dbus-proxy: Fix handling of broadcasts

In https://github.com/flatpak/flatpak/pull/1689 we were meant to have limited the receiving of broadcasts on portals, but die to a bug in the proxy we accidentally allowed all broadcasts anyway. The change which ignores all applied filters < POLICY_TALK fixes that. However, it also turns out that the desktop portal actually *does* rely on signals. For example the network portal uses property change notification. So, to make sure this works we allow all signal from the portal names, but only if they are on a object path starting under /org/freedesktop/portal (which incidentally all portal object are). This means there is no real change in anything that is currently deployed, but it does allow portals to opt out of this global signal visiblity if they want by using a different object path, which we want to use in dconf. Closes: #1976 Approved by: alexlarsson
author: Alexander Larsson <alexl@redhat.com> 2018-08-16 18:46:46 +0200
committer: Atomic Bot <atomic-devel@projectatomic.io> 2018-08-17 09:24:13 +0000
commit: ef9297a0f104365f3d94211c95ae594f67ad55d2 (patch)
tree: 8d86c2bda2c612bcacda4c45c451573114bae3f6
parent: cbc004655404bfb024f9af910362698f36d11202 (diff)
download: flatpak-ef9297a0f104365f3d94211c95ae594f67ad55d2.tar.gz
2 files changed, 5 insertions, 2 deletions
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index b557dcb6..74b63d6e 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -573,9 +573,11 @@ flatpak_run_add_session_dbus_args (FlatpakBwrap   *app_bwrap,
         {
           flatpak_context_add_bus_filters (context, app_id, TRUE, proxy_arg_bwrap);
 
-          /* Allow calling any interface+method on all portals, but don't receive broadcasts */
+          /* Allow calling any interface+method on all portals, but only receive broadcasts under /org/desktop/portal */
           flatpak_bwrap_add_arg (proxy_arg_bwrap,
                                  "--call=org.freedesktop.portal.*=*");
+          flatpak_bwrap_add_arg (proxy_arg_bwrap,
+                                 "--broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/*");
         }
 
       if ((flags & FLATPAK_RUN_FLAG_LOG_SESSION_BUS) != 0)
diff --git a/dbus-proxy/flatpak-proxy.c b/dbus-proxy/flatpak-proxy.c
index c05b688a..fff7686c 100644
--- a/dbus-proxy/flatpak-proxy.c
+++ b/dbus-proxy/flatpak-proxy.c
@@ -574,7 +574,8 @@ filter_matches (Filter        *filter,
                 const char    *interface,
                 const char    *member)
 {
-  if ((filter->types & type) == 0)
+  if (filter->policy < FLATPAK_POLICY_TALK ||
+      (filter->types & type) == 0)
     return FALSE;
 
   if (filter->path)
author	Alexander Larsson <alexl@redhat.com>	2018-08-16 18:46:46 +0200
committer	Atomic Bot <atomic-devel@projectatomic.io>	2018-08-17 09:24:13 +0000
commit	ef9297a0f104365f3d94211c95ae594f67ad55d2 (patch)
tree	8d86c2bda2c612bcacda4c45c451573114bae3f6
parent	cbc004655404bfb024f9af910362698f36d11202 (diff)
download	flatpak-ef9297a0f104365f3d94211c95ae594f67ad55d2.tar.gz