shell/window-tracker: Enforce prefix for sandboxed applications
At least flatpak (no idea about snap, sorry) enforces that all .desktop files exported by a sandboxed app use the application ID as prefix. Add the same check when trying to find a match based on the WM_CLASS, to prevent sandboxed apps from matching a .desktop file they do not own. At the moment this is unlikely as we check for a match on the sandboxed app ID first, but we are about to change that. https://gitlab.gnome.org/GNOME/gnome-shell/issues/219
This commit is contained in:
parent
bf47d1b22d
commit
b60836932a
@ -119,6 +119,16 @@ shell_window_tracker_class_init (ShellWindowTrackerClass *klass)
|
|||||||
G_TYPE_NONE, 0);
|
G_TYPE_NONE, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static gboolean
|
||||||
|
check_app_id_prefix (ShellApp *app,
|
||||||
|
const char *prefix)
|
||||||
|
{
|
||||||
|
if (prefix == NULL)
|
||||||
|
return TRUE;
|
||||||
|
|
||||||
|
return g_str_has_prefix (shell_app_get_id (app), prefix);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* get_app_from_window_wmclass:
|
* get_app_from_window_wmclass:
|
||||||
*
|
*
|
||||||
@ -135,8 +145,10 @@ get_app_from_window_wmclass (MetaWindow *window)
|
|||||||
ShellAppSystem *appsys;
|
ShellAppSystem *appsys;
|
||||||
const char *wm_class;
|
const char *wm_class;
|
||||||
const char *wm_instance;
|
const char *wm_instance;
|
||||||
|
const char *sandbox_id;
|
||||||
|
|
||||||
appsys = shell_app_system_get_default ();
|
appsys = shell_app_system_get_default ();
|
||||||
|
sandbox_id = meta_window_get_sandboxed_app_id (window);
|
||||||
|
|
||||||
/* Notes on the heuristics used here:
|
/* Notes on the heuristics used here:
|
||||||
much of the complexity here comes from the desire to support
|
much of the complexity here comes from the desire to support
|
||||||
@ -176,23 +188,23 @@ get_app_from_window_wmclass (MetaWindow *window)
|
|||||||
/* first try a match from WM_CLASS (instance part) to StartupWMClass */
|
/* first try a match from WM_CLASS (instance part) to StartupWMClass */
|
||||||
wm_instance = meta_window_get_wm_class_instance (window);
|
wm_instance = meta_window_get_wm_class_instance (window);
|
||||||
app = shell_app_system_lookup_startup_wmclass (appsys, wm_instance);
|
app = shell_app_system_lookup_startup_wmclass (appsys, wm_instance);
|
||||||
if (app != NULL)
|
if (app != NULL && check_app_id_prefix (app, sandbox_id))
|
||||||
return g_object_ref (app);
|
return g_object_ref (app);
|
||||||
|
|
||||||
/* then try a match from WM_CLASS to StartupWMClass */
|
/* then try a match from WM_CLASS to StartupWMClass */
|
||||||
wm_class = meta_window_get_wm_class (window);
|
wm_class = meta_window_get_wm_class (window);
|
||||||
app = shell_app_system_lookup_startup_wmclass (appsys, wm_class);
|
app = shell_app_system_lookup_startup_wmclass (appsys, wm_class);
|
||||||
if (app != NULL)
|
if (app != NULL && check_app_id_prefix (app, sandbox_id))
|
||||||
return g_object_ref (app);
|
return g_object_ref (app);
|
||||||
|
|
||||||
/* then try a match from WM_CLASS (instance part) to .desktop */
|
/* then try a match from WM_CLASS (instance part) to .desktop */
|
||||||
app = shell_app_system_lookup_desktop_wmclass (appsys, wm_instance);
|
app = shell_app_system_lookup_desktop_wmclass (appsys, wm_instance);
|
||||||
if (app != NULL)
|
if (app != NULL && check_app_id_prefix (app, sandbox_id))
|
||||||
return g_object_ref (app);
|
return g_object_ref (app);
|
||||||
|
|
||||||
/* finally, try a match from WM_CLASS to .desktop */
|
/* finally, try a match from WM_CLASS to .desktop */
|
||||||
app = shell_app_system_lookup_desktop_wmclass (appsys, wm_class);
|
app = shell_app_system_lookup_desktop_wmclass (appsys, wm_class);
|
||||||
if (app != NULL)
|
if (app != NULL && check_app_id_prefix (app, sandbox_id))
|
||||||
return g_object_ref (app);
|
return g_object_ref (app);
|
||||||
|
|
||||||
return NULL;
|
return NULL;
|
||||||
|
Loading…
Reference in New Issue
Block a user