mirrors/raycast-linux
1
0
Fork 0
mirror of https://github.com/ByteAtATime/raycast-linux.git synced 2025-09-01 03:37:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat: use linux capabilities to set up file permissions

Browse source
This commit is contained in:
ByteAtATime 2025-07-12 18:42:36 -07:00
parent 7b2720b8c2
commit ed0303806d
No known key found for this signature in database
6 changed files with 50 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src-tauri/Cargo.lock generated
View file

@ -649,6 +649,16 @@ dependencies = [
"serde", "serde",
] ]
[[package]]
name = "caps"
version = "0.5.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "190baaad529bcfbde9e1a19022c42781bdb6ff9de25721abdb8fd98c0807730b"
dependencies = [
"libc",
"thiserror 1.0.69",
]
[[package]] [[package]]
name = "cargo-platform" name = "cargo-platform"
version = "0.1.9" version = "0.1.9"
@ -4603,6 +4613,7 @@ dependencies = [
"arboard", "arboard",
"bincode", "bincode",
"bytes", "bytes",
"caps",
"chrono", "chrono",
"enigo 0.5.0", "enigo 0.5.0",
"evdev", "evdev",

1
src-tauri/Cargo.toml
View file

@ -64,6 +64,7 @@ notify = "6.1.1"
notify-debouncer-full = "0.3.1" notify-debouncer-full = "0.3.1"
percent-encoding = "2.3.1" percent-encoding = "2.3.1"
tauri-plugin-os = "2" tauri-plugin-os = "2"
caps = "0.5.5"
[target.'cfg(not(any(target_os = "android", target_os = "ios")))'.dependencies] [target.'cfg(not(any(target_os = "android", target_os = "ios")))'.dependencies]
tauri-plugin-global-shortcut = "2" tauri-plugin-global-shortcut = "2"

17
src-tauri/src/capabilities/linux.rs Normal file
View file

@ -0,0 +1,17 @@
use anyhow::Result;
use caps::{CapSet, Capability};
pub fn grant_capability() -> Result<()> {
caps::raise(None, CapSet::Effective, Capability::CAP_DAC_OVERRIDE)?;
Ok(())
}
pub fn revoke_capability() -> Result<()> {
caps::clear(None, CapSet::Effective)?;
caps::clear(None, CapSet::Permitted)?;
Ok(())
}
pub fn can_use_capability() -> bool {
caps::has_cap(None, CapSet::Permitted, Capability::CAP_DAC_OVERRIDE).unwrap_or(false)
}

2
src-tauri/src/capabilities/mod.rs Normal file
View file

@ -0,0 +1,2 @@
#[cfg(target_os = "linux")]
pub mod linux;

1
src-tauri/src/lib.rs
View file

@ -2,6 +2,7 @@ mod ai;
mod app; mod app;
mod browser_extension; mod browser_extension;
mod cache; mod cache;
mod capabilities;
mod clipboard; mod clipboard;
pub mod clipboard_history; pub mod clipboard_history;
mod desktop; mod desktop;

20
src-tauri/src/snippets/input_manager.rs
View file

@ -9,6 +9,8 @@ use std::sync::{atomic::Ordering, Arc, Mutex};
use std::thread; use std::thread;
use std::time::Duration; use std::time::Duration;
#[cfg(target_os = "linux")]
use crate::capabilities;
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
use evdev::{uinput::VirtualDevice, KeyCode}; use evdev::{uinput::VirtualDevice, KeyCode};
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
@ -305,8 +307,22 @@ impl EvdevInputManager {
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
impl InputManager for EvdevInputManager { impl InputManager for EvdevInputManager {
fn start_listening(&self, callback: Box<dyn Fn(InputEvent) + Send + Sync>) -> Result<()> { fn start_listening(&self, callback: Box<dyn Fn(InputEvent) + Send + Sync>) -> Result<()> {
let devices = evdev::enumerate() let has_granted_capabilities = if capabilities::linux::can_use_capability() {
.map(|t| t.1) capabilities::linux::grant_capability().is_ok()
} else {
false
};
let devices: Vec<_> = evdev::enumerate().map(|(_, device)| device).collect();
if has_granted_capabilities {
if let Err(e) = capabilities::linux::revoke_capability() {
eprintln!("[Warning] Could not revoke capabilities: {}", e);
}
}
let devices = devices
.into_iter()
.filter(|d| { .filter(|d| {
d.supported_keys() d.supported_keys()
.map_or(false, |keys| keys.contains(evdev::KeyCode::KEY_ENTER)) .map_or(false, |keys| keys.contains(evdev::KeyCode::KEY_ENTER))