[sysprof] sysprofd: require polkit authorization by the peer
- From: Christian Hergert <chergert src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [sysprof] sysprofd: require polkit authorization by the peer
- Date: Wed, 29 May 2019 22:17:12 +0000 (UTC)
commit ab2fdffa6d8df714ab3f13fdf47de7bdf744f961
Author: Christian Hergert <chergert redhat com>
Date: Wed May 8 19:13:09 2019 -0700
sysprofd: require polkit authorization by the peer
src/sysprofd/ipc-service-impl.c | 44 +++++++++++++++++++++++++++++++
src/sysprofd/meson.build | 4 +--
src/sysprofd/org.gnome.sysprof2.policy.in | 34 ------------------------
src/sysprofd/org.gnome.sysprof3.policy.in | 20 ++++++++++++++
4 files changed, 66 insertions(+), 36 deletions(-)
---
diff --git a/src/sysprofd/ipc-service-impl.c b/src/sysprofd/ipc-service-impl.c
index d8ef8d7..1733bd1 100644
--- a/src/sysprofd/ipc-service-impl.c
+++ b/src/sysprofd/ipc-service-impl.c
@@ -22,6 +22,8 @@
#include "config.h"
+#include <polkit/polkit.h>
+
#include "ipc-service-impl.h"
struct _IpcServiceImpl
@@ -108,6 +110,43 @@ ipc_service_impl_handle_get_proc_file (IpcService *service,
return TRUE;
}
+static gboolean
+ipc_service_impl_g_authorize_method (GDBusInterfaceSkeleton *skeleton,
+ GDBusMethodInvocation *invocation)
+{
+ PolkitAuthority *authority = NULL;
+ PolkitSubject *subject = NULL;
+ const gchar *peer_name;
+ gboolean ret = TRUE;
+
+ g_assert (IPC_IS_SERVICE_IMPL (skeleton));
+ g_assert (G_IS_DBUS_METHOD_INVOCATION (invocation));
+
+ peer_name = g_dbus_method_invocation_get_sender (invocation);
+
+ if (!(authority = polkit_authority_get_sync (NULL, NULL)) ||
+ !(subject = polkit_system_bus_name_new (peer_name)) ||
+ !polkit_authority_check_authorization_sync (authority,
+ POLKIT_SUBJECT (subject),
+ "org.gnome.sysprof3.profile",
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
+ NULL,
+ NULL))
+ {
+ g_dbus_method_invocation_return_error (g_steal_pointer (&invocation),
+ G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Not authorized to make request");
+ ret = FALSE;
+ }
+
+ g_clear_object (&authority);
+ g_clear_object (&subject);
+
+ return ret;
+}
+
static void
init_service_iface (IpcServiceIface *iface)
{
@@ -121,11 +160,16 @@ G_DEFINE_TYPE_WITH_CODE (IpcServiceImpl, ipc_service_impl, IPC_TYPE_SERVICE_SKEL
static void
ipc_service_impl_class_init (IpcServiceImplClass *klass)
{
+ GDBusInterfaceSkeletonClass *skeleton_class = G_DBUS_INTERFACE_SKELETON_CLASS (klass);
+
+ skeleton_class->g_authorize_method = ipc_service_impl_g_authorize_method;
}
static void
ipc_service_impl_init (IpcServiceImpl *self)
{
+ g_dbus_interface_skeleton_set_flags (G_DBUS_INTERFACE_SKELETON (self),
+ G_DBUS_INTERFACE_SKELETON_FLAGS_HANDLE_METHOD_INVOCATIONS_IN_THREAD);
}
IpcService *
diff --git a/src/sysprofd/meson.build b/src/sysprofd/meson.build
index 2586788..fc9b344 100644
--- a/src/sysprofd/meson.build
+++ b/src/sysprofd/meson.build
@@ -58,8 +58,8 @@ configure_file(
)
i18n.merge_file(
- input: 'org.gnome.sysprof2.policy.in',
- output: 'org.gnome.sysprof2.policy',
+ input: 'org.gnome.sysprof3.policy.in',
+ output: 'org.gnome.sysprof3.policy',
po_dir: podir,
install: true,
install_dir: join_paths(datadir, 'polkit-1/actions'),
diff --git a/src/sysprofd/org.gnome.sysprof3.policy.in b/src/sysprofd/org.gnome.sysprof3.policy.in
new file mode 100644
index 0000000..e29ed2a
--- /dev/null
+++ b/src/sysprofd/org.gnome.sysprof3.policy.in
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<policyconfig>
+ <vendor>The sysprof Project</vendor>
+ <vendor_url>https://wiki.gnome.org/Apps/Sysprof</vendor_url>
+ <icon_name>org.gnome.Sysprof-symbolic</icon_name>
+ <action id="org.gnome.sysprof3.profile">
+ <description>Profile the system</description>
+ <message>Authentication is required to profile the system.</message>
+ <defaults>
+ <allow_any>auth_admin_keep</allow_any>
+ <allow_inactive>auth_admin_keep</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ </action>
+</policyconfig>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]