Commit a5b7bbb5 authored by Laurent Bigonville's avatar Laurent Bigonville Committed by Zeeshan Ali

agent: Only allow the geoclue user to call methods

The policy applies only to the process sending a message, not the one
receiving it. We need to be sure only the geoclue user can call the
Agent's methods.

Explanation by smvc from the bugreport:

  [...]
  The issue here is that every file in /etc/dbus-1/system.d applies to
  everything on the system bus - there is no way to limit policies to
  particular packages. So Geoclue2's policy allows any uid to call any
  method on the Properties interface at the path
  /org/freedesktop/GeoClue2/Agent, in *any* destination.

  You might think "why would any other service have an object at
  /org/freedesktop/GeoClue2/Agent?", but not all services distinguish
  between object paths: those that are implemented in terms of simplistic
  libdbus filters[1] typically do not.
  [...]

https://bugs.freedesktop.org/show_bug.cgi?id=91214
parent d242d50f
......@@ -208,6 +208,7 @@ AC_CONFIG_FILES([
src/public-api/Makefile
po/Makefile.in
data/org.freedesktop.GeoClue2.conf
data/org.freedesktop.GeoClue2.Agent.conf
data/Makefile
demo/Makefile
docs/Makefile
......
......@@ -2,7 +2,7 @@
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy context="default">
<policy user="@dbus_srv_user@">
<allow send_interface="org.freedesktop.GeoClue2.Agent"
send_path="/org/freedesktop/GeoClue2/Agent"/>
<allow send_interface="org.freedesktop.DBus.Properties"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment