Merge branch 'jb49458' into 'master'

Allow mtp for users group

See merge request mer-core/usb-moded!59

config/10-usb-moded-defaults.ini

@@ -0,0 +1,5 @@
+# This is effective only when built with --enable-sailfish-access-control
+# Dynamic modes are limited to sailfish-system group by default,
+# this allows mtp_mode for the whole users group
+[mode_group]
+mtp_mode = users

docs/usb_moded-doc.txt

@@ -170,6 +170,20 @@ but not all usb network related profiles might want it enabled.
 
 If you want the device to load a dhcp server you need to configure this in the mode config, just like nat. (see lower)
 
+USB moded supports access control of dynamic modes when built with --enable-sailfish-access-control.
+Modes are allowed and denied based on the user of the process accessing the D-Bus API.
+By default dynamic modes are allowed for users in sailfish-system but the group can be overridden in configuration.
+
+For example:
+
+[mode_group]
+mtp_mode = users
+developer_mode = developers
+
+This allows mode called mtp_mode to users in "users" group and mode called developer_mode for users in "developers" group.
+Users group includes all regular users which is less restrictive than the default.
+Note that if the group doesn't exist access is denied.
+
 Functional overview
 --------------------
 

rpm/usb-moded.spec

@@ -332,6 +332,7 @@ install -m 644 -D config/diag/* %{buildroot}/%{_sysconfdir}/usb-moded/diag/
 install -m 644 -D config/run/* %{buildroot}/%{_sysconfdir}/usb-moded/run/
 install -m 644 -D config/run-diag/* %{buildroot}/%{_sysconfdir}/usb-moded/run-diag/
 install -m 644 -D config/mass-storage-jolla.ini %{buildroot}/%{_sysconfdir}/usb-moded/
+install -m 644 -D config/10-usb-moded-defaults.ini %{buildroot}/%{_sysconfdir}/usb-moded/
 install -d %{buildroot}/%{_sharedstatedir}/usb-moded
 
 ln -sf /run/usb-moded/udhcpd.conf %{buildroot}/%{_sysconfdir}/udhcpd.conf
@@ -363,6 +364,7 @@ systemctl daemon-reload || :
 %dir %{_sysconfdir}/usb-moded
 %dir %{_sysconfdir}/usb-moded/dyn-modes
 %dir %{_sysconfdir}/usb-moded/run
+%{_sysconfdir}/usb-moded/10-usb-moded-defaults.ini
 %{_sysconfdir}/udhcpd.conf
 %{_sysconfdir}/dbus-1/system.d/usb_moded.conf
 %{_sysconfdir}/modprobe.d/usb_moded.conf

src/usb_moded-config-private.h

@@ -78,6 +78,9 @@ set_config_result_t  config_set_hide_mode_setting   (const char *mode);
 set_config_result_t  config_set_unhide_mode_setting (const char *mode);
 set_config_result_t  config_set_mode_whitelist      (const char *whitelist);
 set_config_result_t  config_set_mode_in_whitelist   (const char *mode, int allowed);
+#ifdef SAILFISH_ACCESS_CONTROL
+char                *config_get_group_for_mode      (const char *mode);
+#endif
 set_config_result_t  config_set_network_setting     (const char *config, const char *setting);
 char                *config_get_network_setting     (const char *config);
 bool                 config_init                    (void);

src/usb_moded-config.c

@@ -89,6 +89,9 @@ set_config_result_t  config_set_hide_mode_setting    (const char *mode);
 set_config_result_t  config_set_unhide_mode_setting  (const char *mode);
 set_config_result_t  config_set_mode_whitelist       (const char *whitelist);
 set_config_result_t  config_set_mode_in_whitelist    (const char *mode, int allowed);
+#ifdef SAILFISH_ACCESS_CONTROL
+char                *config_get_group_for_mode       (const char *mode);
+#endif
 set_config_result_t  config_set_network_setting      (const char *config, const char *setting);
 char                *config_get_network_setting      (const char *config);
 static void          config_merge_key                (GKeyFile *dest, GKeyFile *srce, const char *grp, const char *key);
@@ -592,6 +595,20 @@ set_config_result_t config_set_mode_in_whitelist(const char *mode, int allowed)
     return ret;
 }
 
+#ifdef SAILFISH_ACCESS_CONTROL
+char *config_get_group_for_mode(const char *mode)
+{
+    LOG_REGISTER_CONTEXT;
+
+    char *group = config_get_conf_string(MODE_GROUP_ENTRY, mode);
+
+    if (group == NULL)
+        group = g_strdup("sailfish-system");
+
+    return group;
+}
+#endif
+
 /*
  * @param config : the key to be set
  * @param setting : The value to be set

src/usb_moded-config.h

@@ -72,6 +72,7 @@
 # define ANDROID_PRODUCT_ID_KEY         "idProduct"
 # define MODE_HIDE_KEY                  "hide"
 # define MODE_WHITELIST_KEY             "whitelist"
+# define MODE_GROUP_ENTRY               "mode_group"
 
 /* ========================================================================= *
  * Types

src/usb_moded.c

@@ -357,6 +357,7 @@ bool usbmoded_is_mode_permitted(const char *modename, uid_t uid)
 
     bool        allowed = true;
     modedata_t *data = 0;
+    char       *group = 0;
 
     /* all modes are allowed for root */
     if( uid == 0 )
@@ -366,11 +367,14 @@ bool usbmoded_is_mode_permitted(const char *modename, uid_t uid)
     if( !(data = usbmoded_dup_modedata(modename)) )
         goto EXIT;
 
-    /* dynamic modes are allowed for device owner and denied for others */
-    allowed = sailfish_access_control_hasgroup(uid, "sailfish-system");
+    /* dynamic modes are allowed based on group,
+     * which defaults to sailfish-system meaning device owner only */
+    group = config_get_group_for_mode(modename);
+    allowed = sailfish_access_control_hasgroup(uid, group);
 
 EXIT:
 
+    g_free(group);
     modedata_free(data);
 
     return allowed;