[PATCH 4/5] auth: check when setting statistics refresh rate



---
 clients/cli/general.c     |  2 ++
 libnm/nm-client.h         |  5 ++++-
 libnm/nm-manager.c        |  2 ++
 shared/nm-common-macros.h |  1 +
 src/nm-audit-manager.h    |  1 +
 src/nm-manager.c          | 10 ++++++++++
 6 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/clients/cli/general.c b/clients/cli/general.c
index b919ccb..7f87842 100644
--- a/clients/cli/general.c
+++ b/clients/cli/general.c
@@ -437,6 +437,8 @@ permission_to_string (NMClientPermission perm)
                return NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS;
        case NM_CLIENT_PERMISSION_RELOAD:
                return NM_AUTH_PERMISSION_RELOAD;
+       case NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS:
+               return NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
        default:
                return _("unknown");
        }
diff --git a/libnm/nm-client.h b/libnm/nm-client.h
index a496d9a..4b50b0e 100644
--- a/libnm/nm-client.h
+++ b/libnm/nm-client.h
@@ -98,6 +98,8 @@ G_BEGIN_DECLS
  *  DNS configuration
  * @NM_CLIENT_PERMISSION_RELOAD: controls access to Reload.
  * @NM_CLIENT_PERMISSION_LAST: a reserved boundary value
+ * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS: controls whether device
+ *  statistics can be globally enabled or disabled
  *
  * #NMClientPermission values indicate various permissions that NetworkManager
  * clients can obtain to perform certain tasks on behalf of the current user.
@@ -117,8 +119,9 @@ typedef enum {
        NM_CLIENT_PERMISSION_SETTINGS_MODIFY_HOSTNAME = 11,
        NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS = 12,
        NM_CLIENT_PERMISSION_RELOAD = 13,
+       NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS = 14,
 
-       NM_CLIENT_PERMISSION_LAST = 13,
+       NM_CLIENT_PERMISSION_LAST = 14,
 } NMClientPermission;
 
 /**
diff --git a/libnm/nm-manager.c b/libnm/nm-manager.c
index 27bd4ca..0b24d30 100644
--- a/libnm/nm-manager.c
+++ b/libnm/nm-manager.c
@@ -232,6 +232,8 @@ nm_permission_to_client (const char *nm)
                return NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS;
        else if (!strcmp (nm, NM_AUTH_PERMISSION_RELOAD))
                return NM_CLIENT_PERMISSION_RELOAD;
+       else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS))
+               return NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS;
 
        return NM_CLIENT_PERMISSION_NONE;
 }
diff --git a/shared/nm-common-macros.h b/shared/nm-common-macros.h
index 3e5f349..282246a 100644
--- a/shared/nm-common-macros.h
+++ b/shared/nm-common-macros.h
@@ -37,6 +37,7 @@
 #define NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME   
"org.freedesktop.NetworkManager.settings.modify.hostname"
 #define NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS 
"org.freedesktop.NetworkManager.settings.modify.global-dns"
 #define NM_AUTH_PERMISSION_RELOAD                     "org.freedesktop.NetworkManager.reload"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS  
"org.freedesktop.NetworkManager.enable-disable-statistics"
 
 #define NM_CLONED_MAC_PRESERVE                          "preserve"
 #define NM_CLONED_MAC_PERMANENT                         "permanent"
diff --git a/src/nm-audit-manager.h b/src/nm-audit-manager.h
index d304ad2..7e7e374 100644
--- a/src/nm-audit-manager.h
+++ b/src/nm-audit-manager.h
@@ -57,6 +57,7 @@ typedef struct {
 #define NM_AUDIT_OP_SLEEP_CONTROL           "sleep-control"
 #define NM_AUDIT_OP_NET_CONTROL             "networking-control"
 #define NM_AUDIT_OP_RADIO_CONTROL           "radio-control"
+#define NM_AUDIT_OP_STATISTICS              "statistics"
 
 #define NM_AUDIT_OP_DEVICE_AUTOCONNECT      "device-autoconnect"
 #define NM_AUDIT_OP_DEVICE_DISCONNECT       "device-disconnect"
diff --git a/src/nm-manager.c b/src/nm-manager.c
index b3576b0..8b7e7af 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -4410,6 +4410,7 @@ get_permissions_done_cb (NMAuthChain *chain,
                get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME);
                get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS);
                get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_RELOAD);
+               get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS);
 
                g_dbus_method_invocation_return_value (context,
                                                       g_variant_new ("(a{ss})", &results));
@@ -4449,6 +4450,7 @@ impl_manager_get_permissions (NMManager *self,
        nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME, FALSE);
        nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS, FALSE);
        nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_RELOAD, FALSE);
+       nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS, FALSE);
 }
 
 static void
@@ -5043,6 +5045,14 @@ prop_filter (GDBusConnection *connection,
                } else
                        return message;
                interface_type = NMDBUS_TYPE_DEVICE_SKELETON;
+       } else if (!strcmp (propiface, NM_DBUS_INTERFACE_DEVICE_STATISTICS)) {
+               if (!strcmp (propname, "RefreshRateMs")) {
+                       glib_propname = NM_DEVICE_STATISTICS_REFRESH_RATE_MS;
+                       permission = NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
+                       audit_op = NM_AUDIT_OP_STATISTICS;
+               } else
+                       return message;
+               interface_type = NMDBUS_TYPE_DEVICE_SKELETON;
        } else
                return message;
 
-- 
2.7.4



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]