colin/iio-sensor-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

main: Check whether user is allowed to claim a sensor

Browse Source 
Check whether a particular user/D-Bus client is allowed to claim a
sensor.

The ClaimCompass method on net.hadess.SensorProxy.Compass doesn't have a
check as only the geoclue user is allowed to access this interface, as
per the D-Bus configuration.
This commit is contained in:
Bastien Nocera
2021-09-29 11:30:52 +02:00
parent abd16b5911
commit 0b1574d0eb
5 changed files with 45 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitlab-ci.yml
View File

@@ -8,6 +8,7 @@ variables:
pkgconfig(systemd) pkgconfig(systemd)
pkgconfig(gio-2.0) pkgconfig(gio-2.0)
pkgconfig(gudev-1.0) pkgconfig(gudev-1.0)
pkgconfig(polkit-gobject-1)
systemd systemd
gtk3-devel gtk3-devel
meson meson

4
README.md
View File

@@ -12,7 +12,7 @@ Installation
$ meson _build -Dprefix=/usr $ meson _build -Dprefix=/usr
$ ninja -v -C _build install $ ninja -v -C _build install
``` ```
It requires libgudev and systemd (>= 233 for the accelerometer quirks). It requires libgudev, systemd (>= 233 for the accelerometer quirks) and polkit-gobject.
Usage Usage
----- -----
@@ -106,7 +106,7 @@ correct that reading to match the expected orientation, whether:
x_2 & y_2 & z_2\\ x_2 & y_2 & z_2\\
x_3 & y_3 & z_3\\ x_3 & y_3 & z_3\\
\end{array} } \right] \end{array} } \right]
= =
\left[ {\begin{array}{ccc} \left[ {\begin{array}{ccc}
corrected~x & corrected~y & corrected~z\\ corrected~x & corrected~y & corrected~z\\
\end{array} } \right] \end{array} } \right]

2
meson.build
View File

@@ -44,6 +44,8 @@ if get_option('gtk-tests')
endif endif
gio_dep = dependency('gio-2.0') gio_dep = dependency('gio-2.0')
gudev_dep = dependency('gudev-1.0', version: '>= 237') gudev_dep = dependency('gudev-1.0', version: '>= 237')
polkit_gobject_dep = dependency('polkit-gobject-1', version: '>= 0.91')
polkit_policy_directory = polkit_gobject_dep.get_pkgconfig_variable('policydir')
xmllint = find_program('xmllint', required: false) xmllint = find_program('xmllint', required: false)

39
src/iio-sensor-proxy.c
View File

@@ -19,6 +19,7 @@
#include <gio/gio.h> #include <gio/gio.h>
#include <gudev/gudev.h> #include <gudev/gudev.h>
#include <polkit/polkit.h>
#include "drivers.h" #include "drivers.h"
#include "orientation.h" #include "orientation.h"
@@ -40,6 +41,8 @@ typedef struct {
guint name_id; guint name_id;
int ret; int ret;
PolkitAuthority *auth;
SensorDriver *drivers[NUM_SENSOR_TYPES]; SensorDriver *drivers[NUM_SENSOR_TYPES];
SensorDevice *devices[NUM_SENSOR_TYPES]; SensorDevice *devices[NUM_SENSOR_TYPES];
GUdevDevice *udev_devices[NUM_SENSOR_TYPES]; GUdevDevice *udev_devices[NUM_SENSOR_TYPES];
@@ -428,6 +431,34 @@ client_vanished_cb (GDBusConnection *connection,
g_free (sender); g_free (sender);
} }
static gboolean
check_claim_permission (SensorData *data,
const char *sender,
GError **error)
{
g_autoptr(GError) local_error = NULL;
g_autoptr(PolkitAuthorizationResult) result = NULL;
g_autoptr(PolkitSubject) subject = NULL;
subject = polkit_system_bus_name_new (sender);
result = polkit_authority_check_authorization_sync (data->auth,
subject,
"net.hadess.SensorProxy.claim-sensor",
NULL,
POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
NULL, &local_error);
if (result == NULL ||
!polkit_authorization_result_get_is_authorized (result))
{
g_set_error (error, G_DBUS_ERROR,
G_DBUS_ERROR_ACCESS_DENIED,
"Not Authorized: %s", local_error ? local_error->message : "Sensor claim not allowed");
return FALSE;
}
return TRUE;
}
static void static void
handle_generic_method_call (SensorData *data, handle_generic_method_call (SensorData *data,
const gchar *sender, const gchar *sender,
@@ -489,6 +520,7 @@ handle_method_call (GDBusConnection *connection,
{ {
SensorData *data = user_data; SensorData *data = user_data;
DriverType driver_type; DriverType driver_type;
g_autoptr(GError) error = NULL;
if (g_strcmp0 (method_name, "ClaimAccelerometer") == 0 || if (g_strcmp0 (method_name, "ClaimAccelerometer") == 0 ||
g_strcmp0 (method_name, "ReleaseAccelerometer") == 0) g_strcmp0 (method_name, "ReleaseAccelerometer") == 0)
@@ -508,6 +540,11 @@ handle_method_call (GDBusConnection *connection,
return; return;
} }
if (!check_claim_permission (data, sender, &error)) {
g_dbus_method_invocation_return_gerror (invocation, error);
return;
}
handle_generic_method_call (data, sender, object_path, handle_generic_method_call (data, sender, object_path,
interface_name, method_name, interface_name, method_name,
parameters, invocation, driver_type); parameters, invocation, driver_type);
@@ -863,6 +900,7 @@ free_sensor_data (SensorData *data)
g_clear_pointer (&data->clients[i], g_hash_table_unref); g_clear_pointer (&data->clients[i], g_hash_table_unref);
} }
g_clear_object (&data->auth);
g_clear_pointer (&data->introspection_data, g_dbus_node_info_unref); g_clear_pointer (&data->introspection_data, g_dbus_node_info_unref);
g_clear_object (&data->connection); g_clear_object (&data->connection);
g_clear_object (&data->client); g_clear_object (&data->client);
@@ -974,6 +1012,7 @@ int main (int argc, char **argv)
/* Set up D-Bus */ /* Set up D-Bus */
setup_dbus (data, replace); setup_dbus (data, replace);
data->auth = polkit_authority_get_sync (NULL, NULL);
data->loop = g_main_loop_new (NULL, TRUE); data->loop = g_main_loop_new (NULL, TRUE);
g_main_loop_run (data->loop); g_main_loop_run (data->loop);
ret = data->ret; ret = data->ret;

2
src/meson.build
View File

@@ -5,7 +5,7 @@ config_h_files = configure_file(
configuration: config_h configuration: config_h
) )
deps = [ gio_dep, gudev_dep, mathlib_dep ] deps = [ gio_dep, gudev_dep, mathlib_dep, polkit_gobject_dep ]
resources = gnome.compile_resources( resources = gnome.compile_resources(
'iio-sensor-proxy-resources', 'iio-sensor-proxy.gresource.xml', 'iio-sensor-proxy-resources', 'iio-sensor-proxy.gresource.xml',