• Laurent Bigonville's avatar
    agent: Only allow the geoclue user to call methods · a5b7bbb5
    Laurent Bigonville authored
    The policy applies only to the process sending a message, not the one
    receiving it. We need to be sure only the geoclue user can call the
    Agent's methods.
    
    Explanation by smvc from the bugreport:
    
      [...]
      The issue here is that every file in /etc/dbus-1/system.d applies to
      everything on the system bus - there is no way to limit policies to
      particular packages. So Geoclue2's policy allows any uid to call any
      method on the Properties interface at the path
      /org/freedesktop/GeoClue2/Agent, in *any* destination.
    
      You might think "why would any other service have an object at
      /org/freedesktop/GeoClue2/Agent?", but not all services distinguish
      between object paths: those that are implemented in terms of simplistic
      libdbus filters[1] typically do not.
      [...]
    
    https://bugs.freedesktop.org/show_bug.cgi?id=91214
    a5b7bbb5