Merge branch 'jb52494_privileged_dbus' into 'master'

Allow only privileged clients to reboot device / modify aboot settings See merge request mer-core/dsme!46
sailfishos · Jan 20, 2021 · c8b32b6 · c8b32b6
2 parents 070fc0f + 96a8b31
commit c8b32b6
Show file tree

Hide file tree

Showing 13 changed files with 175 additions and 33 deletions.
diff --git a/.depend b/.depend
@@ -95,6 +95,7 @@ dsme/modulebase.o:\
 	include/dsme/modulebase.h\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
+	dsme/utility.h\
 
 dsme/modulebase.pic.o:\
 	dsme/modulebase.c\
@@ -103,6 +104,7 @@ dsme/modulebase.pic.o:\
 	include/dsme/modulebase.h\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
+	dsme/utility.h\
 
 dsme/oom.o:\
 	dsme/oom.c\
@@ -274,6 +276,7 @@ modules/dsme_dbus.o:\
 	modules/dsme_dbus.c\
 	dbus-gmain/dbus-gmain.h\
 	dsme/dsme-server.h\
+	dsme/utility.h\
 	include/dsme/logging.h\
 	include/dsme/modulebase.h\
 	include/dsme/modules.h\
@@ -285,6 +288,7 @@ modules/dsme_dbus.pic.o:\
 	modules/dsme_dbus.c\
 	dbus-gmain/dbus-gmain.h\
 	dsme/dsme-server.h\
+	dsme/utility.h\
 	include/dsme/logging.h\
 	include/dsme/modulebase.h\
 	include/dsme/modules.h\
@@ -736,6 +740,7 @@ test/testmod_alarmtracker.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -758,6 +763,7 @@ test/testmod_alarmtracker.pic.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -780,6 +786,7 @@ test/testmod_emergencycalltracker.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -802,6 +809,7 @@ test/testmod_emergencycalltracker.pic.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -824,6 +832,7 @@ test/testmod_state.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -846,6 +855,7 @@ test/testmod_state.pic.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -868,6 +878,7 @@ test/testmod_usbtracker.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -890,6 +901,7 @@ test/testmod_usbtracker.pic.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\

diff --git a/dsme/modulebase.c b/dsme/modulebase.c
@@ -3,8 +3,9 @@
 
    Implements DSME plugin framework.
    <p>
-   Copyright (C) 2004-2010 Nokia Corporation
-   Copyright (C) 2013-2017 Jolla Ltd.
+   Copyright (c) 2004 - 2010 Nokia Corporation
+   Copyright (c) 2013 - 2020 Jolla Ltd.
+   Copyright (c) 2020 Open Mobile Platform LLC.
 
    @author Ari Saastamoinen
    @author Semi Malinen <semi.malinen@nokia.com>
@@ -32,6 +33,7 @@
 #include "../include/dsme/logging.h"
 #include "../include/dsme/mainloop.h"
 #include "dsme-server.h"
+#include "utility.h"
 
 #include <glib.h>
 #include <stdio.h>
@@ -493,6 +495,21 @@ char* endpoint_name(const endpoint_t* sender)
   return name;
 }
 
+bool endpoint_is_privileged(const endpoint_t* sender)
+{
+    bool is_privileged = false;
+
+    if( sender ) {
+        if( !sender->conn )
+            is_privileged = true;
+        else if( sender->ucred.pid != 0 )
+            is_privileged = dsme_user_is_privileged(sender->ucred.uid,
+                                                    sender->ucred.gid);
+    }
+
+    return is_privileged;
+}
+
 bool endpoint_same(const endpoint_t* a, const endpoint_t* b)
 {
   bool same = false;

diff --git a/dsme/utility.c b/dsme/utility.c
@@ -4,7 +4,8 @@
  * Generic functions needed by dsme core and/or multiple plugings.
  *
  * <p>
- * Copyright (C) 2019 Jolla Ltd.
+ * Copyright (c) 2019 - 2020 Jolla Ltd.
+ * Copyright (c) 2020 Open Mobile Platform LLC.
  *
  * @author Simo Piiroinen <simo.piiroinen@jollamobile.com>
  *
@@ -34,6 +35,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <stdlib.h>
+#include <pwd.h>
 
 #include <libcryptsetup.h>
 
@@ -45,12 +47,58 @@
  * UTILITY
  * ------------------------------------------------------------------------- */
 
+bool                        dsme_user_is_privileged       (uid_t uid, gid_t gid);
+bool                        dsme_process_is_privileged    (pid_t pid);
 static void                 dsme_free_crypt_device        (struct crypt_device *cdev);
 static struct crypt_device *dsme_get_crypt_device_for_home(void);
 bool                        dsme_home_is_encrypted        (void);
 const char                 *dsme_state_repr               (dsme_state_t state);
 static char                *dsme_pid2exe                  (pid_t pid);
 
+/* ========================================================================= *
+ * Client identification
+ * ========================================================================= */
+
+bool
+dsme_user_is_privileged(uid_t uid, gid_t gid)
+{
+    bool is_privileged = false;
+
+    /* Check if UID/GID is root/privileged */
+    if( uid != 0 && gid != 0 ) {
+        struct passwd *pw = getpwnam("privileged");
+        if( !pw ) {
+            dsme_log(LOG_WARNING, "privileged user not found");
+            goto EXIT;
+        }
+        if( uid != pw->pw_uid && gid != pw->pw_gid )
+            goto EXIT;
+    }
+
+    is_privileged = true;
+
+EXIT:
+    return is_privileged;
+}
+
+bool
+dsme_process_is_privileged(pid_t pid)
+{
+    bool is_privileged = false;
+
+    /* /proc/PID directory is owned by process EUID:EGID */
+    char temp[256];
+    snprintf(temp, sizeof temp, "/proc/%d", (int)pid);
+    struct stat st = {};
+
+    if( stat(temp, &st) == -1 )
+        dsme_log(LOG_WARNING, "could not stat %s: %m", temp);
+    else
+        is_privileged = dsme_user_is_privileged(st.st_uid, st.st_gid);
+
+    return is_privileged;
+}
+
 /* ========================================================================= *
  * Probing for encrypted home partition
  * ========================================================================= */

diff --git a/dsme/utility.h b/dsme/utility.h
@@ -4,7 +4,8 @@
  * Generic functions needed by dsme core and/or multiple plugings.
  *
  * <p>
- * Copyright (C) 2019 Jolla Ltd.
+ * Copyright (c) 2019 - 2020 Jolla Ltd.
+ * Copyright (c) 2020 Open Mobile Platform LLC.
  *
  * @author Simo Piiroinen <simo.piiroinen@jollamobile.com>
  *
@@ -38,6 +39,8 @@
  * UTILITY
  * ------------------------------------------------------------------------- */
 
+bool        dsme_user_is_privileged(uid_t uid, gid_t gid);
+bool        dsme_process_is_privileged(pid_t pid);
 bool        dsme_home_is_encrypted(void);
 const char *dsme_state_repr       (dsme_state_t state);
 

diff --git a/include/dsme/modules.h b/include/dsme/modules.h
@@ -3,10 +3,13 @@
 
    DSME interface towards plugin modules.
    <p>
-   Copyright (C) 2004-2010 Nokia Corporation.
+   Copyright (c) 2004 - 2010 Nokia Corporation.
+   Copyright (c) 2015 - 2020 Jolla Ltd.
+   Copyright (c) 2020 Open Mobile Platform LLC.
 
    @author Ari Saastamoinen
    @author Semi Malinen <semi.malinen@nokia.com>
+   @author Simo Piiroinen <simo.piiroinen@jolla.com>
 
    This file is part of Dsme.
 
@@ -121,6 +124,7 @@ void endpoint_send(endpoint_t* recipient, const void* msg);
 const struct ucred* endpoint_ucred(const endpoint_t* sender);
 char* endpoint_name_by_pid(pid_t pid);
 char* endpoint_name(const endpoint_t* sender);
+bool endpoint_is_privileged(const endpoint_t* sender);
 bool endpoint_same(const endpoint_t* a, const endpoint_t* b);
 bool endpoint_is_dsme(const endpoint_t* endpoint);
 endpoint_t* endpoint_copy(const endpoint_t* endpoint);

diff --git a/modules/abootsettings.c b/modules/abootsettings.c
@@ -5,7 +5,8 @@
    User can change e.g. device lock value for aboot.
    <p>
 
-   Copyright (C) 2017 Jolla Oy
+   Copyright (c) 2017 - 2020 Jolla Ltd.
+   Copyright (c) 2020 Open Mobile Platform LLC.
 
    @author Marko Lemmetty <marko.lemmetty@jollamobile.com>
    @author Simo Piiroinen <simo.piiroinen@jollamobile.com>
@@ -221,6 +222,7 @@ static const dsme_dbus_binding_t dbus_methods_array[] =
     {
         .method = set_locked,
         .name   = "set_locked",
+        .priv   = true,
         .args   =
             "    <arg direction=\"in\" name=\"state\" type=\"i\"/>\n"
             "    <arg direction=\"out\" name=\"success\" type=\"i\"/>\n"

diff --git a/modules/dbusproxy.c b/modules/dbusproxy.c
@@ -4,8 +4,9 @@
    This module implements proxying of between DSME's internal message
    queue and D-Bus.
    <p>
-   Copyright (C) 2009-2010 Nokia Corporation.
-   Copyright (C) 2015-2017 Jolla Ltd.
+   Copyright (c) 2009 - 2010 Nokia Corporation.
+   Copyright (c) 2015 - 2020 Jolla Ltd.
+   Copyright (c) 2020 Open Mobile Platform LLC.
 
    @author Semi Malinen <semi.malinen@nokia.com>
    @author Simo Piiroinen <simo.piiroinen@jollamobile.com>
@@ -100,6 +101,7 @@ static void req_powerup(const DsmeDbusMessage* request, DsmeDbusMessage** reply)
 
   DSM_MSGTYPE_POWERUP_REQ req = DSME_MSG_INIT(DSM_MSGTYPE_POWERUP_REQ);
   modules_broadcast_internally(&req);
+  *reply = dsme_dbus_reply_new(request);
 }
 
 static void req_reboot(const DsmeDbusMessage* request, DsmeDbusMessage** reply)
@@ -112,6 +114,7 @@ static void req_reboot(const DsmeDbusMessage* request, DsmeDbusMessage** reply)
 
   DSM_MSGTYPE_REBOOT_REQ req = DSME_MSG_INIT(DSM_MSGTYPE_REBOOT_REQ);
   modules_broadcast_internally(&req);
+  *reply = dsme_dbus_reply_new(request);
 }
 
 static void req_shutdown(const DsmeDbusMessage* request,
@@ -126,6 +129,7 @@ static void req_shutdown(const DsmeDbusMessage* request,
   DSM_MSGTYPE_SHUTDOWN_REQ req = DSME_MSG_INIT(DSM_MSGTYPE_SHUTDOWN_REQ);
 
   modules_broadcast_internally(&req);
+  *reply = dsme_dbus_reply_new(request);
 }
 
 /** Flag for: dbus broadcast info has been installed */
@@ -187,16 +191,19 @@ static const dsme_dbus_binding_t dbus_methods_array[] =
     {
         .method = req_powerup,
         .name   = dsme_req_powerup,
+        .priv   = true,
         .args   = ""
     },
     {
         .method = req_reboot,
         .name   = dsme_req_reboot,
+        .priv   = true,
         .args   = ""
     },
     {
         .method = req_shutdown,
         .name   = dsme_req_shutdown,
+        .priv   = true,
         .args   = ""
     },
     // sentinel