[dsme] Enablers for privileged client checking

Add utility functions for checking whether a process should be considered privileged. Add predicate function for checking whether dispatched dsme message originates from privileged client (or dsme itself). Make it possible to mark D-Bus method calls served by dsme as privileged and send access denied error reply if such method is called from an unpriviliged client. Do not trigger vibration feedback when shutdown/reboot requests are received, so that vibration occurs only when such requests are accepted. Move legacy aegis credential check delay in dsmetool so that it happens on disconnect rather than on connect. While such delay is not necessary anymore, having it occur just before exit allows dsme side diagnostic logging to have access to client details. Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
sailfishos · Jan 5, 2021 · e74970c · e74970c
1 parent 070fc0f
commit e74970c
Show file tree

Hide file tree

Showing 9 changed files with 135 additions and 21 deletions.
diff --git a/.depend b/.depend
@@ -95,6 +95,7 @@ dsme/modulebase.o:\
 	include/dsme/modulebase.h\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
+	dsme/utility.h\
 
 dsme/modulebase.pic.o:\
 	dsme/modulebase.c\
@@ -103,6 +104,7 @@ dsme/modulebase.pic.o:\
 	include/dsme/modulebase.h\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
+	dsme/utility.h\
 
 dsme/oom.o:\
 	dsme/oom.c\
@@ -274,6 +276,7 @@ modules/dsme_dbus.o:\
 	modules/dsme_dbus.c\
 	dbus-gmain/dbus-gmain.h\
 	dsme/dsme-server.h\
+	dsme/utility.h\
 	include/dsme/logging.h\
 	include/dsme/modulebase.h\
 	include/dsme/modules.h\
@@ -285,6 +288,7 @@ modules/dsme_dbus.pic.o:\
 	modules/dsme_dbus.c\
 	dbus-gmain/dbus-gmain.h\
 	dsme/dsme-server.h\
+	dsme/utility.h\
 	include/dsme/logging.h\
 	include/dsme/modulebase.h\
 	include/dsme/modules.h\
@@ -736,6 +740,7 @@ test/testmod_alarmtracker.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -758,6 +763,7 @@ test/testmod_alarmtracker.pic.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -780,6 +786,7 @@ test/testmod_emergencycalltracker.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -802,6 +809,7 @@ test/testmod_emergencycalltracker.pic.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -824,6 +832,7 @@ test/testmod_state.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -846,6 +855,7 @@ test/testmod_state.pic.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -868,6 +878,7 @@ test/testmod_usbtracker.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\
@@ -890,6 +901,7 @@ test/testmod_usbtracker.pic.o:\
 	include/dsme/modules.h\
 	dsme/dsme-server.h\
 	dsme/modulebase.c\
+	dsme/utility.h\
 	include/dsme/dsmesock.h\
 	include/dsme/mainloop.h\
 	include/dsme/modulebase.h\

diff --git a/dsme/modulebase.c b/dsme/modulebase.c
@@ -3,8 +3,9 @@
 
    Implements DSME plugin framework.
    <p>
-   Copyright (C) 2004-2010 Nokia Corporation
-   Copyright (C) 2013-2017 Jolla Ltd.
+   Copyright (c) 2004 - 2010 Nokia Corporation
+   Copyright (c) 2013 - 2020 Jolla Ltd.
+   Copyright (c) 2020 Open Mobile Platform LLC.
 
    @author Ari Saastamoinen
    @author Semi Malinen <semi.malinen@nokia.com>
@@ -32,6 +33,7 @@
 #include "../include/dsme/logging.h"
 #include "../include/dsme/mainloop.h"
 #include "dsme-server.h"
+#include "utility.h"
 
 #include <glib.h>
 #include <stdio.h>
@@ -493,6 +495,21 @@ char* endpoint_name(const endpoint_t* sender)
   return name;
 }
 
+bool endpoint_is_privileged(const endpoint_t* sender)
+{
+    bool is_privileged = false;
+
+    if( sender ) {
+        if( !sender->conn )
+            is_privileged = true;
+        else if( sender->ucred.pid != 0 )
+            is_privileged = dsme_user_is_privileged(sender->ucred.uid,
+                                                    sender->ucred.gid);
+    }
+
+    return is_privileged;
+}
+
 bool endpoint_same(const endpoint_t* a, const endpoint_t* b)
 {
   bool same = false;

diff --git a/dsme/utility.c b/dsme/utility.c
@@ -4,7 +4,8 @@
  * Generic functions needed by dsme core and/or multiple plugings.
  *
  * <p>
- * Copyright (C) 2019 Jolla Ltd.
+ * Copyright (c) 2019 - 2020 Jolla Ltd.
+ * Copyright (c) 2020 Open Mobile Platform LLC.
  *
  * @author Simo Piiroinen <simo.piiroinen@jollamobile.com>
  *
@@ -34,6 +35,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <stdlib.h>
+#include <pwd.h>
 
 #include <libcryptsetup.h>
 
@@ -45,12 +47,58 @@
  * UTILITY
  * ------------------------------------------------------------------------- */
 
+bool                        dsme_user_is_privileged       (uid_t uid, gid_t gid);
+bool                        dsme_process_is_privileged    (pid_t pid);
 static void                 dsme_free_crypt_device        (struct crypt_device *cdev);
 static struct crypt_device *dsme_get_crypt_device_for_home(void);
 bool                        dsme_home_is_encrypted        (void);
 const char                 *dsme_state_repr               (dsme_state_t state);
 static char                *dsme_pid2exe                  (pid_t pid);
 
+/* ========================================================================= *
+ * Client identification
+ * ========================================================================= */
+
+bool
+dsme_user_is_privileged(uid_t uid, gid_t gid)
+{
+    bool is_privileged = false;
+
+    /* Check if UID/GID is root/privileged */
+    if( uid != 0 && gid != 0 ) {
+        struct passwd *pw = getpwnam("privileged");
+        if( !pw ) {
+            dsme_log(LOG_WARNING, "privileged user not found");
+            goto EXIT;
+        }
+        if( uid != pw->pw_uid && gid != pw->pw_gid )
+            goto EXIT;
+    }
+
+    is_privileged = true;
+
+EXIT:
+    return is_privileged;
+}
+
+bool
+dsme_process_is_privileged(pid_t pid)
+{
+    bool is_privileged = false;
+
+    /* /proc/PID directory is owned by process EUID:EGID */
+    char temp[256];
+    snprintf(temp, sizeof temp, "/proc/%d", (int)pid);
+    struct stat st = {};
+
+    if( stat(temp, &st) == -1 )
+        dsme_log(LOG_WARNING, "could not stat %s: %m", temp);
+    else
+        is_privileged = dsme_user_is_privileged(st.st_uid, st.st_gid);
+
+    return is_privileged;
+}
+
 /* ========================================================================= *
  * Probing for encrypted home partition
  * ========================================================================= */

diff --git a/dsme/utility.h b/dsme/utility.h
@@ -4,7 +4,8 @@
  * Generic functions needed by dsme core and/or multiple plugings.
  *
  * <p>
- * Copyright (C) 2019 Jolla Ltd.
+ * Copyright (c) 2019 - 2020 Jolla Ltd.
+ * Copyright (c) 2020 Open Mobile Platform LLC.
  *
  * @author Simo Piiroinen <simo.piiroinen@jollamobile.com>
  *
@@ -38,6 +39,8 @@
  * UTILITY
  * ------------------------------------------------------------------------- */
 
+bool        dsme_user_is_privileged(uid_t uid, gid_t gid);
+bool        dsme_process_is_privileged(pid_t pid);
 bool        dsme_home_is_encrypted(void);
 const char *dsme_state_repr       (dsme_state_t state);
 

diff --git a/include/dsme/modules.h b/include/dsme/modules.h
@@ -3,10 +3,13 @@
 
    DSME interface towards plugin modules.
    <p>
-   Copyright (C) 2004-2010 Nokia Corporation.
+   Copyright (c) 2004 - 2010 Nokia Corporation.
+   Copyright (c) 2015 - 2020 Jolla Ltd.
+   Copyright (c) 2020 Open Mobile Platform LLC.
 
    @author Ari Saastamoinen
    @author Semi Malinen <semi.malinen@nokia.com>
+   @author Simo Piiroinen <simo.piiroinen@jolla.com>
 
    This file is part of Dsme.
 
@@ -121,6 +124,7 @@ void endpoint_send(endpoint_t* recipient, const void* msg);
 const struct ucred* endpoint_ucred(const endpoint_t* sender);
 char* endpoint_name_by_pid(pid_t pid);
 char* endpoint_name(const endpoint_t* sender);
+bool endpoint_is_privileged(const endpoint_t* sender);
 bool endpoint_same(const endpoint_t* a, const endpoint_t* b);
 bool endpoint_is_dsme(const endpoint_t* endpoint);
 endpoint_t* endpoint_copy(const endpoint_t* endpoint);

diff --git a/modules/dsme_dbus.c b/modules/dsme_dbus.c
@@ -40,6 +40,7 @@
 #include "../include/dsme/modules.h"
 #include "../include/dsme/modulebase.h"
 #include "../dsme/dsme-server.h"
+#include "../dsme/utility.h"
 #include <dsme/state.h>
 
 #include <stdlib.h>
@@ -212,6 +213,7 @@ static bool               dsme_dbus_is_enabled              (void);
 static const char        *dsme_dbus_calling_module_name     (void);
 static bool               dsme_dbus_connection_is_open      (DBusConnection *con);
 static bool               dsme_dbus_bus_get_unix_process_id (DBusConnection *conn, const char *name, pid_t *pid);
+static bool               dsme_dbus_name_is_privileged      (DBusConnection *con, const char *name);
 static const char        *dsme_dbus_get_type_name           (int type);
 static bool               dsme_dbus_check_arg_type          (DBusMessageIter *iter, int want_type);
 static const char        *dsme_dbus_name_request_reply_repr (int reply);
@@ -1719,10 +1721,19 @@ manager_handle_method(DsmeDbusManager *self, DBusMessage *req)
                  interface_name, member,
                  module ? module_name(module) : "(current");
 
-        if( module )
-            modulebase_enter_module(module);
-        bindings->method(&message, &reply);
-        modulebase_enter_module(restore);
+        if( bindings->priv &&
+            !dsme_dbus_name_is_privileged(manager_connection(self),
+                                          dbus_message_get_sender(req)) ) {
+            reply = dsme_dbus_reply_error(&message,
+                                          DBUS_ERROR_ACCESS_DENIED,
+                                          "sender is not privileged");
+        }
+        else {
+            if( module )
+                modulebase_enter_module(module);
+            bindings->method(&message, &reply);
+            modulebase_enter_module(restore);
+        }
 
         if( !dbus_message_get_no_reply(req) ) {
             if( !reply ) {
@@ -1836,6 +1847,9 @@ dsme_dbus_bus_get_unix_process_id(DBusConnection *conn,
     DBusError     err = DBUS_ERROR_INIT;
     dbus_uint32_t dta = 0;
 
+    if( !name )
+        goto EXIT;
+
     if( !dsme_dbus_connection_is_open(conn) )
         goto EXIT;
 
@@ -1890,6 +1904,20 @@ dsme_dbus_bus_get_unix_process_id(DBusConnection *conn,
     return ack;
 }
 
+static bool
+dsme_dbus_name_is_privileged(DBusConnection *con, const char *name)
+{
+    bool is_privileged = false;
+    // FIXME: pid query is blocking dbus call
+    pid_t pid = -1;
+    if( !dsme_dbus_bus_get_unix_process_id(con, name, &pid) )
+        dsme_log(LOG_WARNING, "could not get pid for name %s", name);
+    else
+        is_privileged = dsme_process_is_privileged(pid);
+
+    return is_privileged;
+}
+
 static const char *
 dsme_dbus_get_type_name(int type)
 {

diff --git a/modules/dsme_dbus.h b/modules/dsme_dbus.h
@@ -3,8 +3,9 @@
 
    D-Bus C binding for DSME
    <p>
-   Copyright (C) 2009-2010 Nokia Corporation.
-   Copyright (C) 2013-2017 Jolla Ltd.
+   Copyright (c) 2009 - 2010 Nokia Corporation.
+   Copyright (c) 2013 - 2020 Jolla Ltd.
+   Copyright (c) 2020 Open Mobile Platform LLC.
 
    @author Semi Malinen <semi.malinen@nokia.com>
    @author Simo Piiroinen <simo.piiroinen@jollamobile.com>
@@ -48,6 +49,7 @@ typedef struct dsme_dbus_binding_t
 {
     DsmeDbusMethod  method;
     const char     *name; // = member
+    bool            priv;
     const char     *args; // = xml desc
 } dsme_dbus_binding_t;
 

diff --git a/modules/shutdownfeedback.c b/modules/shutdownfeedback.c
@@ -4,7 +4,8 @@
    Play vibra when shutting down
 
    <p>
-   Copyright (C) 2014-2017 Jolla Oy.
+   Copyright (c) 2014 - 2020 Jolla Ltd.
+   Copyright (c) 2020 Open Mobile Platform LLC.
 
    @author Pekka Lundstrom <pekka.lundstrom@jolla.com>
    @author Simo Piiroinen <simo.piiroinen@jollamobile.com>
@@ -49,13 +50,11 @@ DSME_HANDLER(DSM_MSGTYPE_STATE_CHANGE_IND, conn, msg)
 DSME_HANDLER(DSM_MSGTYPE_REBOOT_REQ, conn, msg)
 {
     // dsme_log(LOG_DEBUG, PFIX"reboot reques received");
-    dsme_play_vibra(pwroff_event_name);
 }
 
 DSME_HANDLER(DSM_MSGTYPE_SHUTDOWN_REQ, conn, msg)
 {
     //dsme_log(LOG_DEBUG, PFIX"shutdown reques received");
-    dsme_play_vibra(pwroff_event_name);
 }
 
 DSME_HANDLER(DSM_MSGTYPE_DBUS_CONNECTED, conn, msg)