[gnome-shell] location: Ask user to authorize applications
- From: Zeeshan Ali Khattak <zeeshanak src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-shell] location: Ask user to authorize applications
- Date: Thu, 18 Feb 2016 15:11:44 +0000 (UTC)
commit a1e8c79d38c5255b48e5bc75e367929c50e22a5e
Author: Zeeshan Ali (Khattak) <zeeshanak gnome org>
Date: Mon Feb 15 19:50:25 2016 +0000
location: Ask user to authorize applications
While we could have implemented this already a while ago, this would
have been a completely false security mechanism since we had no way of
reliably identifying applications. Since now with xdg-app, we can at least
reliably identify bundled applications, let's give users a choice of
which applications in particular they are OK with giving location data
to.
While we still can't reliably identify system (non-xdg-app) applications,
it seems extremely unlikely we'll ever be able to do that (at least not
in the near future) so we'll have to trust them to not lie about their
IDs.
Next release of geoclue will take the ID of bundled application directly
from corresponding xdg-app metadata so bundled applications can't simply
lie about their IDs.
https://bugzilla.gnome.org/show_bug.cgi?id=762119
js/ui/status/location.js | 45 +++++++++++++++++++++++++++++++++------------
1 files changed, 33 insertions(+), 12 deletions(-)
---
diff --git a/js/ui/status/location.js b/js/ui/status/location.js
index ff39432..c74ca51 100644
--- a/js/ui/status/location.js
+++ b/js/ui/status/location.js
@@ -80,6 +80,8 @@ var XdgAppIface = '<node> \
</interface> \
</node>';
+const PermissionStore = Gio.DBusProxy.makeProxyWrapper(XdgAppIface);
+
const Indicator = new Lang.Class({
Name: 'LocationIndicator',
Extends: PanelMenu.SystemIndicator,
@@ -117,24 +119,26 @@ const Indicator = new Lang.Class({
this._onSessionUpdated();
this._onMaxAccuracyLevelChanged();
this._connectToGeoclue();
+ this._connectToPermissionStore();
},
get MaxAccuracyLevel() {
return this._getMaxAccuracyLevel();
},
- // We (and geoclue) have currently no way to reliably identifying apps so
- // for now, lets just authorize all apps as long as they provide a valid
- // desktop ID. We also ensure they don't get more accuracy than global max.
- AuthorizeApp: function(desktop_id, reqAccuracyLevel) {
- var appSystem = Shell.AppSystem.get_default();
- var app = appSystem.lookup_app(desktop_id + ".desktop");
- if (app == null) {
- return [false, 0];
- }
+ AuthorizeAppAsync: function(params, invocation) {
+ let [desktopId, reqAccuracyLevel] = params;
- let allowedAccuracyLevel = clamp(reqAccuracyLevel, 0, this._getMaxAccuracyLevel());
- return [true, allowedAccuracyLevel];
+ let authorizer = new AppAuthorizer(desktopId,
+ reqAccuracyLevel,
+ this._permStoreProxy,
+ this._getMaxAccuracyLevel());
+
+ authorizer.authorize(Lang.bind(this, function(accuracyLevel) {
+ let ret = (accuracyLevel != GeoclueAccuracyLevel.NONE);
+ invocation.return_value(GLib.Variant.new('(bu)',
+ [ret, accuracyLevel]));
+ }));
},
_syncIndicator: function() {
@@ -245,7 +249,24 @@ const Indicator = new Lang.Class({
let unpacked = properties.deep_unpack();
if ("InUse" in unpacked)
this._syncIndicator();
- }
+ },
+
+ _connectToPermissionStore: function() {
+ this._permStoreProxy = null;
+ new PermissionStore(Gio.DBus.session,
+ 'org.freedesktop.XdgApp',
+ '/org/freedesktop/XdgApp/PermissionStore',
+ Lang.bind(this, this._onPermStoreProxyReady));
+ },
+
+ _onPermStoreProxyReady: function(proxy, error) {
+ if (error != null) {
+ log(error.message);
+ return;
+ }
+
+ this._permStoreProxy = proxy;
+ },
});
function clamp(value, min, max) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
