Blame SOURCES/udisks2-Handle-lockdown-option-to-disable-writing.patch

7d234d
From 9fdd59cfda93b508e76770146a8295d0a26b175d Mon Sep 17 00:00:00 2001
7d234d
From: Ondrej Holy <oholy@redhat.com>
7d234d
Date: Tue, 14 May 2019 08:46:48 +0200
7d234d
Subject: [PATCH 1/3] udisks2: Handle lockdown option to disable writing
7d234d
7d234d
Handle the new mount-removable-storage-devices-as-read-only option of
7d234d
org.gnome.desktop.lockdown schema and mount removable devices as read-only
7d234d
if enabled.
7d234d
---
7d234d
 monitor/udisks2/gvfsudisks2volume.c        |  8 +++++
7d234d
 monitor/udisks2/gvfsudisks2volumemonitor.c | 34 ++++++++++++++++++++++
7d234d
 monitor/udisks2/gvfsudisks2volumemonitor.h |  1 +
7d234d
 3 files changed, 43 insertions(+)
7d234d
7d234d
diff --git a/monitor/udisks2/gvfsudisks2volume.c b/monitor/udisks2/gvfsudisks2volume.c
7d234d
index a509b5dd..b2545058 100644
7d234d
--- a/monitor/udisks2/gvfsudisks2volume.c
7d234d
+++ b/monitor/udisks2/gvfsudisks2volume.c
7d234d
@@ -1093,6 +1093,7 @@ do_mount (GTask *task)
7d234d
 {
7d234d
   MountData *data = g_task_get_task_data (task);
7d234d
   GVariantBuilder builder;
7d234d
+  GVfsUDisks2Volume *volume = g_task_get_source_object (task);
7d234d
 
7d234d
   g_variant_builder_init (&builder, G_VARIANT_TYPE_VARDICT);
7d234d
   if (data->mount_operation == NULL)
7d234d
@@ -1101,6 +1102,13 @@ do_mount (GTask *task)
7d234d
                              "{sv}",
7d234d
                              "auth.no_user_interaction", g_variant_new_boolean (TRUE));
7d234d
     }
7d234d
+  if (gvfs_udisks2_volume_monitor_get_readonly_lockdown (volume->monitor))
7d234d
+    {
7d234d
+      g_variant_builder_add (&builder,
7d234d
+                             "{sv}",
7d234d
+                             "options", g_variant_new_string ("ro"));
7d234d
+
7d234d
+    }
7d234d
   udisks_filesystem_call_mount (data->filesystem_to_mount,
7d234d
                                 g_variant_builder_end (&builder),
7d234d
                                 g_task_get_cancellable (task),
7d234d
diff --git a/monitor/udisks2/gvfsudisks2volumemonitor.c b/monitor/udisks2/gvfsudisks2volumemonitor.c
7d234d
index 0a5ce96e..37c81fcf 100644
7d234d
--- a/monitor/udisks2/gvfsudisks2volumemonitor.c
7d234d
+++ b/monitor/udisks2/gvfsudisks2volumemonitor.c
7d234d
@@ -65,6 +65,9 @@ struct _GVfsUDisks2VolumeMonitor
7d234d
   /* we keep volumes/mounts for blank and audio discs separate to handle e.g. mixed discs properly */
7d234d
   GList *disc_volumes;
7d234d
   GList *disc_mounts;
7d234d
+
7d234d
+  GSettings *lockdown_settings;
7d234d
+  gboolean readonly_lockdown;
7d234d
 };
7d234d
 
7d234d
 static UDisksClient *get_udisks_client_sync (GError **error);
7d234d
@@ -140,6 +143,8 @@ gvfs_udisks2_volume_monitor_finalize (GObject *object)
7d234d
   g_list_free_full (monitor->disc_volumes, g_object_unref);
7d234d
   g_list_free_full (monitor->disc_mounts, g_object_unref);
7d234d
 
7d234d
+  g_clear_object (&monitor->lockdown_settings);
7d234d
+
7d234d
   G_OBJECT_CLASS (gvfs_udisks2_volume_monitor_parent_class)->finalize (object);
7d234d
 }
7d234d
 
7d234d
@@ -304,6 +309,17 @@ gvfs_udisks2_volume_monitor_constructor (GType                  type,
7d234d
   return ret;
7d234d
 }
7d234d
 
7d234d
+static void
7d234d
+lockdown_settings_changed (GSettings *settings,
7d234d
+                           gchar     *key,
7d234d
+                           gpointer   user_data)
7d234d
+{
7d234d
+  GVfsUDisks2VolumeMonitor *monitor = GVFS_UDISKS2_VOLUME_MONITOR (user_data);
7d234d
+
7d234d
+  monitor->readonly_lockdown = g_settings_get_boolean (settings,
7d234d
+                                                       "mount-removable-storage-devices-as-read-only");
7d234d
+}
7d234d
+
7d234d
 static void
7d234d
 gvfs_udisks2_volume_monitor_init (GVfsUDisks2VolumeMonitor *monitor)
7d234d
 {
7d234d
@@ -325,6 +341,15 @@ gvfs_udisks2_volume_monitor_init (GVfsUDisks2VolumeMonitor *monitor)
7d234d
                     G_CALLBACK (mountpoints_changed),
7d234d
                     monitor);
7d234d
 
7d234d
+  monitor->lockdown_settings = g_settings_new ("org.gnome.desktop.lockdown");
7d234d
+  monitor->readonly_lockdown = g_settings_get_boolean (monitor->lockdown_settings,
7d234d
+                                                       "mount-removable-storage-devices-as-read-only");
7d234d
+  g_signal_connect_object (monitor->lockdown_settings,
7d234d
+                           "changed",
7d234d
+                           G_CALLBACK (lockdown_settings_changed),
7d234d
+                           monitor,
7d234d
+                           0);
7d234d
+
7d234d
   update_all (monitor, FALSE, TRUE);
7d234d
 }
7d234d
 
7d234d
@@ -388,6 +413,15 @@ gvfs_udisks2_volume_monitor_get_gudev_client (GVfsUDisks2VolumeMonitor *monitor)
7d234d
 
7d234d
 /* ---------------------------------------------------------------------------------------------------- */
7d234d
 
7d234d
+gboolean
7d234d
+gvfs_udisks2_volume_monitor_get_readonly_lockdown (GVfsUDisks2VolumeMonitor *monitor)
7d234d
+{
7d234d
+  g_return_val_if_fail (GVFS_IS_UDISKS2_VOLUME_MONITOR (monitor), FALSE);
7d234d
+  return monitor->readonly_lockdown;
7d234d
+}
7d234d
+
7d234d
+/* ---------------------------------------------------------------------------------------------------- */
7d234d
+
7d234d
 void
7d234d
 gvfs_udisks2_volume_monitor_update (GVfsUDisks2VolumeMonitor *monitor)
7d234d
 {
7d234d
diff --git a/monitor/udisks2/gvfsudisks2volumemonitor.h b/monitor/udisks2/gvfsudisks2volumemonitor.h
7d234d
index 7f0215dc..751a0236 100644
7d234d
--- a/monitor/udisks2/gvfsudisks2volumemonitor.h
7d234d
+++ b/monitor/udisks2/gvfsudisks2volumemonitor.h
7d234d
@@ -49,6 +49,7 @@ GVolumeMonitor *gvfs_udisks2_volume_monitor_new               (void);
7d234d
 UDisksClient   *gvfs_udisks2_volume_monitor_get_udisks_client (GVfsUDisks2VolumeMonitor *monitor);
7d234d
 void            gvfs_udisks2_volume_monitor_update            (GVfsUDisks2VolumeMonitor *monitor);
7d234d
 GUdevClient    *gvfs_udisks2_volume_monitor_get_gudev_client  (GVfsUDisks2VolumeMonitor *monitor);
7d234d
+gboolean        gvfs_udisks2_volume_monitor_get_readonly_lockdown (GVfsUDisks2VolumeMonitor *monitor);
7d234d
 
7d234d
 G_END_DECLS
7d234d
 
7d234d
-- 
7d234d
2.21.0
7d234d