Add a permission-show command

This shows all the entries pertaining to a particular
app from the permission store.

Closes: #1837
Approved by: alexlarsson

7 files changed, 341 insertions, 0 deletions

diff --git a/app/Makefile.am.inc b/app/Makefile.am.inc
index ab9f3752..46f1f096 100644
--- a/app/Makefile.am.inc
+++ b/app/Makefile.am.inc
@@ -53,6 +53,7 @@ flatpak_SOURCES = \
 	app/flatpak-builtins-document-list.c \
 	app/flatpak-builtins-permission-remove.c \
 	app/flatpak-builtins-permission-list.c \
+	app/flatpak-builtins-permission-show.c \
 	app/flatpak-builtins-search.c \
 	app/flatpak-builtins-repair.c \
 	app/flatpak-table-printer.c \
diff --git a/app/flatpak-builtins-permission-show.c b/app/flatpak-builtins-permission-show.c
new file mode 100644
index 00000000..4f7194f4
--- /dev/null
+++ b/app/flatpak-builtins-permission-show.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright © 2018 Red Hat, Inc
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Authors:
+ *       Matthias Clasen <mclasen@redhat.com>
+ */
+
+#include "config.h"
+
+#include <locale.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib/gi18n.h>
+
+#include "libglnx/libglnx.h"
+#include "flatpak-permission-dbus-generated.h"
+
+#include "flatpak-builtins.h"
+#include "flatpak-table-printer.h"
+#include "flatpak-utils-private.h"
+#include "flatpak-run-private.h"
+
+static GOptionEntry options[] = {
+  { NULL }
+};
+
+static char **
+get_permission_tables (XdpDbusPermissionStore *store)
+{
+  g_autofree char *path = NULL;
+  GDir *dir;
+  const char *name;
+  GPtrArray *tables = NULL;
+
+  tables = g_ptr_array_new ();
+
+  path = g_build_filename (g_get_user_data_dir (), "flatpak/db", NULL);
+  dir = g_dir_open (path, 0, NULL);
+  if (dir != NULL)
+    {
+      while ((name = g_dir_read_name (dir)) != NULL)
+        {
+          g_ptr_array_add (tables, g_strdup (name));
+        }
+    }
+
+  g_dir_close (dir);
+
+  g_ptr_array_add (tables, NULL);
+
+  return (char **)g_ptr_array_free (tables, FALSE);
+}
+
+static gboolean
+list_for_app (XdpDbusPermissionStore  *store,
+              const char              *table,
+              const char              *app_id,
+              FlatpakTablePrinter     *printer,
+              GError                 **error)
+{
+  char **ids;
+  int i;
+
+  if (!xdp_dbus_permission_store_call_list_sync (store, table, &ids, NULL, error))
+    return FALSE;
+
+  for (i = 0; ids[i]; i++)
+    {
+      g_autoptr(GVariant) permissions = NULL;
+      g_autoptr(GVariant) data = NULL;
+      g_autoptr(GVariant) d = NULL;
+      g_autofree char *txt = NULL;
+      GVariantIter iter;
+      char *key;
+      GVariantIter *val;
+
+      if (!xdp_dbus_permission_store_call_lookup_sync (store, table, ids[i], &permissions, &data, NULL, error))
+        return FALSE;
+
+      d = g_variant_get_child_value (data, 0);
+      txt = g_variant_print (d, FALSE);
+
+      g_variant_iter_init (&iter, permissions);
+      while (g_variant_iter_loop (&iter, "{sas}", &key, &val))
+        {
+          char *p;
+
+          if (strcmp (key, app_id) != 0)
+            continue;
+
+          flatpak_table_printer_add_column (printer, table);
+          flatpak_table_printer_add_column (printer, ids[i]);
+          flatpak_table_printer_add_column (printer, key);
+          flatpak_table_printer_add_column (printer, "");
+
+          while (g_variant_iter_loop (val, "s", &p))
+            {
+              flatpak_table_printer_append_with_comma (printer, p);
+            }
+
+          flatpak_table_printer_add_column (printer, txt);
+          flatpak_table_printer_finish_row (printer);
+        }
+    }
+
+  return TRUE;
+}
+
+gboolean
+flatpak_builtin_permission_show (int argc, char **argv,
+                                 GCancellable *cancellable,
+                                 GError **error)
+{
+  g_autoptr(GOptionContext) context = NULL;
+  g_autoptr(GDBusConnection) session_bus = NULL;
+  XdpDbusPermissionStore *store = NULL;
+  const char *app_id;
+  FlatpakTablePrinter *printer = NULL;
+  int i;
+  g_auto(GStrv) tables = NULL;
+
+  context = g_option_context_new (_("APP_ID - Show permissions for an app"));
+  g_option_context_set_translation_domain (context, GETTEXT_PACKAGE);
+
+  if (!flatpak_option_context_parse (context, options, &argc, &argv,
+                                     FLATPAK_BUILTIN_FLAG_NO_DIR,
+                                     NULL, cancellable, error))
+    return FALSE;
+
+  if (argc != 2)
+    return usage_error (context, _("Wrong number of arguments"), error);
+
+  app_id = argv[1];
+
+  session_bus = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, error);
+  if (session_bus == NULL)
+    return FALSE;
+
+  store = xdp_dbus_permission_store_proxy_new_sync (session_bus, 0,
+                                                    "org.freedesktop.impl.portal.PermissionStore",
+                                                    "/org/freedesktop/impl/portal/PermissionStore",
+                                                    NULL, error);
+  if (store == NULL)
+    return FALSE;
+
+  printer = flatpak_table_printer_new ();
+
+  i = 0;
+  flatpak_table_printer_set_column_title (printer, i++, _("Table"));
+  flatpak_table_printer_set_column_title (printer, i++, _("Object"));
+  flatpak_table_printer_set_column_title (printer, i++, _("App"));
+  flatpak_table_printer_set_column_title (printer, i++, _("Permissions"));
+  flatpak_table_printer_set_column_title (printer, i++, _("Data"));
+
+  tables = get_permission_tables (store);
+  for (i = 0; tables[i]; i++)
+    {
+      if (!list_for_app (store, tables[i], app_id, printer, error))
+        return FALSE;
+    }
+
+  flatpak_table_printer_print (printer);
+  flatpak_table_printer_free (printer);
+
+  return TRUE;
+}
+
+gboolean
+flatpak_complete_permission_show (FlatpakCompletion *completion)
+{
+  g_autoptr(GOptionContext) context = NULL;
+  g_autoptr(GDBusConnection) session_bus = NULL;
+  XdpDbusPermissionStore *store = NULL;
+
+  context = g_option_context_new ("");
+
+  if (!flatpak_option_context_parse (context, options, &completion->argc, &completion->argv,
+                                     FLATPAK_BUILTIN_FLAG_NO_DIR, NULL, NULL, NULL))
+    return FALSE;
+
+  session_bus = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL);
+  if (session_bus == NULL)
+    return FALSE;
+
+  store = xdp_dbus_permission_store_proxy_new_sync (session_bus, 0,
+                                                    "org.freedesktop.impl.portal.PermissionStore",
+                                                    "/org/freedesktop/impl/portal/PermissionStore",
+                                                    NULL, NULL);
+
+  if (store == NULL)
+    return FALSE;
+
+  switch (completion->argc)
+    {
+    case 0:
+    case 1: /* APP_ID */
+      flatpak_complete_options (completion, global_entries);
+      flatpak_complete_options (completion, options);
+
+      flatpak_complete_partial_ref (completion, FLATPAK_KINDS_APP, FALSE, flatpak_dir_get_user (), NULL);
+      flatpak_complete_partial_ref (completion, FLATPAK_KINDS_APP, FALSE, flatpak_dir_get_system_default (), NULL);
+
+      break;
+
+    default:
+      break;
+    }
+
+  return TRUE;
+}
diff --git a/app/flatpak-builtins.h b/app/flatpak-builtins.h
index 74c9a4d3..6e6b28eb 100644
--- a/app/flatpak-builtins.h
+++ b/app/flatpak-builtins.h
@@ -89,6 +89,7 @@ BUILTINPROTO (document_info)
 BUILTINPROTO (document_list)
 BUILTINPROTO (permission_remove)
 BUILTINPROTO (permission_list)
+BUILTINPROTO (permission_show)
 BUILTINPROTO (override)
 BUILTINPROTO (repo)
 BUILTINPROTO (config)
diff --git a/app/flatpak-main.c b/app/flatpak-main.c
index eff7b665..513b7c2f 100644
--- a/app/flatpak-main.c
+++ b/app/flatpak-main.c
@@ -92,6 +92,7 @@ static FlatpakCommand commands[] = {
   { N_("\n Manage dynamic permissions") },
   { "permission-remove", N_("Remove item from permission store"), flatpak_builtin_permission_remove, flatpak_complete_permission_remove },
   { "permission-list", N_("List permissions"), flatpak_builtin_permission_list, flatpak_complete_permission_list },
+  { "permission-show", N_("Show app permissions"), flatpak_builtin_permission_show, flatpak_complete_permission_show },
 
    /* translators: please keep the leading newline and space */
   { N_("\n Manage remote repositories") },
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 31c4212d..b26bbb2e 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -41,6 +41,7 @@ man1 = \
 	flatpak-document-list.1		\
 	flatpak-permission-remove.1	\
 	flatpak-permission-list.1	\
+	flatpak-permission-show.1	\
 	flatpak-build-init.1		\
 	flatpak-build.1			\
 	flatpak-build-bundle.1		\
diff --git a/doc/flatpak-docs.xml.in b/doc/flatpak-docs.xml.in
index 88ae1c7f..de393935 100644
--- a/doc/flatpak-docs.xml.in
+++ b/doc/flatpak-docs.xml.in
@@ -35,6 +35,7 @@
       <xi:include href="@srcdir@/flatpak-document-unexport.xml"/>
       <xi:include href="@srcdir@/flatpak-permission-remove.xml"/>
       <xi:include href="@srcdir@/flatpak-permission-list.xml"/>
+      <xi:include href="@srcdir@/flatpak-permission-show.xml"/>
       <xi:include href="@srcdir@/flatpak-enter.xml"/>
       <xi:include href="@srcdir@/flatpak-info.xml"/>
       <xi:include href="@srcdir@/flatpak-install.xml"/>
diff --git a/doc/flatpak-permission-show.xml b/doc/flatpak-permission-show.xml
new file mode 100644
index 00000000..a0872b12
--- /dev/null
+++ b/doc/flatpak-permission-show.xml
@@ -0,0 +1,110 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+    "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<refentry id="flatpak-permission-show">
+
+    <refentryinfo>
+        <title>flatpak permission-show</title>
+        <productname>flatpak</productname>
+
+        <authorgroup>
+            <author>
+                <contrib>Developer</contrib>
+                <firstname>Matthias</firstname>
+                <surname>Clasen</surname>
+                <email>mclasen@redhat.com</email>
+            </author>
+        </authorgroup>
+    </refentryinfo>
+
+    <refmeta>
+        <refentrytitle>flatpak permission-show</refentrytitle>
+        <manvolnum>1</manvolnum>
+    </refmeta>
+
+    <refnamediv>
+        <refname>flatpak-permission-show</refname>
+        <refpurpose>List permissions</refpurpose>
+    </refnamediv>
+
+    <refsynopsisdiv>
+            <cmdsynopsis>
+                <command>flatpak permission-show</command>
+                <arg choice="opt" rep="repeat">OPTION</arg>
+                <arg choice="plain">APP_ID</arg>
+            </cmdsynopsis>
+    </refsynopsisdiv>
+
+    <refsect1>
+        <title>Description</title>
+
+        <para>
+          Lists dynamic permissions for the given app which are stored
+          in the Flatpak permission store.
+        </para>
+
+        <para>
+          When called without arguments, lists all
+          the entries in all permission store tables. When called
+          with one argument, lists all the entries in the named
+          table. When called with two arguments, lists the entry
+          in the named table for the given object ID.
+        </para>
+
+        <para>
+          The permission store is used by portals.
+          Each portal generally has its own table in the permission
+          store, and the format of the table entries is specific to
+          each portal.
+        </para>
+
+    </refsect1>
+
+    <refsect1>
+        <title>Options</title>
+
+        <para>The following options are understood:</para>
+
+        <variablelist>
+            <varlistentry>
+                <term><option>-h</option></term>
+                <term><option>--help</option></term>
+
+                <listitem><para>
+                    Show help options and exit.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>-v</option></term>
+                <term><option>--verbose</option></term>
+
+                <listitem><para>
+                    Print debug information during command processing.
+                </para></listitem>
+            </varlistentry>
+
+            <varlistentry>
+                <term><option>--ostree-verbose</option></term>
+
+                <listitem><para>
+                    Print OSTree debug information during command processing.
+                </para></listitem>
+            </varlistentry>
+        </variablelist>
+    </refsect1>
+
+    <refsect1>
+        <title>See also</title>
+
+        <para>
+            <citerefentry><refentrytitle>flatpak</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>flatpak-permission-list</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>flatpak-permission-remove</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+            <citerefentry><refentrytitle>flatpak-permission-reset</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+        </para>
+
+    </refsect1>
+
+</refentry>