diff options
author | Zeeshan Ali <zeenix@collabora.co.uk> | 2018-09-12 15:47:19 -0400 |
---|---|---|
committer | Zeeshan Ali <zeenix@collabora.co.uk> | 2018-09-12 16:49:52 -0400 |
commit | 87e60ed97843f1a59db46c320aa048cb064a0f08 (patch) | |
tree | f4efbac62c85c5d755e53f687376823ed315c04e | |
parent | 3458f9f0dc60b2d3f8c4b8b868f0d4d66d480180 (diff) |
service: Drop authorization for system apps
We do not have any way to reliably identify system apps and they can
easily lie about their ID. So it does not make much sense to give users
the illusion that they can control apps' access to their location.
Moreover, recently we ran into a bunch of annoying and hard to solve
issues related to authorization of system apps and we ended up with lots
of angry users.
Also we might also drop all agent/authorization in favour of an
appropriate Flatpak portal soon anyway: https://gitlab.freedesktop.org/geoclue/geoclue/issues/83
Fixes #76, #80.
-rw-r--r-- | src/gclue-service-client.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/src/gclue-service-client.c b/src/gclue-service-client.c index c9a34da..bf6dfa6 100644 --- a/src/gclue-service-client.c +++ b/src/gclue-service-client.c @@ -330,16 +330,17 @@ on_agent_props_changed (GDBusProxy *agent_proxy, g_variant_get (changed_properties, "a{sv}", &iter); while (g_variant_iter_loop (iter, "{&sv}", &key, &value)) { GClueAccuracyLevel max_accuracy; - GClueConfig *config; const char *id; + gboolean system_app; if (strcmp (key, "MaxAccuracyLevel") != 0) continue; gdbus_client = GCLUE_DBUS_CLIENT (client); - config = gclue_config_get_singleton (); id = gclue_dbus_client_get_desktop_id (gdbus_client); max_accuracy = g_variant_get_uint32 (value); + system_app = (gclue_client_info_get_xdg_id + (client->priv->client_info) != NULL); /* FIXME: We should be handling all values of max accuracy * level here, not just 0 and non-0. */ @@ -355,7 +356,7 @@ on_agent_props_changed (GDBusProxy *agent_proxy, g_debug ("Re-started '%s'.", id); } else if (max_accuracy == 0 && gclue_dbus_client_get_active (gdbus_client) && - !gclue_config_is_system_component (config, id)) { + !system_app) { stop_client (client); client->priv->agent_stopped = TRUE; g_debug ("Stopped '%s'.", id); @@ -472,8 +473,7 @@ handle_post_agent_check_auth (StartData *data) data->desktop_id, priv->client_info); - if (gclue_config_is_system_component (config, data->desktop_id) || - app_perm == GCLUE_APP_PERM_ALLOWED) { + if (app_perm == GCLUE_APP_PERM_ALLOWED) { complete_start (data); return; } @@ -557,6 +557,7 @@ gclue_service_client_handle_start (GClueDBusClient *client, const char *desktop_id; GClueAppPerm app_perm; guint32 uid; + gboolean system_app = FALSE; if (priv->locator != NULL) { /* Already started */ @@ -566,9 +567,11 @@ gclue_service_client_handle_start (GClueDBusClient *client, } desktop_id = gclue_client_info_get_xdg_id (priv->client_info); - if (desktop_id == NULL) + if (desktop_id == NULL) { /* Non-xdg app */ desktop_id = gclue_dbus_client_get_desktop_id (client); + system_app = TRUE; + } if (desktop_id == NULL) { g_dbus_method_invocation_return_error_literal (invocation, @@ -603,6 +606,14 @@ gclue_service_client_handle_start (GClueDBusClient *client, data->accuracy_level = ensure_valid_accuracy_level (data->accuracy_level, GCLUE_ACCURACY_LEVEL_EXACT); + if (system_app) { + /* Since we have no reliable way to identify system apps, no + * need for auth for them. */ + complete_start (data); + + return TRUE; + } + /* No agent == No authorization */ if (priv->agent_proxy == NULL) { /* Already a pending Start()? Denied! */ |