File 0001-Restrict-CreateFile-method-to-WriteFstab-method-in-p.patch of Package kpmcore

From e483bab0d5ac409c9b484e9e154b06a1a3a77f9c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andrius=20=C5=A0tikonas?= <andrius@stikonas.eu>
Date: Sun, 20 Feb 2022 19:42:25 +0000
Subject: [PATCH] Restrict CreateFile method to WriteFstab method in polkit
 helper.

---
 src/core/fstab.cpp                 | 4 ++--
 src/core/fstab.h                   | 2 +-
 src/util/externalcommand.cpp       | 4 ++--
 src/util/externalcommand.h         | 2 +-
 src/util/externalcommandhelper.cpp | 8 ++------
 src/util/externalcommandhelper.h   | 2 +-
 6 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/src/core/fstab.cpp b/src/core/fstab.cpp
index ad3324f..116e1d4 100644
--- a/src/core/fstab.cpp
+++ b/src/core/fstab.cpp
@@ -295,7 +295,7 @@ static void writeEntry(QTextStream& s, const FstabEntry& entry, std::array<unsig
       << entry.comment() << "\n";
 }
 
-bool writeMountpoints(const FstabEntryList& fstabEntries, const QString& filename)
+bool writeMountpoints(const FstabEntryList& fstabEntries)
 {
     QString fstabContents;
     QTextStream out(&fstabContents);
@@ -306,5 +306,5 @@ bool writeMountpoints(const FstabEntryList& fstabEntries, const QString& filenam
         writeEntry(out, e, columnWidth);
 
     ExternalCommand cmd;
-    return cmd.createFile(fstabContents.toLocal8Bit(), filename);
+    return cmd.writeFstab(fstabContents.toLocal8Bit());
 }
diff --git a/src/core/fstab.h b/src/core/fstab.h
index be3efe4..1b38e7b 100644
--- a/src/core/fstab.h
+++ b/src/core/fstab.h
@@ -116,6 +116,6 @@ QString unescapeSpaces(const QString& mountPoint);
 
 LIBKPMCORE_EXPORT FstabEntryList readFstabEntries(const QString& fstabPath = QStringLiteral("/etc/fstab"));
 LIBKPMCORE_EXPORT QStringList possibleMountPoints(const QString& deviceNode, const QString& fstabPath = QStringLiteral("/etc/fstab"));
-LIBKPMCORE_EXPORT bool writeMountpoints(const FstabEntryList& fstabEntries, const QString& filename = QStringLiteral("/etc/fstab"));
+LIBKPMCORE_EXPORT bool writeMountpoints(const FstabEntryList& fstabEntries);
 
 #endif
diff --git a/src/util/externalcommand.cpp b/src/util/externalcommand.cpp
index 0bcd7c3..7b5a7d2 100644
--- a/src/util/externalcommand.cpp
+++ b/src/util/externalcommand.cpp
@@ -231,13 +231,13 @@ bool ExternalCommand::writeData(Report& commandReport, const QByteArray& buffer,
     return waitForDbusReply(pcall);
 }
 
-bool ExternalCommand::createFile(const QByteArray& fileContents, const QString& filePath)
+bool ExternalCommand::writeFstab(const QByteArray& fileContents)
 {
     auto interface = helperInterface();
     if (!interface)
         return false;
 
-    QDBusPendingCall pcall = interface->CreateFile(filePath, fileContents);
+    QDBusPendingCall pcall = interface->WriteFstab(fileContents);
     return waitForDbusReply(pcall);
 }
 
diff --git a/src/util/externalcommand.h b/src/util/externalcommand.h
index 4297983..9816f4c 100644
--- a/src/util/externalcommand.h
+++ b/src/util/externalcommand.h
@@ -57,7 +57,7 @@ public:
     bool copyBlocks(const CopySource& source, CopyTarget& target);
     QByteArray readData(const CopySourceDevice& source);
     bool writeData(Report& commandReport, const QByteArray& buffer, const QString& deviceNode, const quint64 firstByte); // same as copyBlocks but from QByteArray
-    bool createFile(const QByteArray& filePath, const QString& fileContents); // similar to writeData but creates a new file
+    bool writeFstab(const QByteArray& fileContents);
 
     /**< @param cmd the command to run */
     void setCommand(const QString& cmd);
diff --git a/src/util/externalcommandhelper.cpp b/src/util/externalcommandhelper.cpp
index ce3b6cf..9cf8e32 100644
--- a/src/util/externalcommandhelper.cpp
+++ b/src/util/externalcommandhelper.cpp
@@ -126,19 +126,15 @@ bool ExternalCommandHelper::writeData(QFile& device, const QByteArray& buffer, c
 }
 
 /** Creates a new file with given contents.
-    @param filePath file to write to
     @param fileContents the data that we write
     @return true on success
 */
-bool ExternalCommandHelper::CreateFile(const QString &filePath, const QByteArray& fileContents)
+bool ExternalCommandHelper::WriteFstab(const QByteArray& fileContents)
 {
     if (!isCallerAuthorized()) {
         return false;
     }
-    // Do not allow using this helper for writing to arbitrary location
-    if ( filePath != QStringLiteral("/etc/fstab") )
-        return false;
-
+    QString filePath = QStringLiteral("/etc/fstab");
     QFile device(filePath);
 
     auto flags = QIODevice::WriteOnly | QIODevice::Unbuffered;
diff --git a/src/util/externalcommandhelper.h b/src/util/externalcommandhelper.h
index bb1995f..0954e8e 100644
--- a/src/util/externalcommandhelper.h
+++ b/src/util/externalcommandhelper.h
@@ -43,7 +43,7 @@ public Q_SLOTS:
                                         const QString& targetDevice, const qint64 targetOffset, const qint64 blockSize);
     Q_SCRIPTABLE QByteArray ReadData(const QString& device, const qint64 offset, const qint64 length);
     Q_SCRIPTABLE bool WriteData(const QByteArray& buffer, const QString& targetDevice, const qint64 targetOffset);
-    Q_SCRIPTABLE bool CreateFile(const QString& filePath, const QByteArray& fileContents);
+    Q_SCRIPTABLE bool WriteFstab(const QByteArray& fileContents);
 
 private:
     bool isCallerAuthorized();
-- 
2.35.1