REQUIRED libnotify) |
8 | 71 | pkg_check_modules(APPARMOR REQUIRED libapparmor) | ||
9 | 71 | 72 | ||
10 | 72 | add_definitions(-DDEBUG_ENABLED) | 73 | add_definitions(-DDEBUG_ENABLED) |
11 | 73 | 74 | ||
12 | 74 | 75 | ||
13 | === added directory 'debian/apparmor' | |||
14 | === added file 'debian/apparmor/content-hub-testability' | |||
15 | --- debian/apparmor/content-hub-testability 1970-01-01 00:00:00 +0000 | |||
16 | +++ debian/apparmor/content-hub-testability 2015-06-02 12:46:00 +0000 | |||
17 | @@ -0,0 +1,15 @@ | |||
18 | 1 | # vim:syntax=apparmor | ||
19 | 2 | # Author: Ken VanDine <ken.vandine@canonical.com> | ||
20 | 3 | # | ||
21 | 4 | #include <tunables/global> | ||
22 | 5 | |||
23 | 6 | profile "content-hub-test-ok" { | ||
24 | 7 | #include <abstractions/base> | ||
25 | 8 | #include <abstractions/dbus-session> | ||
26 | 9 | /etc/issue r, | ||
27 | 10 | } | ||
28 | 11 | profile "content-hub-test-bad" { | ||
29 | 12 | #include <abstractions/base> | ||
30 | 13 | #include <abstractions/dbus-session> | ||
31 | 14 | audit deny /etc/issue r, | ||
32 | 15 | } | ||
33 | 0 | 16 | ||
34 | === modified file 'debian/content-hub-testability.install' | |||
35 | --- debian/content-hub-testability.install 2014-08-07 19:35:30 +0000 | |||
36 | +++ debian/content-hub-testability.install 2015-06-02 12:46:00 +0000 | |||
37 | @@ -3,3 +3,4 @@ | |||
38 | 3 | usr/share/applications/content-hub-test* | 3 | usr/share/applications/content-hub-test* |
39 | 4 | usr/share/content-hub/testability/data | 4 | usr/share/content-hub/testability/data |
40 | 5 | usr/share/icons/hicolor/512x512/apps/content-hub-test* | 5 | usr/share/icons/hicolor/512x512/apps/content-hub-test* |
41 | 6 | debian/apparmor/content-hub-testability etc/apparmor.d | ||
42 | 6 | 7 | ||
43 | === modified file 'debian/control' | |||
44 | --- debian/control 2015-04-22 14:27:27 +0000 | |||
45 | +++ debian/control 2015-06-02 12:46:00 +0000 | |||
46 | @@ -5,10 +5,12 @@ | |||
47 | 5 | click-dev, | 5 | click-dev, |
48 | 6 | dbus-test-runner, | 6 | dbus-test-runner, |
49 | 7 | debhelper (>= 9), | 7 | debhelper (>= 9), |
50 | 8 | dh-apparmor, | ||
51 | 8 | dh-translations, | 9 | dh-translations, |
52 | 9 | doxygen, | 10 | doxygen, |
53 | 10 | google-mock, | 11 | google-mock, |
54 | 11 | lcov, | 12 | lcov, |
55 | 13 | libapparmor-dev, | ||
56 | 12 | libglib2.0-dev, | 14 | libglib2.0-dev, |
57 | 13 | libgsettings-qt-dev, | 15 | libgsettings-qt-dev, |
58 | 14 | libnih-dbus-dev, | 16 | libnih-dbus-dev, |
59 | @@ -28,6 +30,7 @@ | |||
60 | 28 | Vcs-Bzr: https://code.launchpad.net/~phablet-team/content-hub/trunk | 30 | Vcs-Bzr: https://code.launchpad.net/~phablet-team/content-hub/trunk |
61 | 29 | Vcs-Browser: https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/files | 31 | Vcs-Browser: https://bazaar.launchpad.net/~phablet-team/content-hub/trunk/files |
62 | 30 | X-Ubuntu-Use-Langpack: yes | 32 | X-Ubuntu-Use-Langpack: yes |
63 | 33 | XS-Testsuite: autopkgtest | ||
64 | 31 | 34 | ||
65 | 32 | Package: content-hub | 35 | Package: content-hub |
66 | 33 | Architecture: any | 36 | Architecture: any |
67 | @@ -88,5 +91,6 @@ | |||
68 | 88 | Architecture: any | 91 | Architecture: any |
69 | 89 | Depends: ${misc:Depends}, | 92 | Depends: ${misc:Depends}, |
70 | 90 | ${shlibs:Depends}, | 93 | ${shlibs:Depends}, |
71 | 94 | content-hub, | ||
72 | 91 | Description: content sharing testability | 95 | Description: content sharing testability |
73 | 92 | Files and utilities needed for automated testing of content-hub | 96 | Files and utilities needed for automated testing of content-hub |
74 | 93 | 97 | ||
75 | === modified file 'debian/rules' | |||
76 | --- debian/rules 2014-10-10 16:13:03 +0000 | |||
77 | +++ debian/rules 2015-06-02 12:46:00 +0000 | |||
78 | @@ -6,6 +6,10 @@ | |||
79 | 6 | %: | 6 | %: |
80 | 7 | dh $@ --with click,translations --fail-missing -- -B build | 7 | dh $@ --with click,translations --fail-missing -- -B build |
81 | 8 | 8 | ||
82 | 9 | override_dh_auto_install: | ||
83 | 10 | dh_auto_install | ||
84 | 11 | dh_apparmor -pcontent-hub-testability --profile-name=content-hub-testability | ||
85 | 12 | |||
86 | 9 | override_dh_auto_test: | 13 | override_dh_auto_test: |
87 | 10 | dbus-test-runner -t make -p "-C" -p "build/tests/acceptance-tests" -p test | 14 | dbus-test-runner -t make -p "-C" -p "build/tests/acceptance-tests" -p test |
88 | 11 | 15 | ||
89 | 12 | 16 | ||
90 | === added directory 'debian/tests' | |||
91 | === added file 'debian/tests/aa-check' | |||
92 | --- debian/tests/aa-check 1970-01-01 00:00:00 +0000 | |||
93 | +++ debian/tests/aa-check 2015-06-02 12:46:00 +0000 | |||
94 | @@ -0,0 +1,41 @@ | |||
95 | 1 | #!/bin/sh | ||
96 | 2 | |||
97 | 3 | # start X | ||
98 | 4 | (Xvfb :5 >/dev/null 2>&1 &) | ||
99 | 5 | XVFB_PID=$! | ||
100 | 6 | export DISPLAY=:5 | ||
101 | 7 | |||
102 | 8 | # start local session D-BUS | ||
103 | 9 | eval `dbus-launch` | ||
104 | 10 | trap "kill $DBUS_SESSION_BUS_PID $XVFB_PID" 0 TERM QUIT INT | ||
105 | 11 | export DBUS_SESSION_BUS_ADDRESS | ||
106 | 12 | export XAUTHORITY=/dev/null | ||
107 | 13 | |||
108 | 14 | oktests="content-hub-test-ok" | ||
109 | 15 | badtests="content-hub-test-bad" | ||
110 | 16 | FAILED="" | ||
111 | 17 | |||
112 | 18 | for a in $oktests; do | ||
113 | 19 | content-hub-test-importer &2>/dev/null | ||
114 | 20 | content-hub-test-exporter content-hub-test-importer file:///etc/issue $a 2>/dev/null | ||
115 | 21 | if [ $? -ne 0 ]; then | ||
116 | 22 | FAILED="$FAILED $a" | ||
117 | 23 | fi | ||
118 | 24 | done | ||
119 | 25 | |||
120 | 26 | for b in $badtests; do | ||
121 | 27 | content-hub-test-importer &2>/dev/null | ||
122 | 28 | content-hub-test-exporter content-hub-test-importer file:///etc/issue $b 2>/dev/null | ||
123 | 29 | if [ $? -eq 0 ]; then | ||
124 | 30 | FAILED="$FAILED $b" | ||
125 | 31 | fi | ||
126 | 32 | done | ||
127 | 33 | |||
128 | 34 | if [ -z "$FAILED" ]; then | ||
129 | 35 | echo "All tests passed" | ||
130 | 36 | exit 0 | ||
131 | 37 | else | ||
132 | 38 | echo "$FAILED failed" | ||
133 | 39 | exit 1 | ||
134 | 40 | fi | ||
135 | 41 | |||
136 | 0 | 42 | ||
137 | === added file 'debian/tests/control' | |||
138 | --- debian/tests/control 1970-01-01 00:00:00 +0000 | |||
139 | +++ debian/tests/control 2015-06-02 12:46:00 +0000 | |||
140 | @@ -0,0 +1,3 @@ | |||
141 | 1 | Tests: aa-check | ||
142 | 2 | Depends: content-hub-testability, dbus-x11, xvfb | ||
143 | 3 | Restrictions: allow-stderr | ||
144 | 0 | 4 | ||
145 | === modified file 'src/com/ubuntu/content/CMakeLists.txt' | |||
146 | --- src/com/ubuntu/content/CMakeLists.txt 2014-05-26 06:45:57 +0000 | |||
147 | +++ src/com/ubuntu/content/CMakeLists.txt 2015-06-02 12:46:00 +0000 | |||
148 | @@ -28,6 +28,7 @@ | |||
149 | 28 | ${UBUNTU_LAUNCH_INCLUDE_DIRS} | 28 | ${UBUNTU_LAUNCH_INCLUDE_DIRS} |
150 | 29 | ${UBUNTU_DOWNLOAD_MANAGER_INCLUDE_DIRS} | 29 | ${UBUNTU_DOWNLOAD_MANAGER_INCLUDE_DIRS} |
151 | 30 | ${NOTIFY_INCLUDE_DIRS} | 30 | ${NOTIFY_INCLUDE_DIRS} |
152 | 31 | ${APPARMOR_INCLUDE_DIRS} | ||
153 | 31 | ) | 32 | ) |
154 | 32 | 33 | ||
155 | 33 | qt5_add_dbus_interface( | 34 | qt5_add_dbus_interface( |
156 | @@ -105,6 +106,7 @@ | |||
157 | 105 | ${GIO_LIBRARIES} | 106 | ${GIO_LIBRARIES} |
158 | 106 | ${UBUNTU_DOWNLOAD_MANAGER_LIBRARIES} | 107 | ${UBUNTU_DOWNLOAD_MANAGER_LIBRARIES} |
159 | 107 | ${NOTIFY_LIBRARIES} | 108 | ${NOTIFY_LIBRARIES} |
160 | 109 | ${APPARMOR_LDFLAGS} | ||
161 | 108 | ) | 110 | ) |
162 | 109 | 111 | ||
163 | 110 | install( | 112 | install( |
164 | 111 | 113 | ||
165 | === modified file 'src/com/ubuntu/content/detail/service.h' | |||
166 | --- src/com/ubuntu/content/detail/service.h 2014-11-19 18:37:26 +0000 | |||
167 | +++ src/com/ubuntu/content/detail/service.h 2015-06-02 12:46:00 +0000 | |||
168 | @@ -79,7 +79,7 @@ | |||
169 | 79 | void handle_exports(int); | 79 | void handle_exports(int); |
170 | 80 | void handler_unregistered(const QString&); | 80 | void handler_unregistered(const QString&); |
171 | 81 | QDBusObjectPath CreateTransfer(const QString&, const QString&, int, const QString&); | 81 | QDBusObjectPath CreateTransfer(const QString&, const QString&, int, const QString&); |
173 | 82 | void download_notify (com::ubuntu::content::detail::Transfer*); | 82 | void download_notify(com::ubuntu::content::detail::Transfer*); |
174 | 83 | 83 | ||
175 | 84 | }; | 84 | }; |
176 | 85 | } | 85 | } |
177 | 86 | 86 | ||
178 | === modified file 'src/com/ubuntu/content/detail/transfer.cpp' | |||
179 | --- src/com/ubuntu/content/detail/transfer.cpp 2015-04-21 14:46:25 +0000 | |||
180 | +++ src/com/ubuntu/content/detail/transfer.cpp 2015-06-02 12:46:00 +0000 | |||
181 | @@ -36,7 +36,7 @@ | |||
182 | 36 | const QString& source, | 36 | const QString& source, |
183 | 37 | const QString& destination, | 37 | const QString& destination, |
184 | 38 | const int direction, | 38 | const int direction, |
186 | 39 | const QString& content_type) : | 39 | const QString& content_type): |
187 | 40 | state(cuc::Transfer::created), | 40 | state(cuc::Transfer::created), |
188 | 41 | id(id), | 41 | id(id), |
189 | 42 | source(source), | 42 | source(source), |
190 | @@ -166,12 +166,28 @@ | |||
191 | 166 | return; | 166 | return; |
192 | 167 | } | 167 | } |
193 | 168 | 168 | ||
194 | 169 | QString profile = aa_profile(message().service()); | ||
195 | 170 | TRACE() << Q_FUNC_INFO << "PROFILE:" << profile; | ||
196 | 171 | |||
197 | 169 | QVariantList ret; | 172 | QVariantList ret; |
198 | 170 | Q_FOREACH(QVariant iv, items) { | 173 | Q_FOREACH(QVariant iv, items) { |
199 | 171 | cuc::Item item = qdbus_cast<Item>(iv); | 174 | cuc::Item item = qdbus_cast<Item>(iv); |
200 | 172 | if (item.url().isEmpty()) { | 175 | if (item.url().isEmpty()) { |
201 | 173 | ret.append(QVariant::fromValue(item)); | 176 | ret.append(QVariant::fromValue(item)); |
202 | 174 | } else { | 177 | } else { |
203 | 178 | TRACE() << Q_FUNC_INFO; | ||
204 | 179 | if (profile.toStdString() != QString("unconfined").toStdString() && | ||
205 | 180 | item.url().isLocalFile()) { | ||
206 | 181 | TRACE() << Q_FUNC_INFO << "IS LOCAL FILE"; | ||
207 | 182 | QString file(item.url().toLocalFile()); | ||
208 | 183 | TRACE() << Q_FUNC_INFO << "FILE:" << file; | ||
209 | 184 | // Verify app has read access to local file before transfer | ||
210 | 185 | if (not check_profile_read(profile, file)) { | ||
211 | 186 | // If failed to access file, abort | ||
212 | 187 | ret.clear(); | ||
213 | 188 | goto abort; | ||
214 | 189 | } | ||
215 | 190 | } | ||
216 | 175 | QString newUrl = copy_to_store(item.url().toString(), d->store); | 191 | QString newUrl = copy_to_store(item.url().toString(), d->store); |
217 | 176 | if (!newUrl.isEmpty()) { | 192 | if (!newUrl.isEmpty()) { |
218 | 177 | item.setUrl(QUrl(newUrl)); | 193 | item.setUrl(QUrl(newUrl)); |
219 | @@ -179,11 +195,12 @@ | |||
220 | 179 | ret.append(QVariant::fromValue(item)); | 195 | ret.append(QVariant::fromValue(item)); |
221 | 180 | } else { | 196 | } else { |
222 | 181 | ret.clear(); | 197 | ret.clear(); |
224 | 182 | break; | 198 | goto abort; |
225 | 183 | } | 199 | } |
226 | 184 | } | 200 | } |
227 | 185 | } | 201 | } |
228 | 186 | 202 | ||
229 | 203 | abort: | ||
230 | 187 | if (ret.count() <= 0) | 204 | if (ret.count() <= 0) |
231 | 188 | { | 205 | { |
232 | 189 | qWarning() << "Failed to charge items, aborting"; | 206 | qWarning() << "Failed to charge items, aborting"; |
233 | 190 | 207 | ||
234 | === modified file 'src/com/ubuntu/content/detail/transfer.h' | |||
235 | --- src/com/ubuntu/content/detail/transfer.h 2014-09-26 10:34:39 +0000 | |||
236 | +++ src/com/ubuntu/content/detail/transfer.h 2015-06-02 12:46:00 +0000 | |||
237 | @@ -18,9 +18,11 @@ | |||
238 | 18 | #ifndef TRANSFER_H_ | 18 | #ifndef TRANSFER_H_ |
239 | 19 | #define TRANSFER_H_ | 19 | #define TRANSFER_H_ |
240 | 20 | 20 | ||
241 | 21 | #include <QDir> | ||
242 | 21 | #include <QObject> | 22 | #include <QObject> |
243 | 22 | #include <QStringList> | 23 | #include <QStringList> |
245 | 23 | #include <QDir> | 24 | #include <QtDBus/QDBusMessage> |
246 | 25 | #include <QtDBus/QDBusContext> | ||
247 | 24 | #include <ubuntu/download_manager/error.h> | 26 | #include <ubuntu/download_manager/error.h> |
248 | 25 | 27 | ||
249 | 26 | namespace com | 28 | namespace com |
250 | @@ -31,7 +33,7 @@ | |||
251 | 31 | { | 33 | { |
252 | 32 | namespace detail | 34 | namespace detail |
253 | 33 | { | 35 | { |
255 | 34 | class Transfer : public QObject | 36 | class Transfer : public QObject, protected QDBusContext |
256 | 35 | { | 37 | { |
257 | 36 | Q_OBJECT | 38 | Q_OBJECT |
258 | 37 | Q_PROPERTY(int State READ State NOTIFY StateChanged) | 39 | Q_PROPERTY(int State READ State NOTIFY StateChanged) |
259 | 38 | 40 | ||
260 | === modified file 'src/com/ubuntu/content/utils.cpp' | |||
261 | --- src/com/ubuntu/content/utils.cpp 2015-03-16 16:57:15 +0000 | |||
262 | +++ src/com/ubuntu/content/utils.cpp 2015-06-02 12:46:00 +0000 | |||
263 | @@ -16,12 +16,14 @@ | |||
264 | 16 | * Authored by: Ken VanDine <ken.vandine@canonical.com> | 16 | * Authored by: Ken VanDine <ken.vandine@canonical.com> |
265 | 17 | */ | 17 | */ |
266 | 18 | 18 | ||
267 | 19 | #include <QCoreApplication> | ||
268 | 20 | #include <QDir> | ||
269 | 21 | #include <QFile> | ||
270 | 22 | #include <QFileInfo> | ||
271 | 23 | #include <QProcess> | ||
272 | 19 | #include <QtCore> | 24 | #include <QtCore> |
273 | 20 | #include <QtDBus/QDBusMessage> | 25 | #include <QtDBus/QDBusMessage> |
274 | 21 | #include <QtDBus/QDBusConnection> | 26 | #include <QtDBus/QDBusConnection> |
275 | 22 | #include <QFile> | ||
276 | 23 | #include <QDir> | ||
277 | 24 | #include <QFileInfo> | ||
278 | 25 | #include <QUrl> | 27 | #include <QUrl> |
279 | 26 | #include <nih/alloc.h> | 28 | #include <nih/alloc.h> |
280 | 27 | #include <nih-dbus/dbus_util.h> | 29 | #include <nih-dbus/dbus_util.h> |
281 | @@ -31,6 +33,11 @@ | |||
282 | 31 | #include "com/ubuntu/content/type.h" | 33 | #include "com/ubuntu/content/type.h" |
283 | 32 | #include <unistd.h> | 34 | #include <unistd.h> |
284 | 33 | 35 | ||
285 | 36 | #include <sys/apparmor.h> | ||
286 | 37 | /* need to be exposed in libapparmor but for now ... */ | ||
287 | 38 | #define AA_CLASS_FILE 2 | ||
288 | 39 | #define AA_MAY_READ (1 << 2) | ||
289 | 40 | |||
290 | 34 | namespace cuc = com::ubuntu::content; | 41 | namespace cuc = com::ubuntu::content; |
291 | 35 | 42 | ||
292 | 36 | namespace { | 43 | namespace { |
293 | @@ -102,10 +109,6 @@ | |||
294 | 102 | reply.errorMessage(); | 109 | reply.errorMessage(); |
295 | 103 | } | 110 | } |
296 | 104 | 111 | ||
297 | 105 | if (aaProfile.toStdString() == QString("unconfined").toStdString()) | ||
298 | 106 | { | ||
299 | 107 | return QString(""); | ||
300 | 108 | } | ||
301 | 109 | return aaProfile; | 112 | return aaProfile; |
302 | 110 | } | 113 | } |
303 | 111 | 114 | ||
304 | @@ -175,4 +178,45 @@ | |||
305 | 175 | return false; | 178 | return false; |
306 | 176 | } | 179 | } |
307 | 177 | 180 | ||
308 | 181 | int query_file(const char *label, const char *path, int *allowed) | ||
309 | 182 | { | ||
310 | 183 | int rc, audited; | ||
311 | 184 | char *query; | ||
312 | 185 | |||
313 | 186 | /* + 1 for null separator and then + 1 AA_CLASS_FILE */ | ||
314 | 187 | int label_size = strlen(label); | ||
315 | 188 | int size = label_size + 1 + strlen(path) + AA_QUERY_CMD_LABEL_SIZE + 1; | ||
316 | 189 | /* +1 for null terminator used by strcpy, yes we could drop this | ||
317 | 190 | * using memcpy */ | ||
318 | 191 | query = (char*)malloc(size + 1); | ||
319 | 192 | if (!query) | ||
320 | 193 | return -1; | ||
321 | 194 | /* we want the null terminator here */ | ||
322 | 195 | strcpy(query + AA_QUERY_CMD_LABEL_SIZE, label); | ||
323 | 196 | query[AA_QUERY_CMD_LABEL_SIZE + label_size + 1] = AA_CLASS_FILE; | ||
324 | 197 | strcpy(query + AA_QUERY_CMD_LABEL_SIZE + label_size + 2, path); | ||
325 | 198 | rc = aa_query_label(AA_MAY_READ, query, size , allowed, &audited); | ||
326 | 199 | free(query); | ||
327 | 200 | return rc; | ||
328 | 201 | } | ||
329 | 202 | |||
330 | 203 | bool check_profile_read(QString profile, QString path) | ||
331 | 204 | { | ||
332 | 205 | TRACE() << Q_FUNC_INFO << "PROFILE:" << profile; | ||
333 | 206 | |||
334 | 207 | int allowed; | ||
335 | 208 | if (query_file(profile.toStdString().c_str(), path.toStdString().c_str(), &allowed) == -1) { | ||
336 | 209 | qWarning() << "error:" << strerror(errno) << path; | ||
337 | 210 | return false; | ||
338 | 211 | } | ||
339 | 212 | |||
340 | 213 | if (allowed) { | ||
341 | 214 | TRACE() << "ALLOWED:" << QString::number(allowed); | ||
342 | 215 | return true; | ||
343 | 216 | } | ||
344 | 217 | TRACE() << "NOT ALLOWED:" << QString::number(allowed); | ||
345 | 218 | return false; | ||
346 | 219 | |||
347 | 220 | } | ||
348 | 221 | |||
349 | 178 | } | 222 | } |
350 | 179 | 223 | ||
351 | === modified file 'tests/peers/exporter/CMakeLists.txt' | |||
352 | --- tests/peers/exporter/CMakeLists.txt 2014-08-07 19:35:30 +0000 | |||
353 | +++ tests/peers/exporter/CMakeLists.txt 2015-06-02 12:46:00 +0000 | |||
354 | @@ -24,6 +24,7 @@ | |||
355 | 24 | ) | 24 | ) |
356 | 25 | 25 | ||
357 | 26 | qt5_use_modules(content-hub-test-exporter Core Gui DBus) | 26 | qt5_use_modules(content-hub-test-exporter Core Gui DBus) |
358 | 27 | pkg_check_modules(APPARMOR REQUIRED libapparmor) | ||
359 | 27 | 28 | ||
360 | 28 | set_target_properties( | 29 | set_target_properties( |
361 | 29 | content-hub-test-exporter | 30 | content-hub-test-exporter |
362 | @@ -35,6 +36,7 @@ | |||
363 | 35 | content-hub-test-exporter | 36 | content-hub-test-exporter |
364 | 36 | 37 | ||
365 | 37 | content-hub | 38 | content-hub |
366 | 39 | ${APPARMOR_LDFLAGS} | ||
367 | 38 | ) | 40 | ) |
368 | 39 | 41 | ||
369 | 40 | install( | 42 | install( |
370 | 41 | 43 | ||
371 | === modified file 'tests/peers/exporter/autoexporter.cpp' | |||
372 | --- tests/peers/exporter/autoexporter.cpp 2015-04-14 15:28:56 +0000 | |||
373 | +++ tests/peers/exporter/autoexporter.cpp 2015-06-02 12:46:00 +0000 | |||
374 | @@ -24,6 +24,12 @@ | |||
375 | 24 | hub->register_import_export_handler(this); | 24 | hub->register_import_export_handler(this); |
376 | 25 | } | 25 | } |
377 | 26 | 26 | ||
378 | 27 | void AutoExporter::setUrl(QString url) | ||
379 | 28 | { | ||
380 | 29 | qDebug() << Q_FUNC_INFO << url; | ||
381 | 30 | m_url = url; | ||
382 | 31 | } | ||
383 | 32 | |||
384 | 27 | void AutoExporter::handle_import(cuc::Transfer *transfer) | 33 | void AutoExporter::handle_import(cuc::Transfer *transfer) |
385 | 28 | { | 34 | { |
386 | 29 | qDebug() << Q_FUNC_INFO << "not implemented"; | 35 | qDebug() << Q_FUNC_INFO << "not implemented"; |
387 | @@ -42,19 +48,20 @@ | |||
388 | 42 | 48 | ||
389 | 43 | QVector<cuc::Item> items; | 49 | QVector<cuc::Item> items; |
390 | 44 | 50 | ||
396 | 45 | if (transfer->contentType() == cuc::Type::Known::contacts().id()) { | 51 | if (m_url.isEmpty()) { |
397 | 46 | items << cuc::Item(QUrl("file:///usr/share/content-hub/testability/data/Joker.vcf")); | 52 | if (transfer->contentType() == cuc::Type::Known::contacts().id()) { |
398 | 47 | 53 | items << cuc::Item(QUrl("file:///usr/share/content-hub/testability/data/Joker.vcf")); | |
399 | 48 | if (transfer->selectionType() == cuc::Transfer::SelectionType::multiple) { | 54 | if (transfer->selectionType() == cuc::Transfer::SelectionType::multiple) { |
400 | 49 | items << cuc::Item(QUrl("file:///usr/share/content-hub/testability/data/Stark,_Tony.vcf")); | 55 | items << cuc::Item(QUrl("file:///usr/share/content-hub/testability/data/Stark,_Tony.vcf")); |
401 | 56 | } | ||
402 | 57 | } else { | ||
403 | 58 | items << cuc::Item(QUrl("file:///usr/share/content-hub/testability/data/webbrowser-app.png")); | ||
404 | 59 | if (transfer->selectionType() == cuc::Transfer::SelectionType::multiple) { | ||
405 | 60 | items << cuc::Item(QUrl("file:///usr/share/content-hub/testability/data/clock.png")); | ||
406 | 61 | } | ||
407 | 50 | } | 62 | } |
408 | 51 | |||
409 | 52 | } else { | 63 | } else { |
415 | 53 | items << cuc::Item(QUrl("file:///usr/share/content-hub/testability/data/webbrowser-app.png")); | 64 | items << cuc::Item(QUrl(m_url)); |
411 | 54 | |||
412 | 55 | if (transfer->selectionType() == cuc::Transfer::SelectionType::multiple) { | ||
413 | 56 | items << cuc::Item(QUrl("file:///usr/share/content-hub/testability/data/clock.png")); | ||
414 | 57 | } | ||
416 | 58 | } | 65 | } |
417 | 59 | 66 | ||
418 | 60 | transfer->charge(items); | 67 | transfer->charge(items); |
419 | @@ -83,9 +90,11 @@ | |||
420 | 83 | 90 | ||
421 | 84 | qDebug() << Q_FUNC_INFO << "STATE:" << transfer->state(); | 91 | qDebug() << Q_FUNC_INFO << "STATE:" << transfer->state(); |
422 | 85 | 92 | ||
423 | 93 | if (transfer->state() == cuc::Transfer::aborted) | ||
424 | 94 | QCoreApplication::instance()->exit(1); | ||
425 | 86 | 95 | ||
426 | 87 | if (transfer->state() == cuc::Transfer::collected) | 96 | if (transfer->state() == cuc::Transfer::collected) |
428 | 88 | QCoreApplication::instance()->quit(); | 97 | QCoreApplication::instance()->exit(0); |
429 | 89 | } | 98 | } |
430 | 90 | 99 | ||
431 | 91 | 100 | ||
432 | 92 | 101 | ||
433 | === modified file 'tests/peers/exporter/autoexporter.h' | |||
434 | --- tests/peers/exporter/autoexporter.h 2014-08-07 18:48:10 +0000 | |||
435 | +++ tests/peers/exporter/autoexporter.h 2015-06-02 12:46:00 +0000 | |||
436 | @@ -39,6 +39,10 @@ | |||
437 | 39 | Q_INVOKABLE void handle_export(cuc::Transfer*); | 39 | Q_INVOKABLE void handle_export(cuc::Transfer*); |
438 | 40 | Q_INVOKABLE void handle_share(cuc::Transfer*); | 40 | Q_INVOKABLE void handle_share(cuc::Transfer*); |
439 | 41 | Q_INVOKABLE void stateChanged(); | 41 | Q_INVOKABLE void stateChanged(); |
440 | 42 | void setUrl(QString); | ||
441 | 43 | |||
442 | 44 | private: | ||
443 | 45 | QString m_url; | ||
444 | 42 | }; | 46 | }; |
445 | 43 | 47 | ||
446 | 44 | #endif // AUTOEXPORTER_H | 48 | #endif // AUTOEXPORTER_H |
447 | 45 | 49 | ||
448 | === modified file 'tests/peers/exporter/exporter.cpp' | |||
449 | --- tests/peers/exporter/exporter.cpp 2014-08-07 18:48:10 +0000 | |||
450 | +++ tests/peers/exporter/exporter.cpp 2015-06-02 12:46:00 +0000 | |||
451 | @@ -18,6 +18,8 @@ | |||
452 | 18 | 18 | ||
453 | 19 | #include <QCoreApplication> | 19 | #include <QCoreApplication> |
454 | 20 | #include <QStringList> | 20 | #include <QStringList> |
455 | 21 | #include <QUrl> | ||
456 | 22 | #include <sys/apparmor.h> | ||
457 | 21 | 23 | ||
458 | 22 | #include "autoexporter.h" | 24 | #include "autoexporter.h" |
459 | 23 | 25 | ||
460 | @@ -30,12 +32,26 @@ | |||
461 | 30 | qputenv("APP_ID", "content-hub-test-exporter"); | 32 | qputenv("APP_ID", "content-hub-test-exporter"); |
462 | 31 | } | 33 | } |
463 | 32 | 34 | ||
467 | 33 | AutoExporter exporter; | 35 | QString peerName, url, profile; |
465 | 34 | |||
466 | 35 | QString peerName; | ||
468 | 36 | 36 | ||
469 | 37 | if (a.arguments().size() > 1) | 37 | if (a.arguments().size() > 1) |
470 | 38 | peerName = a.arguments().at(1); | 38 | peerName = a.arguments().at(1); |
471 | 39 | if (a.arguments().size() > 2) | ||
472 | 40 | url = a.arguments().at(2); | ||
473 | 41 | if (a.arguments().size() > 3) | ||
474 | 42 | profile = a.arguments().at(3); | ||
475 | 43 | |||
476 | 44 | if (not profile.isEmpty()) { | ||
477 | 45 | int ret = 2; | ||
478 | 46 | ret = aa_change_profile(profile.toStdString().c_str()); | ||
479 | 47 | if (ret != 0) | ||
480 | 48 | return 1; | ||
481 | 49 | } | ||
482 | 50 | |||
483 | 51 | AutoExporter exporter; | ||
484 | 52 | |||
485 | 53 | if (not url.isEmpty()) | ||
486 | 54 | exporter.setUrl(url); | ||
487 | 39 | 55 | ||
488 | 40 | if (!peerName.isEmpty()) | 56 | if (!peerName.isEmpty()) |
489 | 41 | { | 57 | { |
Haven't tested yet, but the code looks good (with one small query about some potential redundancy in diff comments)