New generation of security and access (#652)

* New generation of security and access * Update const.py * Update validate.py * Update addon.py * Update validate.py * Fix name * Allow access * Fix * add logs * change message * add rating * fix lint * fix lint * fix * Fix
2025-12-24 12:29:08 +00:00 · 2018-08-16 22:49:08 +02:00
parent 85fbde8e36
commit ecd12732ee
9 changed files with 132 additions and 16 deletions
--- a/hassio/api/addons.py
+++ b/hassio/api/addons.py
@@ -6,6 +6,7 @@ import voluptuous as vol
 from voluptuous.humanize import humanize_error

 from .utils import api_process, api_process_raw, api_validate
+from ..addons.utils import rating_security
 from ..const import (
    ATTR_VERSION, ATTR_LAST_VERSION, ATTR_STATE, ATTR_BOOT, ATTR_OPTIONS,
    ATTR_URL, ATTR_DESCRIPTON, ATTR_DETACHED, ATTR_NAME, ATTR_REPOSITORY,
@@ -18,9 +19,11 @@ from ..const import (
    ATTR_CPU_PERCENT, ATTR_MEMORY_LIMIT, ATTR_MEMORY_USAGE, ATTR_NETWORK_TX,
    ATTR_NETWORK_RX, ATTR_BLK_READ, ATTR_BLK_WRITE, ATTR_ICON, ATTR_SERVICES,
    ATTR_DISCOVERY, ATTR_APPARMOR, ATTR_DEVICETREE, ATTR_DOCKER_API,
-    CONTENT_TYPE_PNG, CONTENT_TYPE_BINARY, CONTENT_TYPE_TEXT)
+    ATTR_FULL_ACCESS, ATTR_PROTECTED, ATTR_RATING,
+    CONTENT_TYPE_PNG, CONTENT_TYPE_BINARY, CONTENT_TYPE_TEXT, REQUEST_FROM)
 from ..coresys import CoreSysAttributes
 from ..validate import DOCKER_PORTS, ALSA_DEVICE
+from ..exceptions import APINotSupportedError

 _LOGGER = logging.getLogger(__name__)

@@ -35,6 +38,7 @@ SCHEMA_OPTIONS = vol.Schema({
    vol.Optional(ATTR_AUTO_UPDATE): vol.Boolean(),
    vol.Optional(ATTR_AUDIO_OUTPUT): ALSA_DEVICE,
    vol.Optional(ATTR_AUDIO_INPUT): ALSA_DEVICE,
+    vol.Optional(ATTR_PROTECTED): vol.Boolean(),
 })


@@ -116,6 +120,8 @@ class APIAddons(CoreSysAttributes):
            ATTR_REPOSITORY: addon.repository,
            ATTR_LAST_VERSION: addon.last_version,
            ATTR_STATE: await addon.state(),
+            ATTR_PROTECTED: addon.protected,
+            ATTR_RATING: rating_security(addon),
            ATTR_BOOT: addon.boot,
            ATTR_OPTIONS: addon.options,
            ATTR_URL: addon.url,
@@ -126,6 +132,7 @@ class APIAddons(CoreSysAttributes):
            ATTR_HOST_IPC: addon.host_ipc,
            ATTR_HOST_DBUS: addon.host_dbus,
            ATTR_PRIVILEGED: addon.privileged,
+            ATTR_FULL_ACCESS: addon.with_full_access,
            ATTR_APPARMOR: addon.apparmor,
            ATTR_DEVICES: self._pretty_devices(addon),
            ATTR_ICON: addon.with_icon,
@@ -137,7 +144,7 @@ class APIAddons(CoreSysAttributes):
            ATTR_HOMEASSISTANT_API: addon.access_homeassistant_api,
            ATTR_GPIO: addon.with_gpio,
            ATTR_DEVICETREE: addon.with_devicetree,
-            ATTR_DOCKER_API: addon.with_docker_api,
+            ATTR_DOCKER_API: addon.access_docker_api,
            ATTR_AUDIO: addon.with_audio,
            ATTR_AUDIO_INPUT: addon.audio_input,
            ATTR_AUDIO_OUTPUT: addon.audio_output,
@@ -150,6 +157,11 @@ class APIAddons(CoreSysAttributes):
        """Store user options for addon."""
        addon = self._extract_addon(request)

+        # Have Access
+        if addon.slug == request[REQUEST_FROM]:
+            _LOGGER.error("Add-on can't self modify his options!")
+            raise APINotSupportedError()
+
        addon_schema = SCHEMA_OPTIONS.extend({
            vol.Optional(ATTR_OPTIONS): vol.Any(None, addon.schema),
        })
@@ -168,6 +180,9 @@ class APIAddons(CoreSysAttributes):
            addon.audio_input = body[ATTR_AUDIO_INPUT]
        if ATTR_AUDIO_OUTPUT in body:
            addon.audio_output = body[ATTR_AUDIO_OUTPUT]
+        if ATTR_PROTECTED in body:
+            _LOGGER.warning("Protected flag changing for %s!", addon.slug)
+            addon.protected = body[ATTR_PROTECTED]

        addon.save_data()
        return True