[PATCH 4/5] auth: check when setting statistics refresh rate

From: Alfonso Sanchez-Beato <alfonso sanchez-beato canonical com>
To: networkmanager-list gnome org
Subject: [PATCH 4/5] auth: check when setting statistics refresh rate
Date: Wed, 10 Aug 2016 11:54:32 +0200
---
 clients/cli/general.c                              |  2 ++
 libnm/nm-client.h                                  |  5 ++++-
 libnm/nm-manager.c                                 |  2 ++
 policy/org.freedesktop.NetworkManager.policy.in.in |  9 +++++++++
 shared/nm-common-macros.h                          |  1 +
 src/nm-audit-manager.h                             |  1 +
 src/nm-manager.c                                   | 15 +++++++++++++++
 7 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/clients/cli/general.c b/clients/cli/general.c
index b919ccb..7f87842 100644
--- a/clients/cli/general.c
+++ b/clients/cli/general.c
@@ -437,6 +437,8 @@ permission_to_string (NMClientPermission perm)
                return NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS;
        case NM_CLIENT_PERMISSION_RELOAD:
                return NM_AUTH_PERMISSION_RELOAD;
+       case NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS:
+               return NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
        default:
                return _("unknown");
        }
diff --git a/libnm/nm-client.h b/libnm/nm-client.h
index a496d9a..4b50b0e 100644
--- a/libnm/nm-client.h
+++ b/libnm/nm-client.h
@@ -98,6 +98,8 @@ G_BEGIN_DECLS
  *  DNS configuration
  * @NM_CLIENT_PERMISSION_RELOAD: controls access to Reload.
  * @NM_CLIENT_PERMISSION_LAST: a reserved boundary value
+ * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS: controls whether device
+ *  statistics can be globally enabled or disabled
  *
  * #NMClientPermission values indicate various permissions that NetworkManager
  * clients can obtain to perform certain tasks on behalf of the current user.
@@ -117,8 +119,9 @@ typedef enum {
        NM_CLIENT_PERMISSION_SETTINGS_MODIFY_HOSTNAME = 11,
        NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS = 12,
        NM_CLIENT_PERMISSION_RELOAD = 13,
+       NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS = 14,
 
-       NM_CLIENT_PERMISSION_LAST = 13,
+       NM_CLIENT_PERMISSION_LAST = 14,
 } NMClientPermission;
 
 /**
diff --git a/libnm/nm-manager.c b/libnm/nm-manager.c
index 27bd4ca..0b24d30 100644
--- a/libnm/nm-manager.c
+++ b/libnm/nm-manager.c
@@ -232,6 +232,8 @@ nm_permission_to_client (const char *nm)
                return NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS;
        else if (!strcmp (nm, NM_AUTH_PERMISSION_RELOAD))
                return NM_CLIENT_PERMISSION_RELOAD;
+       else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS))
+               return NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS;
 
        return NM_CLIENT_PERMISSION_NONE;
 }
diff --git a/policy/org.freedesktop.NetworkManager.policy.in.in 
b/policy/org.freedesktop.NetworkManager.policy.in.in
index 94d5cb8..9668a48 100644
--- a/policy/org.freedesktop.NetworkManager.policy.in.in
+++ b/policy/org.freedesktop.NetworkManager.policy.in.in
@@ -132,5 +132,14 @@
     </defaults>
   </action>
 
+  <action id="org.freedesktop.NetworkManager.enable-disable-statistics">
+    <_description>Enable or disable device statistics</_description>
+    <_message>System policy prevents enabling or disabling device statistics</_message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
 </policyconfig>
 
diff --git a/shared/nm-common-macros.h b/shared/nm-common-macros.h
index 3e5f349..282246a 100644
--- a/shared/nm-common-macros.h
+++ b/shared/nm-common-macros.h
@@ -37,6 +37,7 @@
 #define NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME   
"org.freedesktop.NetworkManager.settings.modify.hostname"
 #define NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS 
"org.freedesktop.NetworkManager.settings.modify.global-dns"
 #define NM_AUTH_PERMISSION_RELOAD                     "org.freedesktop.NetworkManager.reload"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS  
"org.freedesktop.NetworkManager.enable-disable-statistics"
 
 #define NM_CLONED_MAC_PRESERVE                          "preserve"
 #define NM_CLONED_MAC_PERMANENT                         "permanent"
diff --git a/src/nm-audit-manager.h b/src/nm-audit-manager.h
index d304ad2..7e7e374 100644
--- a/src/nm-audit-manager.h
+++ b/src/nm-audit-manager.h
@@ -57,6 +57,7 @@ typedef struct {
 #define NM_AUDIT_OP_SLEEP_CONTROL           "sleep-control"
 #define NM_AUDIT_OP_NET_CONTROL             "networking-control"
 #define NM_AUDIT_OP_RADIO_CONTROL           "radio-control"
+#define NM_AUDIT_OP_STATISTICS              "statistics"
 
 #define NM_AUDIT_OP_DEVICE_AUTOCONNECT      "device-autoconnect"
 #define NM_AUDIT_OP_DEVICE_DISCONNECT       "device-disconnect"
diff --git a/src/nm-manager.c b/src/nm-manager.c
index b3576b0..c460f72 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -4410,6 +4410,7 @@ get_permissions_done_cb (NMAuthChain *chain,
                get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME);
                get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS);
                get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_RELOAD);
+               get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS);
 
                g_dbus_method_invocation_return_value (context,
                                                       g_variant_new ("(a{ss})", &results));
@@ -4449,6 +4450,7 @@ impl_manager_get_permissions (NMManager *self,
        nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME, FALSE);
        nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS, FALSE);
        nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_RELOAD, FALSE);
+       nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS, FALSE);
 }
 
 static void
@@ -4909,6 +4911,10 @@ prop_set_auth_done_cb (NMAuthChain *chain,
                /* ... but set the property on the @object itself. It would be correct to set the property
                 * on the skeleton interface, but as it is now, the result is the same. */
                g_object_set (object, pfd->glib_propname, value, NULL);
+       } else if (!strcmp (pfd->glib_propname, NM_DEVICE_STATISTICS_REFRESH_RATE_MS)) {
+               g_assert (g_variant_is_of_type (value, G_VARIANT_TYPE_UINT32));
+               /* the same here */
+               g_object_set (object, pfd->glib_propname, g_variant_get_uint32 (value), NULL);
        } else {
                g_assert (g_variant_is_of_type (value, G_VARIANT_TYPE_BOOLEAN));
                /* the same here */
@@ -5043,6 +5049,15 @@ prop_filter (GDBusConnection *connection,
                } else
                        return message;
                interface_type = NMDBUS_TYPE_DEVICE_SKELETON;
+       } else if (!strcmp (propiface, NM_DBUS_INTERFACE_DEVICE_STATISTICS)) {
+               if (!strcmp (propname, "RefreshRateMs")) {
+                       glib_propname = NM_DEVICE_STATISTICS_REFRESH_RATE_MS;
+                       permission = NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
+                       audit_op = NM_AUDIT_OP_STATISTICS;
+                       expected_type = G_VARIANT_TYPE ("u");
+               } else
+                       return message;
+               interface_type = NMDBUS_TYPE_DEVICE_SKELETON;
        } else
                return message;
 
-- 
2.7.4
References:
- [PATCH 0/5] Add device statistics interface - take 3
  - From: Alfonso Sanchez-Beato
- [PATCH 0/5] Add device statistics interface - comments addressed
  - From: Alfonso Sanchez-Beato
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]