Skip to content

gio: do not pass O_PATH file descriptors to portal APIs

James Henstridge requested to merge jamesh/glib:portals-no-o-path into master

This is a companion to xdg-desktop-portal issue #167, which changed the way certain APIs handle passed file descriptors and was merged for the 1.0.1 release from August last year. Apart from a backward compatibility carve out for flatpak, the APIs will refuse to accept O_PATH file descriptors.

The reason being that they do not actually prove access to the referenced file. For example, I can open an O_PATH file descriptor for /etc/shadow despite not being able to read its contents.

This merge request removes the O_PATH flag from the OpenURI and Document portal API calls in libgio. For g_openuri_portal_open_uri, I changed it to O_RDONLY since that is the minimum you should need to open a file. For g_document_portal_add_documents I used O_RDWR since it was requesting both read and write permissions from the document portal. I also used O_RDWR for g_document_portal_add_document, but that doesn't seem to be called from anywhere.

Merge request reports