xdg-autostart: Add readOnly option (#6629)

When `readOnly` is set to `true` the autostart entries are linked from
a readonly directory in the nix store and `XDG_CONFIG_HOME/autostart` is
a link to that directory, so that programs cannot install arbitrary
autostart services.

modules/misc/xdg-autostart.nix

@@ -1,25 +1,31 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   inherit (builtins) baseNameOf listToAttrs map unsafeDiscardStringContext;
   inherit (lib) literalExpression mkEnableOption mkIf mkOption types;
 
   cfg = config.xdg.autostart;
 
-  /* "/nix/store/x-foo/application.desktop" -> {
-       name = "autostart/application.desktop";
-       value = { source = "/nix/store/x-foo/application.desktop"; };
-     }
-  */
-  mapDesktopEntry = entry: {
-    name = "autostart/${unsafeDiscardStringContext (baseNameOf entry)}";
-    value.source = entry;
-  };
+  linkedDesktopEntries = pkgs.runCommandNoCCLocal "xdg-autostart-entries" { } ''
+    mkdir -p $out
+    ${lib.concatMapStringsSep "\n" (e: "ln -s ${e} $out") cfg.entries}
+  '';
+
 in {
   meta.maintainers = with lib.maintainers; [ Scrumplex ];
 
   options.xdg.autostart = {
     enable = mkEnableOption "creation of XDG autostart entries";
 
+    readOnly = mkOption {
+      type = lib.types.bool;
+      description = ''
+        Make `XDG_CONFIG_HOME/autostart` a symlink to a readonly directory so that
+        programs cannot install arbitrary autostart services.
+      '';
+      default = false;
+      example = true;
+    };
+
     entries = mkOption {
       type = with types; listOf path;
       description = ''
@@ -35,6 +41,9 @@ in {
   };
 
   config = mkIf (cfg.enable && cfg.entries != [ ]) {
-    xdg.configFile = listToAttrs (map mapDesktopEntry cfg.entries);
+    xdg.configFile.autostart = {
+      source = linkedDesktopEntries;
+      recursive = !cfg.readOnly;
+    };
   };
 }

tests/modules/misc/xdg/autostart-readonly.nix

@@ -0,0 +1,41 @@
+{ pkgs, ... }:
+
+{
+  xdg.autostart = {
+    enable = true;
+    readOnly = true;
+    entries = [
+      "${pkgs.test1}/share/applications/test1.desktop"
+      "${pkgs.test2}/share/applications/test2.desktop"
+    ];
+  };
+
+  test.stubs = {
+    test1 = {
+      outPath = null;
+      buildScript = ''
+        mkdir -p $out/share/applications
+        echo test1 > $out/share/applications/test1.desktop
+      '';
+    };
+    test2 = {
+      outPath = null;
+      buildScript = ''
+        mkdir -p $out/share/applications
+        echo test2 > $out/share/applications/test2.desktop
+      '';
+    };
+  };
+
+  nmt.script = ''
+    assertLinkExists home-files/.config/autostart
+
+    assertFileExists home-files/.config/autostart/test1.desktop
+    assertFileContent home-files/.config/autostart/test1.desktop \
+      ${pkgs.test1}/share/applications/test1.desktop
+
+    assertFileExists home-files/.config/autostart/test2.desktop
+    assertFileContent home-files/.config/autostart/test2.desktop \
+      ${pkgs.test2}/share/applications/test2.desktop
+  '';
+}

tests/modules/misc/xdg/autostart.nix

@@ -27,6 +27,8 @@
   };
 
   nmt.script = ''
+    assertDirectoryExists home-files/.config/autostart
+
     assertFileExists home-files/.config/autostart/test1.desktop
     assertFileContent home-files/.config/autostart/test1.desktop \
       ${pkgs.test1}/share/applications/test1.desktop

tests/modules/misc/xdg/default.nix

@@ -3,4 +3,5 @@
   xdg-default-locations = ./default-locations.nix;
   xdg-mime-disabled = ./mime-disabled.nix;
   xdg-autostart = ./autostart.nix;
+  xdg-autostart-readonly = ./autostart-readonly.nix;
 }