From 5304767bdc904de560990479797f5beec192f5d7 Mon Sep 17 00:00:00 2001 From: grorp Date: Wed, 1 Jan 2025 21:52:42 +0100 Subject: [PATCH] Only give necessary permissions to new pause menu env --- src/script/scripting_mainmenu.h | 3 +-- src/script/scripting_pause_menu.cpp | 14 +++++++++++++- src/script/scripting_pause_menu.h | 6 +----- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/script/scripting_mainmenu.h b/src/script/scripting_mainmenu.h index 398e34d9f..f56c67727 100644 --- a/src/script/scripting_mainmenu.h +++ b/src/script/scripting_mainmenu.h @@ -40,8 +40,7 @@ public: protected: bool checkPathInternal(const std::string &abs_path, bool write_required, - bool *write_allowed) override - { + bool *write_allowed) override { return checkPathAccess(abs_path, write_required, write_allowed); } diff --git a/src/script/scripting_pause_menu.cpp b/src/script/scripting_pause_menu.cpp index ebcc55d2b..296f040cc 100644 --- a/src/script/scripting_pause_menu.cpp +++ b/src/script/scripting_pause_menu.cpp @@ -50,6 +50,18 @@ void PauseMenuScripting::initializeModApi(lua_State *L, int top) void PauseMenuScripting::loadBuiltin() { - loadScript(porting::path_share + DIR_DELIM + "builtin" + DIR_DELIM + "init.lua"); + loadScript(porting::path_share + DIR_DELIM "builtin" DIR_DELIM "init.lua"); checkSetByBuiltin(); } + +bool PauseMenuScripting::checkPathInternal(const std::string &abs_path, bool write_required, + bool *write_allowed) +{ + // NOTE: The pause menu env is on the same level of trust as the mainmenu env. + // However, since it doesn't need anything else at the moment, there's no + // reason to give it access to anything else. + + std::string path_share = fs::AbsolutePathPartial(porting::path_share); + return !write_required && + fs::PathStartsWith(abs_path, path_share + DIR_DELIM "builtin"); +} diff --git a/src/script/scripting_pause_menu.h b/src/script/scripting_pause_menu.h index d5f477d10..aeb1e65b6 100644 --- a/src/script/scripting_pause_menu.h +++ b/src/script/scripting_pause_menu.h @@ -8,7 +8,6 @@ #include "cpp_api/s_client_common.h" #include "cpp_api/s_pause_menu.h" #include "cpp_api/s_security.h" -#include "scripting_mainmenu.h" class PauseMenuScripting: virtual public ScriptApiBase, @@ -22,10 +21,7 @@ public: protected: bool checkPathInternal(const std::string &abs_path, bool write_required, - bool *write_allowed) override - { - return MainMenuScripting::checkPathAccess(abs_path, write_required, write_allowed); - } + bool *write_allowed) override; private: void initializeModApi(lua_State *L, int top);