Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[usb-moded] Add function to check for permission. JB#48441
Add usbmoded_is_mode_permitted function to check if user is allowed to
set given mode. Root is always allowed to set any mode. Non-dynamic
modes are always allowed for all users. Dynamic modes can be set if user
belongs to sailfish-system.

Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
  • Loading branch information
Tomin1 committed Jan 16, 2020
1 parent dd99200 commit 12eee44
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 0 deletions.
40 changes: 40 additions & 0 deletions src/usb_moded.c
Expand Up @@ -65,6 +65,10 @@
#include <errno.h>
#include <string.h>

#ifdef SAILFISH_ACCESS_CONTROL
# include <sailfishaccesscontrol.h>
#endif

#ifdef SYSTEMD
# include <systemd/sd-daemon.h>
#endif
Expand Down Expand Up @@ -116,6 +120,7 @@ bool usbmoded_get_rescue_mode (void);
void usbmoded_set_rescue_mode (bool rescue_mode);
bool usbmoded_get_diag_mode (void);
void usbmoded_set_diag_mode (bool diag_mode);
bool usbmoded_is_mode_permitted (const char *modename, uid_t uid);
void usbmoded_set_cable_connection_delay(int delay_ms);
int usbmoded_get_cable_connection_delay(void);
static gboolean usbmoded_allow_suspend_timer_cb (gpointer aptr);
Expand Down Expand Up @@ -340,6 +345,41 @@ void usbmoded_set_diag_mode(bool diag_mode)
}
}

/* ------------------------------------------------------------------------- *
* ACCESS_CHECKS
* ------------------------------------------------------------------------- */

bool usbmoded_is_mode_permitted(const char *modename, uid_t uid)
{
#ifdef SAILFISH_ACCESS_CONTROL
LOG_REGISTER_CONTEXT;

bool allowed = true;
modedata_t *data = 0;

/* all modes are allowed for root */
if( uid == 0 )
goto EXIT;

/* non-dynamic modes are allowed for all */
if( !(data = usbmoded_dup_modedata(modename)) )
goto EXIT;

/* dynamic modes are allowed for device owner and denied for others */
allowed = sailfish_access_control_hasgroup(uid, "sailfish-system");

EXIT:

modedata_free(data);

return allowed;

#else
return true;

#endif
}

/* ------------------------------------------------------------------------- *
* CABLE_CONNECT_DELAY
* ------------------------------------------------------------------------- */
Expand Down
1 change: 1 addition & 0 deletions src/usb_moded.h
Expand Up @@ -75,6 +75,7 @@ bool usbmoded_get_rescue_mode (void);
void usbmoded_set_rescue_mode (bool rescue_mode);
bool usbmoded_get_diag_mode (void);
void usbmoded_set_diag_mode (bool diag_mode);
bool usbmoded_is_mode_permitted (const char *modename, uid_t uid);
void usbmoded_set_cable_connection_delay(int delay_ms);
int usbmoded_get_cable_connection_delay(void);
void usbmoded_allow_suspend (void);
Expand Down

0 comments on commit 12eee44

Please sign in to comment.