Merge pull request #6153 from kmk3/firecfg-ignorelist-extra

firecfg: use ignorelist also for .profile/.desktop files
netblue30 · Jan 19, 2024 · 39fbb6b · 39fbb6b
2 parents bc47419 + a9c851e
commit 39fbb6b
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 26 deletions.
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
@@ -118,6 +118,9 @@ void fix_desktop_files(const char *homedir) {
 		exit(1);
 	}
 
+	// build ignorelist
+	parse_config_all(0);
+
 	// destination
 	// create ~/.local/share/applications directory if necessary
 	char *user_apps_dir;
@@ -163,7 +166,8 @@ void fix_desktop_files(const char *homedir) {
 	// copy
 	struct dirent *entry;
 	while ((entry = readdir(dir)) != NULL) {
-		if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
+		const char *filename = entry->d_name;
+		if (strcmp(filename, ".") == 0 || strcmp(filename, "..") == 0)
 			continue;
 
 		// skip if not regular file or link
@@ -172,10 +176,25 @@ void fix_desktop_files(const char *homedir) {
 			continue;
 
 		// skip if not .desktop file
-		if (strstr(entry->d_name,".desktop") != (entry->d_name+strlen(entry->d_name)-8))
+		char *exec = strdup(filename);
+		if (!exec)
+			errExit("strdup");
+		char *ptr = strstr(exec, ".desktop");
+		if (ptr == NULL || *(ptr + 8) != '\0') {
+			printf("   %s skipped (not a .desktop file)\n", exec);
+			free(exec);
 			continue;
+		}
+
+		// skip if program is in ignorelist
+		*ptr = '\0';
+		if (in_ignorelist(exec)) {
+			printf("   %s ignored\n", exec);
+			free(exec);
+			continue;
+		}
 
-		char *filename = entry->d_name;
+		free(exec);
 
 		// skip links - Discord on Arch #4235 seems to be a symlink to /opt directory
 //		if (is_link(filename))
@@ -221,7 +240,7 @@ void fix_desktop_files(const char *homedir) {
 		}
 
 		// get executable name
-		char *ptr = strstr(buf,"\nExec=");
+		ptr = strstr(buf,"\nExec=");
 		if (!ptr || strlen(ptr) < 7) {
 			if (arg_debug)
 				printf("   %s - skipped: wrong format?\n", filename);

diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h
@@ -50,6 +50,8 @@
 
 // main.c
 extern int arg_debug;
+int in_ignorelist(const char *const str);
+void parse_config_all(int do_symlink);
 
 // util.c
 int which(const char *program);

diff --git a/src/firecfg/main.c b/src/firecfg/main.c
@@ -25,6 +25,7 @@
 int arg_debug = 0;
 char *arg_bindir = "/usr/local/bin";
 int arg_guide = 0;
+int done_config = 0;
 
 static const char *const usage_str =
 	"Firecfg is the desktop configuration utility for Firejail software. The utility\n"
@@ -166,7 +167,7 @@ static int append_ignorelist(const char *const str) {
 	return 1;
 }
 
-static int in_ignorelist(const char *const str) {
+int in_ignorelist(const char *const str) {
 	assert(str);
 	int i;
 	for (i = 0; i < ignorelist_len; i++) {
@@ -202,8 +203,11 @@ static void set_file(const char *name, const char *firejail_exec) {
 }
 
 // parse a single config file
-static void set_links_firecfg(const char *cfgfile) {
-	printf("Configuring symlinks in %s based on %s\n", arg_bindir, cfgfile);
+static void parse_config_file(const char *cfgfile, int do_symlink) {
+	if (do_symlink)
+		printf("Configuring symlinks in %s\n", arg_bindir);
+
+	printf("Parsing %s\n", cfgfile);
 
 	FILE *fp = fopen(cfgfile, "r");
 	if (!fp) {
@@ -246,19 +250,23 @@ static void set_links_firecfg(const char *cfgfile) {
 			continue;
 		}
 
+		// skip ignored programs
+		if (in_ignorelist(start)) {
+			printf("   %s ignored\n", start);
+			continue;
+		}
+
 		// set link
-		if (!in_ignorelist(start))
+		if (do_symlink)
 			set_file(start, FIREJAIL_EXEC);
-		else
-			printf("   %s ignored\n", start);
 	}
 
 	fclose(fp);
 	printf("\n");
 }
 
 // parse all config files matching pattern
-static void set_links_firecfg_glob(const char *pattern) {
+static void parse_config_glob(const char *pattern, int do_symlink) {
 	printf("Looking for config files in %s\n", pattern);
 
 	glob_t globbuf;
@@ -274,11 +282,23 @@ static void set_links_firecfg_glob(const char *pattern) {
 
 	size_t i;
 	for (i = 0; i < globbuf.gl_pathc; i++)
-		set_links_firecfg(globbuf.gl_pathv[i]);
+		parse_config_file(globbuf.gl_pathv[i], do_symlink);
 out:
 	globfree(&globbuf);
 }
 
+// parse all config files
+// do_symlink 0 just builds the ignorelist, 1 creates the symlinks
+void parse_config_all(int do_symlink) {
+	if (done_config)
+		return;
+
+	parse_config_glob(FIRECFG_CONF_GLOB, do_symlink);
+	parse_config_file(FIRECFG_CFGFILE, do_symlink);
+
+	done_config = 1;
+}
+
 // parse ~/.config/firejail/ directory
 static void set_links_homedir(const char *homedir) {
 	assert(homedir);
@@ -314,17 +334,19 @@ static void set_links_homedir(const char *homedir) {
 		if (!exec)
 			errExit("strdup");
 		char *ptr = strrchr(exec, '.');
-		if (!ptr) {
-			free(exec);
-			continue;
-		}
-		if (strcmp(ptr, ".profile") != 0) {
-			free(exec);
-			continue;
-		}
+		if (!ptr)
+			goto next;
+		if (strcmp(ptr, ".profile") != 0)
+			goto next;
 
 		*ptr = '\0';
+		if (in_ignorelist(exec)) {
+			printf("   %s ignored\n", exec);
+			goto next;
+		}
+
 		set_file(exec, FIREJAIL_EXEC);
+next:
 		free(exec);
 	}
 	closedir(dir);
@@ -518,11 +540,8 @@ int main(int argc, char **argv) {
 	// clear all symlinks
 	clean();
 
-	// set new symlinks based on .conf files
-	set_links_firecfg_glob(FIRECFG_CONF_GLOB);
-
-	// set new symlinks based on firecfg.config
-	set_links_firecfg(FIRECFG_CFGFILE);
+	// set new symlinks based on config files
+	parse_config_all(1);
 
 	if (getuid() == 0) {
 		// add user to firejail access database - only for root

diff --git a/src/man/firecfg.1.in b/src/man/firecfg.1.in
@@ -168,7 +168,7 @@ Configuration file syntax:
 A line that starts with \fB#\fR is considered a comment.
 .br
 A line that starts with \fB!PROGRAM\fR means to ignore "PROGRAM" when creating
-symlinks.
+symlinks and fixing .desktop files.
 .br
 A line that starts with anything else is considered to be the name of an
 executable and firecfg will attempt to create a symlink for it.