From 6f962a8035cfb578487bb372c2b06d04f1d18b6d Mon Sep 17 00:00:00 2001 From: Slava Monich Date: Sat, 1 Apr 2017 19:42:51 +0300 Subject: [PATCH] [connectionagent] Make connectionagent privileged. Fixes JB#38236 Now that connman applies access control rules to most of its service methods, connectionagent needs to have its effected group id to be privileged. Otherwise it won't be able to connect or disconnect connman services --- connd/connd.pro | 9 +-------- connd/privileges | 2 ++ rpm/connectionagent-qt5.spec | 8 +++++++- 3 files changed, 10 insertions(+), 9 deletions(-) create mode 100644 connd/privileges diff --git a/connd/connd.pro b/connd/connd.pro index 75777b0..1836b79 100644 --- a/connd/connd.pro +++ b/connd/connd.pro @@ -1,4 +1,3 @@ - QT = core network dbus TARGET = connectionagent @@ -16,16 +15,13 @@ CONFIG -= app_bundle TEMPLATE = app -OTHER_FILES += com.jolla.Connectiond.xml +OTHER_FILES += com.jolla.Connectiond.xml privileges DBUS_ADAPTORS = connadaptor connadaptor.files = com.jollamobile.Connectiond.xml connadaptor.header_flags = -c ConnAdaptor connadaptor.source_flags = -c ConnAdaptor -# create adaptor -#system(qdbusxml2cpp -c ConnAdaptor -a connadaptor.h:connadaptor.cpp com.jollamobile.Connectiond.xml) - SOURCES += main.cpp \ qconnectionagent.cpp \ wakeupwatcher.cpp @@ -39,6 +35,3 @@ INSTALLS += target MOC_DIR = .moc OBJECTS_DIR = .obj - - - diff --git a/connd/privileges b/connd/privileges new file mode 100644 index 0000000..6c5f548 --- /dev/null +++ b/connd/privileges @@ -0,0 +1,2 @@ +# Tells invoker to run connectionagent as nemo:privileged +/usr/bin/connectionagent, diff --git a/rpm/connectionagent-qt5.spec b/rpm/connectionagent-qt5.spec index 0cd012b..fa3d219 100644 --- a/rpm/connectionagent-qt5.spec +++ b/rpm/connectionagent-qt5.spec @@ -1,7 +1,7 @@ Name: connectionagent-qt5 Summary: User Agent daemon -Version: 0.11.25 +Version: 0.11 Release: 0 Group: Communications/Connectivity Adaptation License: LGPLv2.1 @@ -75,6 +75,9 @@ rm -rf %{buildroot} mkdir -p %{buildroot}%{_libdir}/systemd/user/user-session.target.wants ln -s ../connectionagent.service %{buildroot}%{_libdir}/systemd/user/user-session.target.wants/ +mkdir -p %{buildroot}%{_datadir}/mapplauncherd/privileges.d +install -m 644 -p connd/privileges %{buildroot}%{_datadir}/mapplauncherd/privileges.d/connectionagent + %post if [ "$1" -ge 1 ]; then systemctl-user daemon-reload || : @@ -91,6 +94,9 @@ fi %defattr(-,root,root,-) %{_bindir}/connectionagent %{_datadir}/dbus-1/services/com.jolla.Connectiond.service +%dir %{_datadir}/mapplauncherd +%dir %{_datadir}/mapplauncherd/privileges.d +%{_datadir}/mapplauncherd/privileges.d/connectionagent %{_libdir}/systemd/user/connectionagent.service %{_sysconfdir}/dbus-1/session.d/connectionagent.conf %{_libdir}/systemd/user/user-session.target.wants/connectionagent.service