Add a permission-remove command

This removes an item from the permission store.

Closes: #1837
Approved by: alexlarsson

7 files changed, 309 insertions, 0 deletions

diff --git a/app/Makefile.am.inc b/app/Makefile.am.inc
index 46eb1c50..ab9f3752 100644
--- a/app/Makefile.am.inc
+++ b/app/Makefile.am.inc
@@ -51,6 +51,7 @@ flatpak_SOURCES = \
 	app/flatpak-builtins-document-unexport.c \
 	app/flatpak-builtins-document-info.c \
 	app/flatpak-builtins-document-list.c \
+	app/flatpak-builtins-permission-remove.c \
 	app/flatpak-builtins-permission-list.c \
 	app/flatpak-builtins-search.c \
 	app/flatpak-builtins-repair.c \
diff --git a/app/flatpak-builtins-permission-remove.c b/app/flatpak-builtins-permission-remove.c
new file mode 100644
index 00000000..bc0692a5
--- /dev/null
+++ b/app/flatpak-builtins-permission-remove.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright © 2018 Red Hat, Inc
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Authors:
+ *       Matthias Clasen <mclasen@redhat.com>
+ */
+
+#include "config.h"
+
+#include <locale.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib/gi18n.h>
+
+#include "libglnx/libglnx.h"
+#include "flatpak-permission-dbus-generated.h"
+
+#include "flatpak-builtins.h"
+#include "flatpak-table-printer.h"
+#include "flatpak-utils-private.h"
+#include "flatpak-run-private.h"
+
+static GOptionEntry options[] = {
+  { NULL }
+};
+
+static char **
+get_permission_tables (XdpDbusPermissionStore *store)
+{
+  g_autofree char *path = NULL;
+  GDir *dir;
+  const char *name;
+  GPtrArray *tables = NULL;
+
+  tables = g_ptr_array_new ();
+
+  path = g_build_filename (g_get_user_data_dir (), "flatpak/db", NULL);
+  dir = g_dir_open (path, 0, NULL);
+  if (dir != NULL)
+    {
+      while ((name = g_dir_read_name (dir)) != NULL)
+        {
+          g_ptr_array_add (tables, g_strdup (name));
+        }
+    }
+
+  g_dir_close (dir);
+
+  g_ptr_array_add (tables, NULL);
+
+  return (char **)g_ptr_array_free (tables, FALSE);
+}
+
+static char **
+get_ids_for_table (XdpDbusPermissionStore *store,
+                   const char             *table)
+{
+  char **ids = NULL;
+
+  xdp_dbus_permission_store_call_list_sync (store, table, &ids, NULL, NULL);
+
+  return ids;
+}
+
+static gboolean
+remove_item (XdpDbusPermissionStore  *store,
+             const char              *table,
+             const char              *id,
+             GError                 **error)
+{
+  /* FIXME some portals cache their permission tables and assume that they're
+   * the only writers, so they may miss these changes.
+   * See https://github.com/flatpak/xdg-desktop-portal/issues/197
+   */
+  if (!xdp_dbus_permission_store_call_delete_sync (store, table, id, NULL, error))
+    return FALSE;
+
+  return TRUE;
+}
+
+gboolean
+flatpak_builtin_permission_remove (int argc, char **argv,
+                                   GCancellable *cancellable,
+                                   GError **error)
+{
+  g_autoptr(GOptionContext) context = NULL;
+  g_autoptr(GDBusConnection) session_bus = NULL;
+  XdpDbusPermissionStore *store = NULL;
+  const char *table;
+  const char *id;
+
+  context = g_option_context_new (_("TABLE ID - Remove item to permission store"));
+  g_option_context_set_translation_domain (context, GETTEXT_PACKAGE);
+
+  if (!flatpak_option_context_parse (context, options, &argc, &argv,
+                                     FLATPAK_BUILTIN_FLAG_NO_DIR,
+                                     NULL, cancellable, error))
+    return FALSE;
+
+  if (argc < 3)
+    return usage_error (context, _("Too few arguments"), error);
+
+  if (argc > 3)
+    return usage_error (context, _("Too many arguments"), error);
+
+  table = argv[1];
+  id = argv[2];
+
+  session_bus = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, error);
+  if (session_bus == NULL)
+    return FALSE;
+
+  store = xdp_dbus_permission_store_proxy_new_sync (session_bus, 0,
+                                                    "org.freedesktop.impl.portal.PermissionStore",
+                                                    "/org/freedesktop/impl/portal/PermissionStore",
+                                                    NULL, error);
+  if (store == NULL)
+    return FALSE;
+
+  if (!remove_item (store, table, id, error))
+    return FALSE;
+
+  return TRUE;
+}
+
+gboolean
+flatpak_complete_permission_remove (FlatpakCompletion *completion)
+{
+  g_autoptr(GOptionContext) context = NULL;
+  g_autoptr(GDBusConnection) session_bus = NULL;
+  XdpDbusPermissionStore *store = NULL;
+  int i;
+
+  context = g_option_context_new ("");
+
+  if (!flatpak_option_context_parse (context, options, &completion->argc, &completion->argv,
+                                     FLATPAK_BUILTIN_FLAG_NO_DIR, NULL, NULL, NULL))
+    return FALSE;
+
+  session_bus = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL);
+  if (session_bus == NULL)
+    return FALSE;
+
+  store = xdp_dbus_permission_store_proxy_new_sync (session_bus, 0,
+                                                    "org.freedesktop.impl.portal.PermissionStore",
+                                                    "/org/freedesktop/impl/portal/PermissionStore",
+                                                    NULL, NULL);
+
+  if (store == NULL)
+    return FALSE;
+
+  switch (completion->argc)
+    {
+    case 0:
+    case 1: /* TABLE */
+      flatpak_complete_options (completion, global_entries);
+      flatpak_complete_options (completion, options);
+
+      {
+        g_auto(GStrv) tables = get_permission_tables (store);
+        for (i = 0; tables != NULL && tables[i] != NULL; i++)
+          {
+            flatpak_complete_word (completion, "%s ", tables[i]);
+          }
+      }
+
+      break;
+
+    case 2:
+      {
+        g_auto(GStrv) ids = get_ids_for_table (store, completion->argv[1]);
+        for (i = 0; ids != NULL && ids[i] != NULL; i++)
+          {
+            flatpak_complete_word (completion, "%s ", ids[i]);
+          }
+      }
+
+      break;
+
+    default:
+      break;
+    }
+
+  return TRUE;
+}
diff --git a/app/flatpak-builtins.h b/app/flatpak-builtins.h
index 7e32f4cb..74c9a4d3 100644
--- a/app/flatpak-builtins.h
+++ b/app/flatpak-builtins.h
@@ -87,6 +87,7 @@ BUILTINPROTO (document_export)
 BUILTINPROTO (document_unexport)
 BUILTINPROTO (document_info)
 BUILTINPROTO (document_list)
+BUILTINPROTO (permission_remove)
 BUILTINPROTO (permission_list)
 BUILTINPROTO (override)
 BUILTINPROTO (repo)
diff --git a/app/flatpak-main.c b/app/flatpak-main.c
index a02d8be1..eff7b665 100644
--- a/app/flatpak-main.c
+++ b/app/flatpak-main.c
@@ -90,6 +90,7 @@ static FlatpakCommand commands[] = {
 
    /* translators: please keep the leading newline and space */
   { N_("\n Manage dynamic permissions") },
+  { "permission-remove", N_("Remove item from permission store"), flatpak_builtin_permission_remove, flatpak_complete_permission_remove },
   { "permission-list", N_("List permissions"), flatpak_builtin_permission_list, flatpak_complete_permission_list },
 
    /* translators: please keep the leading newline and space */
diff --git a/doc/Makefile.am b/doc/Makefile.am
index f831a62a..31c4212d 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -39,6 +39,7 @@ man1 = \
 	flatpak-document-unexport.1	\
 	flatpak-document-info.1		\
 	flatpak-document-list.1		\
+	flatpak-permission-remove.1	\
 	flatpak-permission-list.1	\
 	flatpak-build-init.1		\
 	flatpak-build.1			\
diff --git a/doc/flatpak-docs.xml.in b/doc/flatpak-docs.xml.in
index 1405550e..88ae1c7f 100644
--- a/doc/flatpak-docs.xml.in
+++ b/doc/flatpak-docs.xml.in
@@ -33,6 +33,7 @@
       <xi:include href="@srcdir@/flatpak-document-info.xml"/>
       <xi:include href="@srcdir@/flatpak-document-list.xml"/>
       <xi:include href="@srcdir@/flatpak-document-unexport.xml"/>
+      <xi:include href="@srcdir@/flatpak-permission-remove.xml"/>
       <xi:include href="@srcdir@/flatpak-permission-list.xml"/>
       <xi:include href="@srcdir@/flatpak-enter.xml"/>
       <xi:include href="@srcdir@/flatpak-info.xml"/>
diff --git a/doc/flatpak-permission-remove.xml b/doc/flatpak-permission-remove.xml
new file mode 100644
index 00000000..c9df7981
--- /dev/null
+++ b/doc/flatpak-permission-remove.xml
@@ -0,0 +1,103 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+    "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<refentry id="flatpak-permission-remove">
+
+    <refentryinfo>
+        <title>flatpak permission-remove</title>
+        <productname>flatpak</productname>
+
+        <authorgroup>
+            <author>
+                <contrib>Developer</contrib>
+                <firstname>Matthias</firstname>
+                <surname>Clasen</surname>
+                <email>mclasen@redhat.com</email>
+            </author>
+        </authorgroup>
+    </refentryinfo>
+
+    <refmeta>
+        <refentrytitle>flatpak permission-remove</refentrytitle>
+        <manvolnum>1</manvolnum>
+    </refmeta>
+
+    <refnamediv>
+        <refname>flatpak-permission-remove</refname>
+        <refpurpose>List permissions</refpurpose>
+    </refnamediv>
+
+    <refsynopsisdiv>
+            <cmdsynopsis>
+                <command>flatpak permission-remove</command>
+                <arg choice="opt" rep="repeat">OPTION</arg>
+                <arg choice="plain">TABLE</arg>
+                <arg choice="plain">ID</arg>
+            </cmdsynopsis>
+    </refsynopsisdiv>
+
+    <refsect1>
+        <title>Description</title>
+
+        <para>
+          Removes an entry for the object with id ID to the permission
+          store table TABLE. The ID must be in a suitable format
+          for the table.
+        </para>
+        <para>
+          The permission store is used by portals.
+          Each portal generally has its own table in the permission
+          store, and the format of the table entries is specific to
+          each portal.
+        </para>
+
+    </refsect1>
+
+    <refsect1>
+        <title>Options</title>
+
+        <para>The following options are understood:</para>
+
+        <variablelist>
+            <varlistentry>
+                <term><option>-h</option></term>
+                <term><option>--help</option></term>
+
+                <listitem><para>
+                    Show help options and exit.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>-v</option></term>
+                <term><option>--verbose</option></term>
+
+                <listitem><para>
+                    Print debug information during command processing.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>--ostree-verbose</option></term>
+
+                <listitem><para>
+                    Print OSTree debug information during command processing.
+                </para></listitem>
+            </varlistentry>
+        </variablelist>
+    </refsect1>
+
+    <refsect1>
+        <title>See also</title>
+
+        <para>
+            <citerefentry><refentrytitle>flatpak</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>flatpak-permission-list</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>flatpak-permission-show</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>flatpak-permission-reset</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+        </para>
+
+    </refsect1>
+
+</refentry>