LaunchServer+LibDesktop: Add unveil-like mechanism for LaunchServer

Clients of LaunchServer can now provide a list of allowed handlers, optionally with a specific set of URLs. The list can be sealed to prevent future additions to it. If LaunchServer receives a request to open something not on the allowed handlers list, it will disconnect the client immediately. The main idea here is to allow otherwise restricted programs to launch specific things, e.g "Help" to open their manual, or "Browser" to load the SerenityOS home page. :^)
2025-05-31 06:58:11 +00:00 · 2021-01-03 11:39:33 +01:00 · 2021-01-03 11:39:33 +01:00 · 1f1763c37a
commit 1f1763c37a
parent 8b2e7628fa
5 changed files with 123 additions and 6 deletions
--- a/Services/LaunchServer/ClientConnection.cpp
+++ b/Services/LaunchServer/ClientConnection.cpp
@ -55,6 +55,22 @@ OwnPtr<Messages::LaunchServer::GreetResponse> ClientConnection::handle(const Mes

 OwnPtr<Messages::LaunchServer::OpenURLResponse> ClientConnection::handle(const Messages::LaunchServer::OpenURL& request)
 {
+    if (!m_allowed_handlers.is_empty()) {
+        bool allowed = false;
+        for (auto& allowed_handler : m_allowed_handlers) {
+            if (allowed_handler.handler_name == request.handler_name()
+                && (allowed_handler.any_url || allowed_handler.urls.contains_slow(request.url()))) {
+                allowed = true;
+                break;
+            }
+        }
+        if (!allowed) {
+            // You are not on the list, go home!
+            did_misbehave(String::formatted("Client requested a combination of handler/URL that was not on the list: '{}' with '{}'", request.handler_name(), request.url()).characters());
+            return nullptr;
+        }
+    }
+
    URL url(request.url());
    auto result = Launcher::the().open_url(url, request.handler_name());
    return make<Messages::LaunchServer::OpenURLResponse>(result);
@ -74,4 +90,53 @@ OwnPtr<Messages::LaunchServer::GetHandlersWithDetailsForURLResponse> ClientConne
    return make<Messages::LaunchServer::GetHandlersWithDetailsForURLResponse>(result);
 }

+OwnPtr<Messages::LaunchServer::AddAllowedHandlerWithAnyURLResponse> ClientConnection::handle(const Messages::LaunchServer::AddAllowedHandlerWithAnyURL& request)
+{
+    if (m_allowed_handler_list_is_sealed) {
+        did_misbehave("Got request to add more allowed handlers after list was sealed");
+        return nullptr;
+    }
+
+    if (request.handler_name().is_empty()) {
+        did_misbehave("Got request to allow empty handler name");
+        return nullptr;
+    }
+
+    m_allowed_handlers.empend(request.handler_name(), true, Vector<URL>());
+
+    return make<Messages::LaunchServer::AddAllowedHandlerWithAnyURLResponse>();
+}
+
+OwnPtr<Messages::LaunchServer::AddAllowedHandlerWithOnlySpecificURLsResponse> ClientConnection::handle(const Messages::LaunchServer::AddAllowedHandlerWithOnlySpecificURLs& request)
+{
+    if (m_allowed_handler_list_is_sealed) {
+        did_misbehave("Got request to add more allowed handlers after list was sealed");
+        return nullptr;
+    }
+
+    if (request.handler_name().is_empty()) {
+        did_misbehave("Got request to allow empty handler name");
+        return nullptr;
+    }
+
+    if (request.urls().is_empty()) {
+        did_misbehave("Got request to allow empty URL list");
+        return nullptr;
+    }
+
+    m_allowed_handlers.empend(request.handler_name(), false, request.urls());
+
+    return make<Messages::LaunchServer::AddAllowedHandlerWithOnlySpecificURLsResponse>();
+}
+
+OwnPtr<Messages::LaunchServer::SealAllowedHandlersListResponse> ClientConnection::handle(const Messages::LaunchServer::SealAllowedHandlersList&)
+{
+    if (m_allowed_handler_list_is_sealed) {
+        did_misbehave("Got more than one request to seal the allowed handlers list");
+        return nullptr;
+    }
+
+    return make<Messages::LaunchServer::SealAllowedHandlersListResponse>();
+}
+
 }