diff --git a/panels/notification/server/configs/org.deepin.dde.shell.notification.json b/panels/notification/server/configs/org.deepin.dde.shell.notification.json index d56239c4d..65f2b8b25 100644 --- a/panels/notification/server/configs/org.deepin.dde.shell.notification.json +++ b/panels/notification/server/configs/org.deepin.dde.shell.notification.json @@ -155,6 +155,17 @@ "description[zh_CN]": "通知自动清理的天数,超过此天数的通知将被自动删除", "permissions": "readwrite", "visibility": "public" + }, + "safeCommands": { + "value": ["xdg-open","dbus-send","qdbus","deepin-defender","dde-control-center","downloader","dde-file-manager","dde-dconfig","/usr/lib/deepin-daemon/dde-bluetooth-dialog","/usr/bin/dde-hints-dialog","/usr/bin/deepin-devicemanager"], + "serial": 0, + "flags": [], + "name": "safe commands", + "name[zh_CN]": "安全指令", + "description": "safe commands", + "description[zh_CN]": "通知扩展的x-deepin-action-携带的指令白名单", + "permissions": "readonly", + "visibility": "private" } } } diff --git a/panels/notification/server/notificationmanager.cpp b/panels/notification/server/notificationmanager.cpp index 73c7fcc1b..656cd8338 100644 --- a/panels/notification/server/notificationmanager.cpp +++ b/panels/notification/server/notificationmanager.cpp @@ -533,6 +533,14 @@ void NotificationManager::doActionInvoked(const NotifyEntity &entity, const QStr if (!args.isEmpty()) { QString cmd = args.takeFirst(); // 命令 + QScopedPointer config(DConfig::create("org.deepin.dde.shell", "org.deepin.dde.shell.notification")); + QStringList safeCommands = config->value("safeCommands").toStringList(); + + if (!safeCommands.contains(cmd)) { + qWarning(notifyLog) << "The command is not allowed to be executed:" << cmd << safeCommands; + return; + } + QProcess pro; pro.setProgram(cmd); pro.setArguments(args);