This commit is contained in:
Ulrike Uhlig 2016-12-22 19:12:38 +01:00
commit 51f538edee
8 changed files with 6470 additions and 5417 deletions

View File

@ -0,0 +1,31 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/python>
# Why are these not in abstractions/python?
/usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/ rw,
/usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/* rw,
/usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/ rw,
/usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/* rw,
/usr/lib{,32,64}/python{2,3}/**/__pycache__/ rw,
/usr/lib{,32,64}/python{2,3}/**/__pycache__/* rw,
/bin/dash rix,
/proc/*/mounts r,
/proc/*/fd/ r,
/sbin/ldconfig rix,
/sbin/ldconfig.real rix,
/bin/uname rix,
/{,lib/live/mount/rootfs/filesystem.squashfs/}etc/mime.types r,
/{,lib/live/mount/rootfs/filesystem.squashfs/}usr/share/onionshare/ r,
/{,lib/live/mount/rootfs/filesystem.squashfs/}usr/share/onionshare/** r,
/tmp/ rw,
/tmp/** rw,
# Allow all user data except .gnupg, .ssh and other potential
# places for critically sensitive application data.
audit deny @{HOME}/.* mrwkl,
audit deny @{HOME}/.*/ mrwkl,
audit deny @{HOME}/.*/** mrwkl,
owner @{HOME}/ r,
owner @{HOME}/** r,

View File

@ -0,0 +1,2 @@
# Site-specific additions and overrides for usr.bin.onionshare.
# For more details, please see /etc/apparmor.d/local/README.

View File

@ -0,0 +1,2 @@
# Site-specific additions and overrides for usr.bin.onionshare-gui.
# For more details, please see /etc/apparmor.d/local/README.

View File

@ -0,0 +1,10 @@
#include <tunables/global>
/usr/bin/onionshare flags=(complain) {
#include <abstractions/onionshare>
/usr/bin/ r,
/usr/bin/onionshare r,
#include <local/usr.bin.onionshare>
}

View File

@ -0,0 +1,26 @@
#include <tunables/global>
/usr/bin/onionshare-gui flags=(complain) {
#include <abstractions/gnome>
#include <abstractions/ibus>
#include <abstractions/onionshare>
/usr/bin/ r,
/usr/bin/onionshare-gui r,
/proc/*/cmdline r,
/usr/share/icons/Adwaita/index.theme r,
# Why do these still emit audit journal entries?
owner @{HOME}/.config/ibus/bus/ rw,
owner @{HOME}/.config/ibus/bus/* rw,
deny @{HOME}/.ICEauthority r,
deny /{,lib/live/mount/rootfs/filesystem.squashfs/}etc/machine-id r,
deny /var/lib/dbus/machine-id.* rw,
# Accessibility support
owner /{,var/}run/user/*/at-spi2-*/ rw,
owner /{,var/}run/user/*/at-spi2-*/** rw,
#include <local/usr.bin.onionshare-gui>
}

View File

@ -179,7 +179,10 @@ class Onion(object):
if self.supports_ephemeral: if self.supports_ephemeral:
# cleanup the ephemeral onion service # cleanup the ephemeral onion service
if self.service_id: if self.service_id:
try:
self.c.remove_ephemeral_hidden_service(self.service_id) self.c.remove_ephemeral_hidden_service(self.service_id)
except:
pass
self.service_id = None self.service_id = None
else: else:

View File

@ -17,7 +17,7 @@ GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. along with this program. If not, see <http://www.gnu.org/licenses/>.
""" """
import queue, mimetypes, platform, os, sys, socket, logging import queue, mimetypes, platform, os, sys, socket, logging, html
from urllib.request import urlopen from urllib.request import urlopen
from flask import Flask, Response, request, render_template_string, abort from flask import Flask, Response, request, render_template_string, abort
@ -30,7 +30,6 @@ file_info = []
zip_filename = None zip_filename = None
zip_filesize = None zip_filesize = None
def set_file_info(filenames): def set_file_info(filenames):
""" """
Using the list of filenames being shared, fill in details that the web Using the list of filenames being shared, fill in details that the web
@ -42,9 +41,11 @@ def set_file_info(filenames):
# build file info list # build file info list
file_info = {'files': [], 'dirs': []} file_info = {'files': [], 'dirs': []}
for filename in filenames: for filename in filenames:
# strips trailing '/' and sanitizes filename
basename = html.escape(os.path.basename(filename.rstrip('/')))
info = { info = {
'filename': filename, 'filename': filename,
'basename': os.path.basename(filename.rstrip('/')) 'basename': basename
} }
if os.path.isfile(filename): if os.path.isfile(filename):
info['size'] = os.path.getsize(filename) info['size'] = os.path.getsize(filename)
@ -54,6 +55,8 @@ def set_file_info(filenames):
info['size'] = helpers.dir_size(filename) info['size'] = helpers.dir_size(filename)
info['size_human'] = helpers.human_readable_filesize(info['size']) info['size_human'] = helpers.human_readable_filesize(info['size'])
file_info['dirs'].append(info) file_info['dirs'].append(info)
# sort list of files and directories by basename
file_info['files'] = sorted(file_info['files'], key=lambda k: k['basename']) file_info['files'] = sorted(file_info['files'], key=lambda k: k['basename'])
file_info['dirs'] = sorted(file_info['dirs'], key=lambda k: k['basename']) file_info['dirs'] = sorted(file_info['dirs'], key=lambda k: k['basename'])

File diff suppressed because it is too large Load Diff