Implement v2 notification spec

src/meson.build

@@ -174,7 +174,7 @@ endif
 xdp_validate_icon = executable(
   'xdg-desktop-portal-validate-icon',
   'validate-icon.c',
-  dependencies: [gdk_pixbuf_dep],
+  dependencies: [gdk_pixbuf_dep, gio_unix_dep],
   c_args: validate_icon_c_args,
   install: true,
   install_dir: libexecdir,

src/validate-icon.c

@@ -16,6 +16,7 @@
  *
  * Authors:
  *       Matthias Clasen <[email protected]>
+ *       Julian Sparber <[email protected]>
  */
 
 /* The canonical copy of this file is in:
@@ -26,6 +27,7 @@
 
 #include <gdk-pixbuf/gdk-pixbuf.h>
 #include <glib/gstdio.h>
+#include <gio/gunixinputstream.h>
 #include <errno.h>
 #include <unistd.h>
 
@@ -34,81 +36,80 @@
 #endif
 
 #define ICON_VALIDATOR_GROUP "Icon Validator"
+#define MAX_ICON_SIZE 512
+#define MAX_SVG_ICON_SIZE 4096
+#define BUFFER_SIZE 4096
+#define INPUT_FD 3
 
 static int
-validate_icon (const char *arg_width,
-               const char *arg_height,
-               const char *filename)
+validate_icon ()
 {
-  GdkPixbufFormat *format;
-  int max_width, max_height;
-  int width, height;
-  g_autofree char *name = NULL;
   const char *allowed_formats[] = { "png", "jpeg", "svg", NULL };
-  g_autoptr(GdkPixbuf) pixbuf = NULL;
+  g_autoptr(GBytes) bytes = NULL;
   g_autoptr(GError) error = NULL;
+  GdkPixbufFormat *format;
   g_autoptr(GKeyFile) key_file = NULL;
   g_autofree char *key_file_data = NULL;
+  g_autoptr(GdkPixbufLoader) loader = NULL;
+  g_autoptr(GMappedFile) mapped = NULL;
+  int max_size, width, height;
+  g_autofree char *name = NULL;
+  GdkPixbuf *pixbuf;
 
-  format = gdk_pixbuf_get_file_info (filename, &width, &height);
-  if (format == NULL)
+  if (!(mapped = g_mapped_file_new_from_fd (INPUT_FD, FALSE, &error)))
     {
-      g_printerr ("Format not recognized\n");
+      g_printerr ("Failed to create mapped file for image: %s\n", error->message);
       return 1;
     }
 
-  name = gdk_pixbuf_format_get_name (format);
-  if (!g_strv_contains (allowed_formats, name))
+  bytes = g_mapped_file_get_bytes (mapped);
+
+  loader = gdk_pixbuf_loader_new ();
+
+  if (!gdk_pixbuf_loader_write_bytes (loader, bytes, &error) ||
+      !gdk_pixbuf_loader_close (loader, &error) ||
+      !(pixbuf = gdk_pixbuf_loader_get_pixbuf (loader)))
     {
-      g_printerr ("Format %s not accepted\n", name);
+      g_printerr ("Failed to load image: %s\n", error->message);
+      gdk_pixbuf_loader_close (loader, NULL);
       return 1;
     }
 
-  if (!g_str_equal (name, "svg"))
+  if (!(format = gdk_pixbuf_loader_get_format (loader)))
     {
-      max_width = g_ascii_strtoll (arg_width, NULL, 10);
-      if (max_width < 16 || max_width > 4096)
-        {
-          g_printerr ("Bad width limit: %s\n", arg_width);
-          return 1;
-        }
-
-      max_height = g_ascii_strtoll (arg_height, NULL, 10);
-      if (max_height < 16 || max_height > 4096)
-        {
-          g_printerr ("Bad height limit: %s\n", arg_height);
-          return 1;
-        }
-    }
-  else
-    {
-      /* Sanity check for vector files */
-      max_height = max_width = 4096;
+      g_printerr ("Image format not recognized\n");
+      return 1;
     }
 
-  if (width > max_width || height > max_height)
+  name = gdk_pixbuf_format_get_name (format);
+  if (!g_strv_contains (allowed_formats, name))
     {
-      g_printerr ("Image too large (%dx%d). Max. size %dx%d\n", width, height, max_width, max_height);
+      g_printerr ("Image format %s not accepted\n", name);
       return 1;
     }
 
-  pixbuf = gdk_pixbuf_new_from_file (filename, &error);
-  if (pixbuf == NULL)
+  width = gdk_pixbuf_get_width (pixbuf);
+  height = gdk_pixbuf_get_height (pixbuf);
+
+  if (width != height)
     {
-      g_printerr ("Failed to load image: %s\n", error->message);
+      g_printerr ("Expected a square image but got: %dx%d\n", width, height);
       return 1;
     }
 
-  if (width != height)
+  /* Sanity check for vector files */
+  max_size = g_str_equal (name, "svg") ? MAX_SVG_ICON_SIZE : MAX_ICON_SIZE;
+
+  /* The icon is a square so we only need to check one side */
+  if (width > max_size)
     {
-      g_printerr ("Expected a square icon but got: %dx%d\n", width, height);
+      g_printerr ("Image too large (%dx%d). Max. size %dx%d\n", width, height, max_size, max_size);
       return 1;
     }
 
   /* Print the format and size for consumption by (at least) the dynamic
-   * launcher portal. xdg-desktop-portal has a copy of this file. Use a
-   * GKeyFile so the output can be easily extended in the future in a backwards
-   * compatible way.
+   * launcher portal. Use a GKeyFile so the output can be easily extended 
+   * in the future in a backwards compatible way.
    */
   key_file = g_key_file_new ();
   g_key_file_set_string (key_file, ICON_VALIDATOR_GROUP, "format", name);
@@ -165,9 +166,7 @@ flatpak_get_bwrap (void)
 }
 
 static int
-rerun_in_sandbox (const char *arg_width,
-                  const char *arg_height,
-                  const char *filename)
+rerun_in_sandbox (void)
 {
   const char * const usrmerged_dirs[] = { "bin", "lib32", "lib64", "lib", "sbin" };
   int i;
@@ -226,15 +225,14 @@ rerun_in_sandbox (const char *arg_width,
             "--setenv", "GIO_USE_VFS", "local",
             "--unsetenv", "TMPDIR",
             "--die-with-parent",
-            "--ro-bind", filename, filename,
             NULL);
 
   if (g_getenv ("G_MESSAGES_DEBUG"))
     add_args (args, "--setenv", "G_MESSAGES_DEBUG", g_getenv ("G_MESSAGES_DEBUG"), NULL);
   if (g_getenv ("G_MESSAGES_PREFIXED"))
     add_args (args, "--setenv", "G_MESSAGES_PREFIXED", g_getenv ("G_MESSAGES_PREFIXED"), NULL);
 
-  add_args (args, validate_icon, arg_width, arg_height, filename, NULL);
+  add_args (args, validate_icon, NULL);
   g_ptr_array_add (args, NULL);
 
   execvpe (flatpak_get_bwrap (), (char **) args->pdata, NULL);
@@ -257,24 +255,24 @@ main (int argc, char *argv[])
   g_autoptr(GOptionContext) context = NULL;
   g_autoptr(GError) error = NULL;
 
-  context = g_option_context_new ("WIDTH HEIGHT PATH");
+  context = g_option_context_new (NULL);
   g_option_context_add_main_entries (context, entries, NULL);
   if (!g_option_context_parse (context, &argc, &argv, &error))
     {
       g_printerr ("Error: %s\n", error->message);
       return 1;
     }
 
-  if (argc != 4)
+  if (argc != 1)
     {
-      g_printerr ("Usage: %s [OPTION…] WIDTH HEIGHT PATH\n", argv[0]);
+      g_printerr ("Usage: %s [OPTION…]\n", argv[0]);
       return 1;
     }
 
 #ifdef HELPER
   if (opt_sandbox)
-    return rerun_in_sandbox (argv[1], argv[2], argv[3]);
+    return rerun_in_sandbox ();
   else
 #endif
-    return validate_icon (argv[1], argv[2], argv[3]);
+    return validate_icon ();
 }

src/xdp-utils.c

@@ -27,6 +27,7 @@
 #include <stdint.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/mman.h>
 
 #include <gio/gio.h>
 #include <gio/gunixoutputstream.h>
@@ -572,6 +573,75 @@ cleanup_temp_file (void *p)
   g_free (*pp);
 }
 
+#define VALIDATOR_INPUT_FD 3
+
+static GKeyFile *
+spawn_validator (const char* const* args,
+                 int                fd)
+{
+  g_autoptr(GError) error = NULL;
+  g_autoptr(GBytes) bytes_output = NULL;
+  g_autoptr(GKeyFile) key_file = NULL;
+  g_autoptr(GSubprocessLauncher) launcher = NULL;
+  g_autoptr(GMappedFile) mapped_output = NULL;
+  g_autoptr(GSubprocess) process = NULL;
+  xdp_autofd int input_fd = -1;
+  int output_fd = -1;
+  xdp_autofd int stdout_fd = -1;
+
+  stdout_fd = memfd_create("spawn-validator-stdout", 0);
+
+  if (stdout_fd == -1)
+    {
+      int saved_errno;
+
+      saved_errno = errno;
+      g_warning ("Failed to spawn subprocess: memfd_create: %s", g_strerror (saved_errno));
+      return NULL;
+    }
+
+  input_fd = dup(fd);
+  // We don't need to dup() it since it will life till the launcher is dropped
+  output_fd = stdout_fd;
+
+  /* Ensure that we read from the beginning of the file */
+  lseek(input_fd, 0, SEEK_SET);
+
+  launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_NONE);
+  g_subprocess_launcher_take_stdout_fd (launcher, xdp_steal_fd (&stdout_fd));
+  g_subprocess_launcher_take_fd (launcher, xdp_steal_fd (&input_fd), VALIDATOR_INPUT_FD);
+  process = g_subprocess_launcher_spawnv (launcher, args, &error);
+
+  if (!process)
+    {
+      g_warning ("Failed to spawn subprocess: %s", error->message);
+      return NULL;
+    }
+
+  if (!g_subprocess_wait_check (process, NULL, &error))
+    {
+      /* The child's stderr is automatically redirected to stderr, therefore no need to log it here. */
+      g_warning ("Failed to spawn subprocess: %s", error->message);
+      return NULL;
+    }
+
+  if (!(mapped_output = g_mapped_file_new_from_fd (output_fd, FALSE, &error)))
+    {
+      g_warning ("Failed to get output from subprocess: %s", error->message);
+      return NULL;
+    }
+
+  bytes_output = g_mapped_file_get_bytes (mapped_output);
+
+  key_file = g_key_file_new ();
+  if (!g_key_file_load_from_bytes (key_file, bytes_output, G_KEY_FILE_NONE, &error))
+    {
+      g_warning ("Icon validation: %s", error->message);
+      return NULL;
+    }
+  return g_steal_pointer (&key_file);
+}
+
 #define ICON_VALIDATOR_GROUP "Icon Validator"
 
 gboolean
@@ -585,17 +655,11 @@ xdp_validate_serialized_icon (GVariant  *v,
   __attribute__((cleanup(cleanup_temp_file))) char *name = NULL;
   xdp_autofd int fd = -1;
   g_autoptr(GOutputStream) stream = NULL;
-  int status;
   g_autofree char *format = NULL;
-  g_autofree char *stdoutlog = NULL;
-  g_autofree char *stderrlog = NULL;
   g_autoptr(GError) error = NULL;
   const char *icon_validator = LIBEXECDIR "/xdg-desktop-portal-validate-icon";
-  const char *args[6];
-  /* same allowed formats as Flatpak */
-  const char *allowed_icon_formats[] = { "png", "jpeg", "svg", NULL };
+  const char *args[3];
   int size;
-  const char *MAX_ICON_SIZE = "512";
   gconstpointer bytes_data;
   gsize bytes_len;
   g_autoptr(GKeyFile) key_file = NULL;
@@ -657,37 +721,21 @@ xdp_validate_serialized_icon (GVariant  *v,
 
   args[0] = icon_validator;
   args[1] = "--sandbox";
-  args[2] = MAX_ICON_SIZE;
-  args[3] = MAX_ICON_SIZE;
-  args[4] = name;
-  args[5] = NULL;
+  args[2] = NULL;
 
-  if (!g_spawn_sync (NULL, (char **)args, NULL, 0, NULL, NULL, &stdoutlog, &stderrlog, &status, &error))
-    {
-      g_warning ("Icon validation: %s", error->message);
-      g_warning ("stderr:\n%s\n", stderrlog);
-      return FALSE;
-    }
+  key_file = spawn_validator (args, fd);
 
-  if (!g_spawn_check_exit_status (status, &error))
+  if (!key_file)
     {
-      g_warning ("Icon validation: %s", error->message);
-      g_warning ("stderr:\n%s\n", stderrlog);
+      g_warning ("Icon validation: Rejecting icon because validator process failed");
       return FALSE;
     }
 
-  key_file = g_key_file_new ();
-  if (!g_key_file_load_from_data (key_file, stdoutlog, -1, G_KEY_FILE_NONE, &error))
+  if (!(format = g_key_file_get_string (key_file, ICON_VALIDATOR_GROUP, "format", &error)))
     {
       g_warning ("Icon validation: %s", error->message);
       return FALSE;
     }
-  if (!(format = g_key_file_get_string (key_file, ICON_VALIDATOR_GROUP, "format", &error)) ||
-      !g_strv_contains (allowed_icon_formats, format))
-    {
-      g_warning ("Icon validation: %s", error ? error->message : "not allowed format");
-      return FALSE;
-    }
   if (!(size = g_key_file_get_integer (key_file, ICON_VALIDATOR_GROUP, "width", &error)))
     {
       g_warning ("Icon validation: %s", error->message);