Commit a5b7bbb5 authored by Laurent Bigonville's avatar Laurent Bigonville Committed by Zeeshan Ali

agent: Only allow the geoclue user to call methods

The policy applies only to the process sending a message, not the one
receiving it. We need to be sure only the geoclue user can call the
Agent's methods.

Explanation by smvc from the bugreport:

  The issue here is that every file in /etc/dbus-1/system.d applies to
  everything on the system bus - there is no way to limit policies to
  particular packages. So Geoclue2's policy allows any uid to call any
  method on the Properties interface at the path
  /org/freedesktop/GeoClue2/Agent, in *any* destination.

  You might think "why would any other service have an object at
  /org/freedesktop/GeoClue2/Agent?", but not all services distinguish
  between object paths: those that are implemented in terms of simplistic
  libdbus filters[1] typically do not.
parent d242d50f
......@@ -208,6 +208,7 @@ AC_CONFIG_FILES([
......@@ -2,7 +2,7 @@
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
<policy context="default">
<policy user="@dbus_srv_user@">
<allow send_interface="org.freedesktop.GeoClue2.Agent"
<allow send_interface="org.freedesktop.DBus.Properties"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment