main: Check whether user is allowed to claim a sensor
Check whether a particular user/D-Bus client is allowed to claim a sensor. The ClaimCompass method on net.hadess.SensorProxy.Compass doesn't have a check as only the geoclue user is allowed to access this interface, as per the D-Bus configuration.
This commit is contained in:
Bastien Nocera
@@ -8,6 +8,7 @@ variables:
|
||||
pkgconfig(systemd)
|
||||
pkgconfig(gio-2.0)
|
||||
pkgconfig(gudev-1.0)
|
||||
pkgconfig(polkit-gobject-1)
|
||||
systemd
|
||||
gtk3-devel
|
||||
meson
|
||||
|
||||
@@ -12,7 +12,7 @@ Installation
|
||||
$ meson _build -Dprefix=/usr
|
||||
$ ninja -v -C _build install
|
||||
```
|
||||
It requires libgudev and systemd (>= 233 for the accelerometer quirks).
|
||||
It requires libgudev, systemd (>= 233 for the accelerometer quirks) and polkit-gobject.
|
||||
|
||||
Usage
|
||||
-----
|
||||
@@ -106,7 +106,7 @@ correct that reading to match the expected orientation, whether:
|
||||
x_2 & y_2 & z_2\\
|
||||
x_3 & y_3 & z_3\\
|
||||
\end{array} } \right]
|
||||
=
|
||||
=
|
||||
\left[ {\begin{array}{ccc}
|
||||
corrected~x & corrected~y & corrected~z\\
|
||||
\end{array} } \right]
|
||||
|
||||
@@ -44,6 +44,8 @@ if get_option('gtk-tests')
|
||||
endif
|
||||
gio_dep = dependency('gio-2.0')
|
||||
gudev_dep = dependency('gudev-1.0', version: '>= 237')
|
||||
polkit_gobject_dep = dependency('polkit-gobject-1', version: '>= 0.91')
|
||||
polkit_policy_directory = polkit_gobject_dep.get_pkgconfig_variable('policydir')
|
||||
|
||||
xmllint = find_program('xmllint', required: false)
|
||||
|
||||
|
||||
@@ -19,6 +19,7 @@
|
||||
|
||||
#include <gio/gio.h>
|
||||
#include <gudev/gudev.h>
|
||||
#include <polkit/polkit.h>
|
||||
#include "drivers.h"
|
||||
#include "orientation.h"
|
||||
|
||||
@@ -40,6 +41,8 @@ typedef struct {
|
||||
guint name_id;
|
||||
int ret;
|
||||
|
||||
PolkitAuthority *auth;
|
||||
|
||||
SensorDriver *drivers[NUM_SENSOR_TYPES];
|
||||
SensorDevice *devices[NUM_SENSOR_TYPES];
|
||||
GUdevDevice *udev_devices[NUM_SENSOR_TYPES];
|
||||
@@ -428,6 +431,34 @@ client_vanished_cb (GDBusConnection *connection,
|
||||
g_free (sender);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
check_claim_permission (SensorData *data,
|
||||
const char *sender,
|
||||
GError **error)
|
||||
{
|
||||
g_autoptr(GError) local_error = NULL;
|
||||
g_autoptr(PolkitAuthorizationResult) result = NULL;
|
||||
g_autoptr(PolkitSubject) subject = NULL;
|
||||
|
||||
subject = polkit_system_bus_name_new (sender);
|
||||
result = polkit_authority_check_authorization_sync (data->auth,
|
||||
subject,
|
||||
"net.hadess.SensorProxy.claim-sensor",
|
||||
NULL,
|
||||
POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
|
||||
NULL, &local_error);
|
||||
if (result == NULL ||
|
||||
!polkit_authorization_result_get_is_authorized (result))
|
||||
{
|
||||
g_set_error (error, G_DBUS_ERROR,
|
||||
G_DBUS_ERROR_ACCESS_DENIED,
|
||||
"Not Authorized: %s", local_error ? local_error->message : "Sensor claim not allowed");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static void
|
||||
handle_generic_method_call (SensorData *data,
|
||||
const gchar *sender,
|
||||
@@ -489,6 +520,7 @@ handle_method_call (GDBusConnection *connection,
|
||||
{
|
||||
SensorData *data = user_data;
|
||||
DriverType driver_type;
|
||||
g_autoptr(GError) error = NULL;
|
||||
|
||||
if (g_strcmp0 (method_name, "ClaimAccelerometer") == 0 ||
|
||||
g_strcmp0 (method_name, "ReleaseAccelerometer") == 0)
|
||||
@@ -508,6 +540,11 @@ handle_method_call (GDBusConnection *connection,
|
||||
return;
|
||||
}
|
||||
|
||||
if (!check_claim_permission (data, sender, &error)) {
|
||||
g_dbus_method_invocation_return_gerror (invocation, error);
|
||||
return;
|
||||
}
|
||||
|
||||
handle_generic_method_call (data, sender, object_path,
|
||||
interface_name, method_name,
|
||||
parameters, invocation, driver_type);
|
||||
@@ -863,6 +900,7 @@ free_sensor_data (SensorData *data)
|
||||
g_clear_pointer (&data->clients[i], g_hash_table_unref);
|
||||
}
|
||||
|
||||
g_clear_object (&data->auth);
|
||||
g_clear_pointer (&data->introspection_data, g_dbus_node_info_unref);
|
||||
g_clear_object (&data->connection);
|
||||
g_clear_object (&data->client);
|
||||
@@ -974,6 +1012,7 @@ int main (int argc, char **argv)
|
||||
/* Set up D-Bus */
|
||||
setup_dbus (data, replace);
|
||||
|
||||
data->auth = polkit_authority_get_sync (NULL, NULL);
|
||||
data->loop = g_main_loop_new (NULL, TRUE);
|
||||
g_main_loop_run (data->loop);
|
||||
ret = data->ret;
|
||||
|
||||
@@ -5,7 +5,7 @@ config_h_files = configure_file(
|
||||
configuration: config_h
|
||||
)
|
||||
|
||||
deps = [ gio_dep, gudev_dep, mathlib_dep ]
|
||||
deps = [ gio_dep, gudev_dep, mathlib_dep, polkit_gobject_dep ]
|
||||
|
||||
resources = gnome.compile_resources(
|
||||
'iio-sensor-proxy-resources', 'iio-sensor-proxy.gresource.xml',
|
||||
|
||||
Reference in New Issue
Block a user