location: buildtime option to restrict location into a particular user only
Submitted by Aleksander Morgado
Assigned to ModemManager bug user
Originally reported at: https://bugzilla.gnome.org/show_bug.cgi?id=724543 Please refer to the original bug report if more details are needed.
Currently, every user which is able to access the ModemManager interfaces is able to read the Location information, which is given in two different ways:
- Via GetLocation() request/responses.
- Via Location property read/updates.
In order to restrict who can read the location information to just the geoclue user (and root), ModemManager should have a build-time option where a given username is specified. This username should be the one used to run the geoclue client that access MM.
Once the buildtime option is enabled:
- Location property read/updates will be disabled. There is currently no easy way to manage this access control at DBus-level, especially for the property update notifications via the PropertiesChanged signal.
- The only way to retrieve location information will be through GetLocation() request/responses, which will validate the remote user to ensure it's either root or the geoclue user.
An initial implementation is already available in the "aleksander/limited-location-user" branch in upstream git: http://cgit.freedesktop.org/ModemManager/ModemManager/log/?h=aleksander/limited-location-user