From c79251101d401b59f29f5a18a069eeb84e6e610f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Fri, 3 Jul 2020 16:59:07 +0200
Subject: [PATCH] shell/window-tracker: Enforce prefix for sandboxed
 applications

At least flatpak (no idea about snap, sorry) enforces that all .desktop
files exported by a sandboxed app use the application ID as prefix.

Add the same check when trying to find a match based on the WM_CLASS,
to prevent sandboxed apps from matching a .desktop file they do not
own.

At the moment this is unlikely as we check for a match on the
sandboxed app ID first, but we are about to change that.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/219
---
 src/shell-window-tracker.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/shell-window-tracker.c b/src/shell-window-tracker.c
index 55637da84..80763310b 100644
--- a/src/shell-window-tracker.c
+++ b/src/shell-window-tracker.c
@@ -119,6 +119,16 @@ shell_window_tracker_class_init (ShellWindowTrackerClass *klass)
                                                    G_TYPE_NONE, 0);
 }
 
+static gboolean
+check_app_id_prefix (ShellApp   *app,
+                     const char *prefix)
+{
+  if (prefix == NULL)
+    return TRUE;
+
+  return g_str_has_prefix (shell_app_get_id (app), prefix);
+}
+
 /*
  * get_app_from_window_wmclass:
  *
@@ -135,8 +145,10 @@ get_app_from_window_wmclass (MetaWindow  *window)
   ShellAppSystem *appsys;
   const char *wm_class;
   const char *wm_instance;
+  const char *sandbox_id;
 
   appsys = shell_app_system_get_default ();
+  sandbox_id = meta_window_get_sandboxed_app_id (window);
 
   /* Notes on the heuristics used here:
      much of the complexity here comes from the desire to support
@@ -176,23 +188,23 @@ get_app_from_window_wmclass (MetaWindow  *window)
   /* first try a match from WM_CLASS (instance part) to StartupWMClass */
   wm_instance = meta_window_get_wm_class_instance (window);
   app = shell_app_system_lookup_startup_wmclass (appsys, wm_instance);
-  if (app != NULL)
+  if (app != NULL && check_app_id_prefix (app, sandbox_id))
     return g_object_ref (app);
 
   /* then try a match from WM_CLASS to StartupWMClass */
   wm_class = meta_window_get_wm_class (window);
   app = shell_app_system_lookup_startup_wmclass (appsys, wm_class);
-  if (app != NULL)
+  if (app != NULL && check_app_id_prefix (app, sandbox_id))
     return g_object_ref (app);
 
   /* then try a match from WM_CLASS (instance part) to .desktop */
   app = shell_app_system_lookup_desktop_wmclass (appsys, wm_instance);
-  if (app != NULL)
+  if (app != NULL && check_app_id_prefix (app, sandbox_id))
     return g_object_ref (app);
 
   /* finally, try a match from WM_CLASS to .desktop */
   app = shell_app_system_lookup_desktop_wmclass (appsys, wm_class);
-  if (app != NULL)
+  if (app != NULL && check_app_id_prefix (app, sandbox_id))
     return g_object_ref (app);
 
   return NULL;