auth: check when setting statistics refresh rate

2016-08-10 11:54:32 +02:00
parent 24b193ab64
commit 6fb0de0a8b
9 changed files with 40 additions and 2 deletions
--- a/clients/cli/general.c
+++ b/clients/cli/general.c
@@ -439,6 +439,8 @@ permission_to_string (NMClientPermission perm)
 		return NM_AUTH_PERMISSION_RELOAD;
 	case NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK:
 		return NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK;
+	case NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS:
+		return NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
 	default:
 		return _("unknown");
 	}
--- a/libnm-glib/nm-client.c
+++ b/libnm-glib/nm-client.c
@@ -240,6 +240,8 @@ nm_permission_to_client (const char *nm)
 		return NM_CLIENT_PERMISSION_RELOAD;
 	else if (!strcmp (nm, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK))
 		return NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK;
+	else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS))
+		return NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS;

 	return NM_CLIENT_PERMISSION_NONE;
 }
--- a/libnm-glib/nm-client.h
+++ b/libnm-glib/nm-client.h
@@ -89,6 +89,8 @@ G_BEGIN_DECLS
 * @NM_CLIENT_PERMISSION_RELOAD: controls access to Reload.
 *  persistent hostname can be changed
 * @NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK: permission to create checkpoints.
+ * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS: controls whether device
+ *  statistics can be globally enabled or disabled
 * @NM_CLIENT_PERMISSION_LAST: a reserved boundary value
 *
 * #NMClientPermission values indicate various permissions that NetworkManager
@@ -110,8 +112,9 @@ typedef enum {
 	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS = 12,
 	NM_CLIENT_PERMISSION_RELOAD = 13,
 	NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK = 14,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS = 15,

-	NM_CLIENT_PERMISSION_LAST = 14,
+	NM_CLIENT_PERMISSION_LAST = 15,
 } NMClientPermission;

 /**
--- a/libnm/nm-client.h
+++ b/libnm/nm-client.h
@@ -98,6 +98,8 @@ G_BEGIN_DECLS
 *  DNS configuration
 * @NM_CLIENT_PERMISSION_RELOAD: controls access to Reload.
 * @NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK: permission to create checkpoints.
+ * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS: controls whether device
+ *  statistics can be globally enabled or disabled
 * @NM_CLIENT_PERMISSION_LAST: a reserved boundary value
 *
 * #NMClientPermission values indicate various permissions that NetworkManager
@@ -119,8 +121,9 @@ typedef enum {
 	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS = 12,
 	NM_CLIENT_PERMISSION_RELOAD = 13,
 	NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK = 14,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS = 15,

-	NM_CLIENT_PERMISSION_LAST = 14,
+	NM_CLIENT_PERMISSION_LAST = 15,
 } NMClientPermission;

 /**
--- a/libnm/nm-manager.c
+++ b/libnm/nm-manager.c
@@ -234,6 +234,8 @@ nm_permission_to_client (const char *nm)
 		return NM_CLIENT_PERMISSION_RELOAD;
 	else if (!strcmp (nm, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK))
 		return NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK;
+	else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS))
+		return NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS;

 	return NM_CLIENT_PERMISSION_NONE;
 }
--- a/policy/org.freedesktop.NetworkManager.policy.in.in
+++ b/policy/org.freedesktop.NetworkManager.policy.in.in
@@ -142,5 +142,14 @@
    </defaults>
  </action>

+  <action id="org.freedesktop.NetworkManager.enable-disable-statistics">
+    <_description>Enable or disable device statistics</_description>
+    <_message>System policy prevents enabling or disabling device statistics</_message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
 </policyconfig>

--- a/shared/nm-common-macros.h
+++ b/shared/nm-common-macros.h
@@ -38,6 +38,7 @@
 #define NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS "org.freedesktop.NetworkManager.settings.modify.global-dns"
 #define NM_AUTH_PERMISSION_RELOAD                     "org.freedesktop.NetworkManager.reload"
 #define NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK        "org.freedesktop.NetworkManager.checkpoint-rollback"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS  "org.freedesktop.NetworkManager.enable-disable-statistics"

 #define NM_CLONED_MAC_PRESERVE                          "preserve"
 #define NM_CLONED_MAC_PERMANENT                         "permanent"
--- a/src/nm-audit-manager.h
+++ b/src/nm-audit-manager.h
@@ -57,6 +57,7 @@ typedef struct {
 #define NM_AUDIT_OP_SLEEP_CONTROL           "sleep-control"
 #define NM_AUDIT_OP_NET_CONTROL             "networking-control"
 #define NM_AUDIT_OP_RADIO_CONTROL           "radio-control"
+#define NM_AUDIT_OP_STATISTICS              "statistics"

 #define NM_AUDIT_OP_DEVICE_AUTOCONNECT      "device-autoconnect"
 #define NM_AUDIT_OP_DEVICE_DISCONNECT       "device-disconnect"
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -4415,6 +4415,7 @@ get_permissions_done_cb (NMAuthChain *chain,
 		get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS);
 		get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_RELOAD);
 		get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK);
+		get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS);

 		g_dbus_method_invocation_return_value (context,
 		                                       g_variant_new ("(a{ss})", &results));
@@ -4455,6 +4456,7 @@ impl_manager_get_permissions (NMManager *self,
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS, FALSE);
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_RELOAD, FALSE);
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK, FALSE);
+	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS, FALSE);
 }

 static void
@@ -4915,6 +4917,10 @@ prop_set_auth_done_cb (NMAuthChain *chain,
 		/* ... but set the property on the @object itself. It would be correct to set the property
 		 * on the skeleton interface, but as it is now, the result is the same. */
 		g_object_set (object, pfd->glib_propname, value, NULL);
+	} else if (!strcmp (pfd->glib_propname, NM_DEVICE_STATISTICS_REFRESH_RATE_MS)) {
+		g_assert (g_variant_is_of_type (value, G_VARIANT_TYPE_UINT32));
+		/* the same here */
+		g_object_set (object, pfd->glib_propname, g_variant_get_uint32 (value), NULL);
 	} else {
 		g_assert (g_variant_is_of_type (value, G_VARIANT_TYPE_BOOLEAN));
 		/* the same here */
@@ -5049,6 +5055,15 @@ prop_filter (GDBusConnection *connection,
 		} else
 			return message;
 		interface_type = NMDBUS_TYPE_DEVICE_SKELETON;
+	} else if (!strcmp (propiface, NM_DBUS_INTERFACE_DEVICE_STATISTICS)) {
+		if (!strcmp (propname, "RefreshRateMs")) {
+			glib_propname = NM_DEVICE_STATISTICS_REFRESH_RATE_MS;
+			permission = NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
+			audit_op = NM_AUDIT_OP_STATISTICS;
+			expected_type = G_VARIANT_TYPE ("u");
+		} else
+			return message;
+		interface_type = NMDBUS_TYPE_DEVICE_SKELETON;
 	} else
 		return message;