From c11e2f193eae5e4fb87320f90f62c4c9252dc193 Mon Sep 17 00:00:00 2001
From: Nikita Ukhrenkov <nikita.ukhrenkov@jolla.com>
Date: Fri, 18 Sep 2020 16:25:41 +0300
Subject: [PATCH] [devicelock] use systemd-provided socket for hostservice.
 Fixes JB#49389

Adjust socket permissions for nemo-sevicelock.socket to make it
accessible by root:privileged.
---
 src/nemo-devicelock/host/hostservice.cpp | 11 ++++++++++-
 src/nemo-devicelock/host/hostservice.h   |  1 +
 systemd/nemo-devicelock.socket           |  3 +++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/nemo-devicelock/host/hostservice.cpp b/src/nemo-devicelock/host/hostservice.cpp
index 96dc826..54c56b6 100644
--- a/src/nemo-devicelock/host/hostservice.cpp
+++ b/src/nemo-devicelock/host/hostservice.cpp
@@ -80,7 +80,7 @@ public slots:
 };
 
 HostService::HostService(const QVector<HostObject *> objects, QObject *parent)
-    : QDBusServer(QStringLiteral("unix:path=/run/nemo-devicelock/socket"), parent)
+    : QDBusServer(HostService::socketAddress(), parent)
     , m_objects(objects)
 {
     setAnonymousAuthenticationAllowed(true);
@@ -175,6 +175,15 @@ void HostService::connectionReady(const QDBusConnection &newConnection)
     }
 }
 
+QString HostService::socketAddress()
+{
+    // Check if socket-based activation logic is enabled and at least one fd is provided
+    if (sd_listen_fds(0) > 0)
+        return QStringLiteral("systemd:");
+
+    return QStringLiteral("unix:path=/run/nemo-devicelock/socket");
+}
+
 }
 
 #include "hostservice.moc"
diff --git a/src/nemo-devicelock/host/hostservice.h b/src/nemo-devicelock/host/hostservice.h
index 96aba5b..f377625 100644
--- a/src/nemo-devicelock/host/hostservice.h
+++ b/src/nemo-devicelock/host/hostservice.h
@@ -69,6 +69,7 @@ class HostService : public QDBusServer
     friend class ConnectionMonitor;
 
     void connectionReady(const QDBusConnection &connection);
+    static QString socketAddress();
 
     const QVector<HostObject *> m_objects;
 };
diff --git a/systemd/nemo-devicelock.socket b/systemd/nemo-devicelock.socket
index 8f1ea31..5947723 100644
--- a/systemd/nemo-devicelock.socket
+++ b/systemd/nemo-devicelock.socket
@@ -8,3 +8,6 @@ Conflicts=shutdown.target
 [Socket]
 ListenStream=/run/nemo-devicelock/socket
 Accept=false
+SocketUser=root
+SocketGroup=privileged
+SocketMode=0660