diff --git a/libfwupdplugin/fu-plugin.c b/libfwupdplugin/fu-plugin.c index c7b53712e..c7662c4b8 100644 --- a/libfwupdplugin/fu-plugin.c +++ b/libfwupdplugin/fu-plugin.c @@ -10,6 +10,7 @@ #include #include +#include #include #include #include @@ -2260,6 +2261,49 @@ fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value, return g_key_file_save_to_file(keyfile, conf_path, error); } +/** + * fu_plugin_set_secure_config_value: + * @self: a #FuPlugin + * @key: a settings key + * @value: (nullable): a settings value + * @error: (nullable): optional return location for an error + * + * Sets a plugin config file value and updates file so that non-privileged users + * cannot read it. + * + * Returns: %TRUE for success + * + * Since: 1.7.4 + **/ +gboolean +fu_plugin_set_secure_config_value(FuPlugin *self, + const gchar *key, + const gchar *value, + GError **error) +{ + g_autofree gchar *conf_path = fu_plugin_get_config_filename(self); + gint ret; + + g_return_val_if_fail(FU_IS_PLUGIN(self), FALSE); + g_return_val_if_fail(error == NULL || *error == NULL, FALSE); + + if (!g_file_test(conf_path, G_FILE_TEST_EXISTS)) { + g_set_error(error, FWUPD_ERROR, FWUPD_ERROR_NOT_FOUND, "%s is missing", conf_path); + return FALSE; + } + ret = g_chmod(conf_path, 0660); + if (ret == -1) { + g_set_error(error, + FWUPD_ERROR, + FWUPD_ERROR_INTERNAL, + "failed to set permissions on %s", + conf_path); + return FALSE; + } + + return fu_plugin_set_config_value(self, key, value, error); +} + /** * fu_plugin_get_config_value_boolean: * @self: a #FuPlugin diff --git a/libfwupdplugin/fu-plugin.h b/libfwupdplugin/fu-plugin.h index eeffec2eb..13d4a43ce 100644 --- a/libfwupdplugin/fu-plugin.h +++ b/libfwupdplugin/fu-plugin.h @@ -434,6 +434,11 @@ fu_plugin_add_report_metadata(FuPlugin *self, const gchar *key, const gchar *val gchar * fu_plugin_get_config_value(FuPlugin *self, const gchar *key); gboolean +fu_plugin_set_secure_config_value(FuPlugin *self, + const gchar *key, + const gchar *value, + GError **error); +gboolean fu_plugin_get_config_value_boolean(FuPlugin *self, const gchar *key); gboolean fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value, GError **error); diff --git a/libfwupdplugin/fwupdplugin.map b/libfwupdplugin/fwupdplugin.map index d80d380af..052d95f98 100644 --- a/libfwupdplugin/fwupdplugin.map +++ b/libfwupdplugin/fwupdplugin.map @@ -984,5 +984,6 @@ LIBFWUPDPLUGIN_1.7.4 { fu_cfi_device_set_block_size; fu_common_get_contents_stream; fu_memmem_safe; + fu_plugin_set_secure_config_value; local: *; } LIBFWUPDPLUGIN_1.7.3;