This commit is contained in:
Ulrike Uhlig 2016-12-22 19:12:38 +01:00
commit 51f538edee
8 changed files with 6470 additions and 5417 deletions

View File

@ -0,0 +1,31 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/python>
# Why are these not in abstractions/python?
/usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/ rw,
/usr/lib{,32,64}/python{2,3}.[0-9]/__pycache__/* rw,
/usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/ rw,
/usr/lib{,32,64}/python{2,3}.[0-9]/**/__pycache__/* rw,
/usr/lib{,32,64}/python{2,3}/**/__pycache__/ rw,
/usr/lib{,32,64}/python{2,3}/**/__pycache__/* rw,
/bin/dash rix,
/proc/*/mounts r,
/proc/*/fd/ r,
/sbin/ldconfig rix,
/sbin/ldconfig.real rix,
/bin/uname rix,
/{,lib/live/mount/rootfs/filesystem.squashfs/}etc/mime.types r,
/{,lib/live/mount/rootfs/filesystem.squashfs/}usr/share/onionshare/ r,
/{,lib/live/mount/rootfs/filesystem.squashfs/}usr/share/onionshare/** r,
/tmp/ rw,
/tmp/** rw,
# Allow all user data except .gnupg, .ssh and other potential
# places for critically sensitive application data.
audit deny @{HOME}/.* mrwkl,
audit deny @{HOME}/.*/ mrwkl,
audit deny @{HOME}/.*/** mrwkl,
owner @{HOME}/ r,
owner @{HOME}/** r,

View File

@ -0,0 +1,2 @@
# Site-specific additions and overrides for usr.bin.onionshare.
# For more details, please see /etc/apparmor.d/local/README.

View File

@ -0,0 +1,2 @@
# Site-specific additions and overrides for usr.bin.onionshare-gui.
# For more details, please see /etc/apparmor.d/local/README.

View File

@ -0,0 +1,10 @@
#include <tunables/global>
/usr/bin/onionshare flags=(complain) {
#include <abstractions/onionshare>
/usr/bin/ r,
/usr/bin/onionshare r,
#include <local/usr.bin.onionshare>
}

View File

@ -0,0 +1,26 @@
#include <tunables/global>
/usr/bin/onionshare-gui flags=(complain) {
#include <abstractions/gnome>
#include <abstractions/ibus>
#include <abstractions/onionshare>
/usr/bin/ r,
/usr/bin/onionshare-gui r,
/proc/*/cmdline r,
/usr/share/icons/Adwaita/index.theme r,
# Why do these still emit audit journal entries?
owner @{HOME}/.config/ibus/bus/ rw,
owner @{HOME}/.config/ibus/bus/* rw,
deny @{HOME}/.ICEauthority r,
deny /{,lib/live/mount/rootfs/filesystem.squashfs/}etc/machine-id r,
deny /var/lib/dbus/machine-id.* rw,
# Accessibility support
owner /{,var/}run/user/*/at-spi2-*/ rw,
owner /{,var/}run/user/*/at-spi2-*/** rw,
#include <local/usr.bin.onionshare-gui>
}

View File

@ -179,7 +179,10 @@ class Onion(object):
if self.supports_ephemeral:
# cleanup the ephemeral onion service
if self.service_id:
try:
self.c.remove_ephemeral_hidden_service(self.service_id)
except:
pass
self.service_id = None
else:

View File

@ -17,7 +17,7 @@ GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
import queue, mimetypes, platform, os, sys, socket, logging
import queue, mimetypes, platform, os, sys, socket, logging, html
from urllib.request import urlopen
from flask import Flask, Response, request, render_template_string, abort
@ -30,7 +30,6 @@ file_info = []
zip_filename = None
zip_filesize = None
def set_file_info(filenames):
"""
Using the list of filenames being shared, fill in details that the web
@ -42,9 +41,11 @@ def set_file_info(filenames):
# build file info list
file_info = {'files': [], 'dirs': []}
for filename in filenames:
# strips trailing '/' and sanitizes filename
basename = html.escape(os.path.basename(filename.rstrip('/')))
info = {
'filename': filename,
'basename': os.path.basename(filename.rstrip('/'))
'basename': basename
}
if os.path.isfile(filename):
info['size'] = os.path.getsize(filename)
@ -54,6 +55,8 @@ def set_file_info(filenames):
info['size'] = helpers.dir_size(filename)
info['size_human'] = helpers.human_readable_filesize(info['size'])
file_info['dirs'].append(info)
# sort list of files and directories by basename
file_info['files'] = sorted(file_info['files'], key=lambda k: k['basename'])
file_info['dirs'] = sorted(file_info['dirs'], key=lambda k: k['basename'])

File diff suppressed because it is too large Load Diff