1 /* GIO - GLib Input, Output and Streaming Library
3 * Copyright 2016 Red Hat, Inc.
5 * SPDX-License-Identifier: LGPL-2.1-or-later
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General
18 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include "glib-private.h"
24 #include "gportalsupport.h"
27 static GSandboxType sandbox_type = G_SANDBOX_TYPE_UNKNOWN;
28 static gboolean use_portal;
29 static gboolean network_available;
30 static gboolean dconf_access;
32 #ifdef G_PORTAL_SUPPORT_TEST
33 static const char *snapctl = "snapctl";
35 static const char *snapctl = "/usr/bin/snapctl";
39 snap_plug_is_connected (const gchar *plug_name)
42 const gchar *argv[] = { snapctl, "is-connected", plug_name, NULL };
44 /* Bail out if our process is privileged - we don't want to pass those
45 * privileges to snapctl. It could be overridden and this would
46 * allow arbitrary code execution.
48 if (GLIB_PRIVATE_CALL (g_check_setuid) ())
51 if (!g_spawn_sync (NULL, (gchar **) argv, NULL,
52 #ifdef G_PORTAL_SUPPORT_TEST
55 G_SPAWN_STDOUT_TO_DEV_NULL |
56 G_SPAWN_STDERR_TO_DEV_NULL,
57 NULL, NULL, NULL, NULL, &wait_status,
61 return g_spawn_check_wait_status (wait_status, NULL);
65 sandbox_info_read (void)
67 static gsize sandbox_info_is_read = 0;
69 /* Sandbox type and Flatpak info is static, so only read once */
70 if (!g_once_init_enter (&sandbox_info_is_read))
73 sandbox_type = glib_get_sandbox_type ();
77 case G_SANDBOX_TYPE_FLATPAK:
80 const char *keyfile_path = "/.flatpak-info";
83 network_available = FALSE;
86 keyfile = g_key_file_new ();
88 #ifdef G_PORTAL_SUPPORT_TEST
90 g_build_filename (g_get_user_runtime_dir (), keyfile_path, NULL);
91 keyfile_path = test_key_file;
94 if (g_key_file_load_from_file (keyfile, keyfile_path, G_KEY_FILE_NONE, NULL))
97 char *dconf_policy = NULL;
99 shared = g_key_file_get_string_list (keyfile, "Context", "shared", NULL, NULL);
102 network_available = g_strv_contains ((const char *const *) shared, "network");
106 dconf_policy = g_key_file_get_string (keyfile, "Session Bus Policy", "ca.desrt.dconf", NULL);
109 if (strcmp (dconf_policy, "talk") == 0)
111 g_free (dconf_policy);
115 #ifdef G_PORTAL_SUPPORT_TEST
116 g_clear_pointer (&test_key_file, g_free);
119 g_key_file_unref (keyfile);
122 case G_SANDBOX_TYPE_SNAP:
124 case G_SANDBOX_TYPE_UNKNOWN:
128 var = g_getenv ("GTK_USE_PORTAL");
129 if (var && var[0] == '1')
131 network_available = TRUE;
137 g_once_init_leave (&sandbox_info_is_read, 1);
141 glib_should_use_portal (void)
143 sandbox_info_read ();
145 if (sandbox_type == G_SANDBOX_TYPE_SNAP)
146 return snap_plug_is_connected ("desktop");
152 glib_network_available_in_sandbox (void)
154 sandbox_info_read ();
156 if (sandbox_type == G_SANDBOX_TYPE_SNAP)
158 /* FIXME: This is inefficient doing multiple calls to check connections.
159 * See https://github.com/snapcore/snapd/pull/12301 for a proposed
160 * improvement to snapd for this.
162 return snap_plug_is_connected ("desktop") ||
163 snap_plug_is_connected ("network-status");
166 return network_available;
170 glib_has_dconf_access_in_sandbox (void)
172 sandbox_info_read ();
174 if (sandbox_type == G_SANDBOX_TYPE_SNAP)
175 return snap_plug_is_connected ("gsettings");