Retrieve Application ID from PID's cgroup

This commit adds an optional dependency on libsystemd and, when available, uses it to attempt to find an application ID even for processes which are not Snap or Flatpak sandboxes. This is not always successful, so we still need to handle the case of an empty app ID for an XdpAppInfo. Since this is not a perfect solution for finding the app ID, we may eventually want to introduce a way for *unsandboxed* processes to specify their own app ID, perhaps a portal-wide SetAppID() method. This is analogous to the security model gnome-shell has: if a process is sandboxed use that app ID, and otherwise use information that is under the control of the application (e.g. WM_CLASS, GApplication ID, etc.). Helps: #579 (Originally authored by Carlo Castoldi, re-done by Phaedrus Leeds)
flatpak · Mar 2, 2022 · 329d8bf · 329d8bf
1 parent 56b2fbd
commit 329d8bf
Show file tree

Hide file tree

Showing 9 changed files with 482 additions and 17 deletions.
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -62,7 +62,7 @@ jobs:
           gtk-doc-tools shared-mime-info desktop-file-utils gnome-desktop-testing \
           fuse3 libflatpak-dev libglib2.0-dev libgeoclue-2-dev libjson-glib-dev \
           libfontconfig1-dev libfuse3-dev libportal-dev libpipewire-0.3-dev \
-          llvm
+          llvm libsystemd-dev
 
     - name: Check out xdg-desktop-portal
       uses: actions/checkout@v2
@@ -123,7 +123,8 @@ jobs:
         add-apt-repository ppa:alexlarsson/flatpak
         apt-get install -y automake autoconf libtool gettext autopoint gcc \
           gtk-doc-tools shared-mime-info desktop-file-utils \
-          libglib2.0-dev libjson-glib-dev libfontconfig1-dev
+          libglib2.0-dev libjson-glib-dev libfontconfig1-dev \
+          libsystemd-dev
 
     - name: Install libfuse3
       run: |

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -18,7 +18,8 @@ jobs:
           make automake autoconf libtool gettext autopoint gcc git ca-certificates \
           gtk-doc-tools shared-mime-info desktop-file-utils gnome-desktop-testing \
           xmlto fuse3 libflatpak-dev libglib2.0-dev libgeoclue-2-dev libjson-glib-dev \
-          libfontconfig1-dev libfuse3-dev libportal-dev libpipewire-0.3-dev
+          libfontconfig1-dev libfuse3-dev libportal-dev libpipewire-0.3-dev \
+          libsystemd-dev
 
       - name: Check out xdg-desktop-portal
         uses: actions/checkout@v2

diff --git a/configure.ac b/configure.ac
@@ -102,6 +102,15 @@ if test x$enable_pipewire = xyes ; then
 fi
 AM_CONDITIONAL([HAVE_PIPEWIRE],[test "$enable_pipewire" = "yes"])
 
+AC_ARG_WITH([systemd],
+            AS_HELP_STRING([--with-systemd], [Build with systemd support [default=yes]]),
+            [], [with_systemd=yes])
+if test "x$with_systemd" = "xyes"; then
+	PKG_CHECK_MODULES(SYSTEMD, [libsystemd])
+	AC_DEFINE([HAVE_LIBSYSTEMD], [1], [Define if libsystemd is available])
+fi
+AM_CONDITIONAL([HAVE_LIBSYSTEMD], [test "x$with_systemd" != "xno"])
+
 AC_ARG_ENABLE(docbook-docs,
         [AS_HELP_STRING([--enable-docbook-docs],[build documentation (requires xmlto)])],
         enable_docbook_docs=$enableval, enable_docbook_docs=auto)

diff --git a/document-portal/Makefile.am.inc b/document-portal/Makefile.am.inc
@@ -67,14 +67,16 @@ DB_SOURCES = \
 xdg_permission_store_SOURCES = \
 	src/xdp-utils.c	\
 	src/xdp-utils.h	\
+	src/sd-escape.c	\
+	src/sd-escape.h	\
 	document-portal/permission-store.c	\
 	document-portal/xdg-permission-store.c	\
 	document-portal/xdg-permission-store.h	\
 	$(DB_SOURCES) \
 	$(NULL)
 
-xdg_permission_store_LDADD = $(AM_LDADD) $(BASE_LIBS)
-xdg_permission_store_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal
+xdg_permission_store_LDADD = $(AM_LDADD) $(BASE_LIBS) $(SYSTEMD_LIBS)
+xdg_permission_store_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) $(SYSTEMD_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal
 
 nodist_xdg_document_portal_SOURCES = \
 	$(nodist_xdg_permission_store_SOURCES) \
@@ -88,6 +90,8 @@ CLEANFILES += $(nodist_xdg_document_portal_SOURCES)
 xdg_document_portal_SOURCES = \
 	src/xdp-utils.c	\
 	src/xdp-utils.h	\
+	src/sd-escape.c	\
+	src/sd-escape.h	\
 	document-portal/document-portal.h		\
 	document-portal/document-portal.c		\
 	document-portal/file-transfer.h			\
@@ -100,5 +104,5 @@ xdg_document_portal_SOURCES = \
 	$(DB_SOURCES) \
 	$(NULL)
 
-xdg_document_portal_LDADD = $(AM_LDADD) $(BASE_LIBS) $(FUSE3_LIBS)
-xdg_document_portal_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS)  $(FUSE3_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal
+xdg_document_portal_LDADD = $(AM_LDADD) $(BASE_LIBS) $(FUSE3_LIBS) $(SYSTEMD_LIBS)
+xdg_document_portal_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS)  $(FUSE3_CFLAGS) $(SYSTEMD_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal
diff --git a/src/Makefile.am.inc b/src/Makefile.am.inc
@@ -176,6 +176,13 @@ xdg_desktop_portal_SOURCES = \
 	src/portal-impl.c		\
 	$(NULL)
 
+if HAVE_LIBSYSTEMD
+xdg_desktop_portal_SOURCES += \
+	src/sd-escape.c		\
+	src/sd-escape.h		\
+	$(NULL)
+endif
+
 if HAVE_PIPEWIRE
 xdg_desktop_portal_SOURCES += \
 	src/screen-cast.c		\
@@ -200,6 +207,7 @@ xdg_desktop_portal_LDADD = \
 	$(BASE_LIBS) \
 	$(PIPEWIRE_LIBS) \
 	$(GEOCLUE_LIBS) \
+	$(SYSTEMD_LIBS) \
 	$(NULL)
 xdg_desktop_portal_CFLAGS = \
 	-DDATADIR=\"$(datadir)\" \
@@ -208,6 +216,7 @@ xdg_desktop_portal_CFLAGS = \
 	$(BASE_CFLAGS) \
 	$(PIPEWIRE_CFLAGS) \
 	$(GEOCLUE_CFLAGS) \
+	$(SYSTEMD_CFLAGS) \
 	-I$(srcdir)/src \
 	-I$(builddir)/src \
 	-I$(srcdir)/document-portal \