From 3b70954e716ba065f83825c9f46ca349b6d4b331 Mon Sep 17 00:00:00 2001 From: Tomeu Vizoso Date: Wed, 07 Nov 2007 21:57:28 +0000 Subject: #3801 Check out files in the activity instance dir with the correct permissions. --- diff --git a/NEWS b/NEWS index 55f05ef..3d30219 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,5 @@ +* #3801 Check out files in the activity instance dir with the correct + permissions. (tomeu) * #4704 Fix copy of entries with file to removable devices. (tomeu) * #4714 Fix copy of entries without file to removable devices. (tomeu) diff --git a/src/olpc/datastore/backingstore.py b/src/olpc/datastore/backingstore.py index bc3905a..e32cce8 100644 --- a/src/olpc/datastore/backingstore.py +++ b/src/olpc/datastore/backingstore.py @@ -206,6 +206,12 @@ class FileBackingStore(BackingStore): self.base = os.path.join(uri, self.STORE_NAME) self.indexmanager = None + """ Current uid of the user that is calling DataStore.get_filename + through dbus. Needed for security stuff. It is an instance variable + instead of a method parameter because this is less invasive for Update 1. + """ + self.current_user_id = None + # Informational def descriptor(self): """return a dict with atleast the following keys @@ -358,13 +364,17 @@ class FileBackingStore(BackingStore): if not ext.startswith('.'): ext = ".%s" % ext targetpath = "%s%s" % (targetpath, ext) - # TODO: When rainbow can tell us, we'll save the file to a dir inside the - # activity file space. - profile = os.environ.get('SUGAR_PROFILE', 'default') - base = os.path.join(os.path.expanduser('~'), '.sugar', profile, 'data') - if not os.path.exists(base): - os.makedirs(base) - + if os.path.exists('/etc/olpc-security'): + if not self.current_user_id: + raise ValueError("Couldn't determine the current user uid.") + base = os.path.join('/activities', 'uid_to_instance_dir', + str(self.current_user_id)) + else: + profile = os.environ.get('SUGAR_PROFILE', 'default') + base = os.path.join(os.path.expanduser('~'), '.sugar', profile, 'data') + if not os.path.exists(base): + os.makedirs(base) + targetpath = os.path.join(base, targetpath) attempt = 0 while os.path.exists(targetpath): @@ -383,11 +393,13 @@ class FileBackingStore(BackingStore): targetpath = "%s(%s)%s" % (targetpath, attempt, ext) + os.chmod(path, 0604) try: os.link(path, targetpath) except OSError, e: if e.errno == errno.EXDEV: shutil.copy(path, targetpath) + os.chmod(targetpath, 0604) else: raise diff --git a/src/olpc/datastore/datastore.py b/src/olpc/datastore/datastore.py index f5862cf..bf3cfaf 100644 --- a/src/olpc/datastore/datastore.py +++ b/src/olpc/datastore/datastore.py @@ -404,13 +404,25 @@ class DataStore(dbus.service.Object): #@utils.sanitize_dbus @dbus.service.method(DS_DBUS_INTERFACE, in_signature='s', - out_signature='s') - def get_filename(self, uid): + out_signature='s', + sender_keyword='sender') + def get_filename(self, uid, sender=None): content = self.get(uid) if content: - try: return content.filename - except AttributeError: pass - return '' + # Assign to the backing store the uid of the process that called + # this method. This is needed for copying the file in the right + # place. + backingstore = content.backingstore + backingstore.current_user_id = dbus.Bus().get_unix_user(sender) + try: + # Retrieving the file path for the file will cause the file to be + # copied or linked to a directory accessible by the caller. + file_path = content.filename + except AttributeError: + file_path = '' + finally: + backingstore.current_user_id = None + return file_path #@utils.sanitize_dbus @dbus.service.method(DS_DBUS_INTERFACE, -- cgit v0.9.1