[gnome-shell] shellDBus: Restrict callers

From: Marge Bot <marge-bot src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-shell] shellDBus: Restrict callers
Date: Fri, 3 Sep 2021 21:44:30 +0000 (UTC)
commit a628bbc485e11346d633879b3f734c55abcdf414
Author: Florian Müllner <fmuellner gnome org>
Date:   Thu Jun 17 15:29:42 2021 +0200

    shellDBus: Restrict callers
    
    The org.gnome.Shell interface provides a private API to other core
    components to implement desktop functionalities like Settings or
    global keybindings. It is not meant as a public API, so limit it
    to a set of expected callers.
    
    https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3943
    
    Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1970>

 js/ui/shellDBus.js | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
---
diff --git a/js/ui/shellDBus.js b/js/ui/shellDBus.js
index 62c840094b..a8070eb925 100644
--- a/js/ui/shellDBus.js
+++ b/js/ui/shellDBus.js
@@ -10,6 +10,7 @@ const Main = imports.ui.main;
 const Screenshot = imports.ui.screenshot;
 
 const { loadInterfaceXML } = imports.misc.fileUtils;
+const { DBusSenderChecker } = imports.misc.util;
 const { ControlsState } = imports.ui.overviewControls;
 
 const GnomeShellIface = loadInterfaceXML('org.gnome.Shell');
@@ -20,6 +21,11 @@ var GnomeShell = class {
         this._dbusImpl = Gio.DBusExportedObject.wrapJSObject(GnomeShellIface, this);
         this._dbusImpl.export(Gio.DBus.session, '/org/gnome/Shell');
 
+        this._senderChecker = new DBusSenderChecker([
+            'org.gnome.ControlCenter',
+            'org.gnome.SettingsDaemon.MediaKeys',
+        ]);
+
         this._extensionsService = new GnomeShellExtensions();
         this._screenshotService = new Screenshot.ScreenshotService();
 
@@ -80,6 +86,13 @@ var GnomeShell = class {
      * @returns {void}
      */
     FocusSearchAsync(params, invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
         Main.overview.focusSearch();
         invocation.return_value(null);
     }
@@ -92,6 +105,13 @@ var GnomeShell = class {
      * @returns {void}
      */
     ShowOSDAsync([params], invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
         for (let param in params)
             params[param] = params[param].deep_unpack();
 
@@ -123,6 +143,13 @@ var GnomeShell = class {
      * @returns {void}
      */
     FocusAppAsync([id], invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
         Main.overview.selectApp(id);
         invocation.return_value(null);
     }
@@ -135,11 +162,25 @@ var GnomeShell = class {
      * @returns {void}
      */
     ShowApplicationsAsync(params, invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
         Main.overview.show(ControlsState.APP_GRID);
         invocation.return_value(null);
     }
 
     GrabAcceleratorAsync(params, invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
         let [accel, modeFlags, grabFlags] = params;
         let sender = invocation.get_sender();
         let bindingAction = this._grabAcceleratorForSender(accel, modeFlags, grabFlags, sender);
@@ -147,6 +188,13 @@ var GnomeShell = class {
     }
 
     GrabAcceleratorsAsync(params, invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
         let [accels] = params;
         let sender = invocation.get_sender();
         let bindingActions = [];
@@ -158,6 +206,13 @@ var GnomeShell = class {
     }
 
     UngrabAcceleratorAsync(params, invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
         let [action] = params;
         let sender = invocation.get_sender();
         let ungrabSucceeded = this._ungrabAcceleratorForSender(action, sender);
@@ -166,6 +221,13 @@ var GnomeShell = class {
     }
 
     UngrabAcceleratorsAsync(params, invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
         let [actions] = params;
         let sender = invocation.get_sender();
         let ungrabSucceeded = true;
@@ -246,6 +308,13 @@ var GnomeShell = class {
     }
 
     ShowMonitorLabelsAsync(params, invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
         let sender = invocation.get_sender();
         let [dict] = params;
         Main.osdMonitorLabeler.show(sender, dict);
@@ -253,6 +322,13 @@ var GnomeShell = class {
     }
 
     HideMonitorLabelsAsync(params, invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
         let sender = invocation.get_sender();
         Main.osdMonitorLabeler.hide(sender);
         invocation.return_value(null);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]