From 0fd2cbbc9db63b7d7348202af2d1001c191a16ef Mon Sep 17 00:00:00 2001
From: CismonX <admin@cismon.net>
Date: Wed, 26 Feb 2025 14:06:18 +0800
Subject: [PATCH] backend_firefox: no db_check() in sandbox mode

Following commit 35d4a93a41, now only perform `PRAGMA quick_check`
in non-sandbox mode before querying data on the database.

Although in practice SQLite does well in terms of memory safety,
most likely way better than BookmarkFS itself, we consider
sandboxing a stronger security guarantee than `PRAGMA quick_check`.
---
 src/backend_firefox.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/backend_firefox.c b/src/backend_firefox.c
index d20b402..106ccae 100644
--- a/src/backend_firefox.c
+++ b/src/backend_firefox.c
@@ -2843,13 +2843,13 @@ backend_create (
     if (0 != db_pragma(db, pragmas, DB_PRAGMA_ITEMS_CNT(pragmas))) {
         goto close_db;
     }
-    if (0 != db_check(db)) {
-        goto close_db;
-    }
 
     uint64_t bookmarks_root_id = UINT64_MAX;
     uint64_t tags_root_id      = UINT64_MAX;
     if (conf->flags & BOOKMARKFS_BACKEND_NO_SANDBOX) {
+        if (0 != db_check(db)) {
+            goto close_db;
+        }
         // Defer initialization in sandbox mode, so that
         // user-provided data is only read after entering sandbox.
         if (0 != store_init(db, &bookmarks_root_id, &tags_root_id)) {