proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-06-08 03:48:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

libfwupdplugin: add a helper to set a config file to secure

Browse Source
This commit is contained in:
Mario Limonciello 2021-12-17 08:48:10 -06:00
parent 1b9bdb1659
commit 17db067d13
3 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
libfwupdplugin/fu-plugin.c
View File

@ -10,6 +10,7 @@
#include <errno.h> #include <errno.h>
#include <fwupd.h> #include <fwupd.h>
#include <glib/gstdio.h>
#include <gmodule.h> #include <gmodule.h>
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
@ -2260,6 +2261,49 @@ fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value,
return g_key_file_save_to_file(keyfile, conf_path, error); return g_key_file_save_to_file(keyfile, conf_path, error);
} }
/**
* fu_plugin_set_secure_config_value:
* @self: a #FuPlugin
* @key: a settings key
* @value: (nullable): a settings value
* @error: (nullable): optional return location for an error
*
* Sets a plugin config file value and updates file so that non-privileged users
* cannot read it.
*
* Returns: %TRUE for success
*
* Since: 1.7.4
**/
gboolean
fu_plugin_set_secure_config_value(FuPlugin *self,
const gchar *key,
const gchar *value,
GError **error)
{
g_autofree gchar *conf_path = fu_plugin_get_config_filename(self);
gint ret;
g_return_val_if_fail(FU_IS_PLUGIN(self), FALSE);
g_return_val_if_fail(error == NULL || *error == NULL, FALSE);
if (!g_file_test(conf_path, G_FILE_TEST_EXISTS)) {
g_set_error(error, FWUPD_ERROR, FWUPD_ERROR_NOT_FOUND, "%s is missing", conf_path);
return FALSE;
}
ret = g_chmod(conf_path, 0660);
if (ret == -1) {
g_set_error(error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to set permissions on %s",
conf_path);
return FALSE;
}
return fu_plugin_set_config_value(self, key, value, error);
}
/** /**
* fu_plugin_get_config_value_boolean: * fu_plugin_get_config_value_boolean:
* @self: a #FuPlugin * @self: a #FuPlugin

5
libfwupdplugin/fu-plugin.h
View File

@ -434,6 +434,11 @@ fu_plugin_add_report_metadata(FuPlugin *self, const gchar *key, const gchar *val
gchar * gchar *
fu_plugin_get_config_value(FuPlugin *self, const gchar *key); fu_plugin_get_config_value(FuPlugin *self, const gchar *key);
gboolean gboolean
fu_plugin_set_secure_config_value(FuPlugin *self,
const gchar *key,
const gchar *value,
GError **error);
gboolean
fu_plugin_get_config_value_boolean(FuPlugin *self, const gchar *key); fu_plugin_get_config_value_boolean(FuPlugin *self, const gchar *key);
gboolean gboolean
fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value, GError **error); fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value, GError **error);

1
libfwupdplugin/fwupdplugin.map
View File

@ -984,5 +984,6 @@ LIBFWUPDPLUGIN_1.7.4 {
fu_cfi_device_set_block_size; fu_cfi_device_set_block_size;
fu_common_get_contents_stream; fu_common_get_contents_stream;
fu_memmem_safe; fu_memmem_safe;
fu_plugin_set_secure_config_value;
local: *; local: *;
} LIBFWUPDPLUGIN_1.7.3; } LIBFWUPDPLUGIN_1.7.3;