Retrieve Application ID from PID's cgroup

This commit adds an optional dependency on libsystemd and, when available, uses it to attempt to find an application ID even for processes which are not Snap or Flatpak sandboxes. This is not always successful, so we still need to handle the case of an empty app ID for an XdpAppInfo. Since this is not a perfect solution for finding the app ID, we may eventually want to introduce a way for *unsandboxed* processes to specify their own app ID, perhaps a portal-wide SetAppID() method. This is analogous to the security model gnome-shell has: if a process is sandboxed use that app ID, and otherwise use information that is under the control of the application (e.g. WM_CLASS, GApplication ID, etc.). Helps: #579 (Originally authored by Carlo Castoldi, re-done by Phaedrus Leeds)
flatpak · Mar 11, 2022 · 7b8af12 · 7b8af12
1 parent 9b0c9d4
commit 7b8af12
Show file tree

Hide file tree

Showing 11 changed files with 543 additions and 18 deletions.
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -62,7 +62,7 @@ jobs:
           gtk-doc-tools shared-mime-info desktop-file-utils gnome-desktop-testing \
           fuse3 libflatpak-dev libglib2.0-dev libgeoclue-2-dev libjson-glib-dev \
           libfontconfig1-dev libfuse3-dev libportal-dev libpipewire-0.3-dev \
-          llvm libgdk-pixbuf-2.0-dev
+          llvm libgdk-pixbuf-2.0-dev libsystemd-dev
 
     - name: Check out xdg-desktop-portal
       uses: actions/checkout@v2
@@ -124,7 +124,7 @@ jobs:
         apt-get install -y automake autoconf libtool gettext autopoint gcc \
           gtk-doc-tools shared-mime-info desktop-file-utils \
           libglib2.0-dev libjson-glib-dev libfontconfig1-dev \
-          libgdk-pixbuf2.0-dev
+          libgdk-pixbuf2.0-dev libsystemd-dev
 
     - name: Install libfuse3
       run: |

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -19,7 +19,7 @@ jobs:
           gtk-doc-tools shared-mime-info desktop-file-utils gnome-desktop-testing \
           xmlto fuse3 libflatpak-dev libglib2.0-dev libgeoclue-2-dev libjson-glib-dev \
           libfontconfig1-dev libfuse3-dev libportal-dev libpipewire-0.3-dev \
-          libgdk-pixbuf2.0-dev
+          libgdk-pixbuf2.0-dev libsystemd-dev
 
       - name: Check out xdg-desktop-portal
         uses: actions/checkout@v2

diff --git a/configure.ac b/configure.ac
@@ -102,6 +102,15 @@ if test x$enable_pipewire = xyes ; then
 fi
 AM_CONDITIONAL([HAVE_PIPEWIRE],[test "$enable_pipewire" = "yes"])
 
+AC_ARG_WITH([systemd],
+            AS_HELP_STRING([--with-systemd], [Build with systemd support [default=yes]]),
+            [], [with_systemd=yes])
+if test "x$with_systemd" = "xyes"; then
+	PKG_CHECK_MODULES(SYSTEMD, [libsystemd])
+	AC_DEFINE([HAVE_LIBSYSTEMD], [1], [Define if libsystemd is available])
+fi
+AM_CONDITIONAL([HAVE_LIBSYSTEMD], [test "x$with_systemd" != "xno"])
+
 AC_ARG_ENABLE(docbook-docs,
         [AS_HELP_STRING([--enable-docbook-docs],[build documentation (requires xmlto)])],
         enable_docbook_docs=$enableval, enable_docbook_docs=auto)

diff --git a/document-portal/Makefile.am.inc b/document-portal/Makefile.am.inc
@@ -67,14 +67,16 @@ DB_SOURCES = \
 xdg_permission_store_SOURCES = \
 	src/xdp-utils.c	\
 	src/xdp-utils.h	\
+	src/sd-escape.c	\
+	src/sd-escape.h	\
 	document-portal/permission-store.c	\
 	document-portal/xdg-permission-store.c	\
 	document-portal/xdg-permission-store.h	\
 	$(DB_SOURCES) \
 	$(NULL)
 
-xdg_permission_store_LDADD = $(AM_LDADD) $(BASE_LIBS)
-xdg_permission_store_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal
+xdg_permission_store_LDADD = $(AM_LDADD) $(BASE_LIBS) $(SYSTEMD_LIBS)
+xdg_permission_store_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) $(SYSTEMD_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal
 
 nodist_xdg_document_portal_SOURCES = \
 	$(nodist_xdg_permission_store_SOURCES) \
@@ -88,6 +90,8 @@ CLEANFILES += $(nodist_xdg_document_portal_SOURCES)
 xdg_document_portal_SOURCES = \
 	src/xdp-utils.c	\
 	src/xdp-utils.h	\
+	src/sd-escape.c	\
+	src/sd-escape.h	\
 	document-portal/document-portal.h		\
 	document-portal/document-portal.c		\
 	document-portal/file-transfer.h			\
@@ -100,5 +104,5 @@ xdg_document_portal_SOURCES = \
 	$(DB_SOURCES) \
 	$(NULL)
 
-xdg_document_portal_LDADD = $(AM_LDADD) $(BASE_LIBS) $(FUSE3_LIBS)
-xdg_document_portal_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS)  $(FUSE3_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal
+xdg_document_portal_LDADD = $(AM_LDADD) $(BASE_LIBS) $(FUSE3_LIBS) $(SYSTEMD_LIBS)
+xdg_document_portal_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS)  $(FUSE3_CFLAGS) $(SYSTEMD_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal
diff --git a/src/Makefile.am.inc b/src/Makefile.am.inc
@@ -125,6 +125,13 @@ xdg_desktop_portal_SOURCES = \
 	src/portal-impl.c		\
 	$(NULL)
 
+if HAVE_LIBSYSTEMD
+xdg_desktop_portal_SOURCES += \
+	src/sd-escape.c		\
+	src/sd-escape.h		\
+	$(NULL)
+endif
+
 if HAVE_PIPEWIRE
 xdg_desktop_portal_SOURCES += \
 	src/screen-cast.c		\
@@ -149,6 +156,7 @@ xdg_desktop_portal_LDADD = \
 	$(BASE_LIBS) \
 	$(PIPEWIRE_LIBS) \
 	$(GEOCLUE_LIBS) \
+	$(SYSTEMD_LIBS) \
 	$(NULL)
 xdg_desktop_portal_CFLAGS = \
 	-DDATADIR=\"$(datadir)\" \
@@ -157,6 +165,7 @@ xdg_desktop_portal_CFLAGS = \
 	$(BASE_CFLAGS) \
 	$(PIPEWIRE_CFLAGS) \
 	$(GEOCLUE_CFLAGS) \
+	$(SYSTEMD_CFLAGS) \
 	-I$(srcdir)/src \
 	-I$(builddir)/src \
 	-I$(srcdir)/document-portal \