gnome-packages/mutter
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
bf81b2b904
mutter/patches/ubuntu/secure_mode_extension.patch
Ward Nakchbandi (Cosmic Fusion) deaf92469b
2023-10-03 21:58:03 +03:00

90 lines
3.8 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Date: Wed, 20 Jun 2018 19:22:06 +0200
Subject: Don't allow ubuntu mode extension to update
Ensure that no update is proposed or loaded if sideloaded (always
prefer system version) on the ubuntu session.
We want to ensure that the default code running is going through
our QA and security team process than being loaded from a 3rd
party website.
Also, that will enable us to upload newer versions on GNOME
extension website while still letting older ubuntu release versions
running expected extension version.
Origin: ubuntu
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=789852
---
js/ui/extensionDownloader.js | 11 +++++++++++
js/ui/extensionSystem.js | 9 +++++++++
2 files changed, 20 insertions(+)
diff --git a/js/ui/extensionDownloader.js b/js/ui/extensionDownloader.js
index eb17579..eb2d12d 100644
--- a/js/ui/extensionDownloader.js
+++ b/js/ui/extensionDownloader.js
@@ -7,6 +7,7 @@ import GObject from 'gi://GObject';
import Soup from 'gi://Soup';
import * as Config from '../misc/config.js';
+import * as Desktop from '../misc/desktop.js';
import * as Dialog from './dialog.js';
import * as ExtensionUtils from '../misc/extensionUtils.js';
import * as FileUtils from '../misc/fileUtils.js';
@@ -35,6 +36,13 @@ export async function installExtension(uuid, invocation) {
shell_version: Config.PACKAGE_VERSION,
};
+ if (Desktop.is('ubuntu') && Main.extensionManager.isModeExtension(uuid)) {
+ const msg = _("This is an extension enabled by your current mode, you cant install manually any update in that session.");
+ Main.notifyError(_("Can't install “%s”:").format(uuid), msg);
+ invocation.return_dbus_error('org.gnome.Shell.ExtensionError', msg);
+ return;
+ }
+
const message = Soup.Message.new_from_encoded_form('GET',
REPOSITORY_URL_INFO,
Soup.form_encode_hash(params));
@@ -194,6 +202,9 @@ export async function checkForUpdates() {
return;
if (extension.hasUpdate)
return;
+ // don't updates out of repository mode extension
+ if (Desktop.is('ubuntu') && Main.extensionManager.isModeExtension(uuid))
+ return;
metadatas[uuid] = {
version: extension.metadata.version,
};
diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
index 21b3b19..25260ec 100644
--- a/js/ui/extensionSystem.js
+++ b/js/ui/extensionSystem.js
@@ -8,6 +8,7 @@ import Shell from 'gi://Shell';
import * as Signals from '../misc/signals.js';
import * as Config from '../misc/config.js';
+import * as Desktop from '../misc/desktop.js';
import * as ExtensionDownloader from './extensionDownloader.js';
import {ExtensionState, ExtensionType} from '../misc/extensionUtils.js';
import * as FileUtils from '../misc/fileUtils.js';
@@ -502,6 +503,10 @@ export class ExtensionManager extends Signals.EventEmitter {
await this.loadExtension(newExtension);
}
+ isModeExtension(uuid) {
+ return this._getModeExtensions().indexOf(uuid) !== -1;
+ }
+
async _callExtensionInit(uuid) {
if (!this._extensionSupportsSessionMode(uuid))
return false;
@@ -709,6 +714,10 @@ export class ExtensionManager extends Signals.EventEmitter {
let type = dir.has_prefix(perUserDir)
? ExtensionType.PER_USER
: ExtensionType.SYSTEM;
+ if (Desktop.is('ubuntu') && this.isModeExtension(uuid) && type === ExtensionType.PER_USER) {
+ log(`Found user extension ${uuid}, but not loading from ${dir.get_path()} directory as part of session mode.`);
+ return;
+ }
try {
extension = this.createExtensionObject(uuid, dir, type);
} catch (error) {
Reference in New Issue View Git Blame Copy Permalink