| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This can abort at runtime if the object pointed to by user_data is already
gone by the time the callback is run.
|
|
|
|
|
|
|
| |
It has been deprecated since GObject 2.58.
Replace with *_get_instance_private() functions generated by GObject
G_ADD_PRIVATE macro.
|
|
|
|
|
|
|
|
|
|
|
| |
Seems to be the correct prefix to check for as of
https://github.com/flatpak/flatpak/commit/0c291cf1c9251a93a7bb893ee8e0371e588e05dc.
(Which follows a change in
https://github.com/flatpak/flatpak/commit/e481e3ea58e515e6e88673fac908be941c882569.)
Seems to fix recognition of Flatpak apps on Pop!_OS 21.04 beta.
Otherwise Flatpak apps are recognized as "system apps", and are always
authorized without invoking the agent.
|
|
|
|
|
|
|
|
|
| |
For v2 cgroups the /proc/<pid>/cgroup format changed to a single line¹.
Support this too to not misdetect flatpaks as system apps.
1) See https://www.kernel.org/doc/html/v4.18/admin-guide/cgroup-v2.html#processes
Signed-off-by: Guido Günther <agx@sigxcpu.org>
|
|
|
|
|
|
| |
The current code is leaking a DBUS proxy and a TimeThreshold object on *each*
client disconnect. Since some clients like to connect/disconnect every few seconds
or minute, this leaks like crazy after a few hours.
|
|
|
|
|
|
|
|
|
| |
Use the G_ADD_PRIVATE() macro instead.
This doesn't fix the issue in geocode-glib but that's not an issue since
we plan to drop geocode-glib (#88).
Fixes #98.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit a5afe7a0ee971371423edaca4fdd43b9b7b05a1e,
commit c8dc5bc0318293dbc9007946e92a10dba3a57d54 and commit
defe4a3e9f4bacba44b12e1fe82dd915e49858c2.
The new method of detecting whether an application is a Flatpak is only
available to 1) the user running the Flatpak 2) root. As we advise that
geoclue is run as a normal non-privileged user, revert those commits
while we wait for a solution to be available.
See https://github.com/flatpak/flatpak/issues/1644
https://bugs.freedesktop.org/show_bug.cgi?id=97776
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For newer (>= 0.6.10) versions of Flatpak, the way to export the desktop
ID has changed from requiring cgroups to not requiring it.
See https://github.com/flatpak/flatpak/releases/tag/0.6.10
This changes the private gclue_client_info_get_xdg_id() API to return a
NULL xdg_id should the code fail to read the Flatpak ID for a Flatpak'ed
application, and consider it to be disqualifying:
"
Like parse_app_info_from_fileinfo(), returns NULL on failure,
"" (an empty string) if not sandboxed, and a desktop ID otherwise
"
https://bugs.freedesktop.org/show_bug.cgi?id=97776
|
| |
|
|
|
|
|
|
|
| |
Now that xdg-app has been renamed, we also need to check for the
"flatpak-" prefix for the cgroup.
https://bugs.freedesktop.org/show_bug.cgi?id=96655
|
|
|
|
|
|
| |
xdg-app shows the desktop ID of the apps in name column of
/proc/PID/cgroup file and it can't be faked so let's make use of that
when we are dealing with xdg-app apps.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, glib's GDBusProxy calls org.freedesktop.DBus.Properties.GetAll
to load all properties on a loaded interface - however in this case we
are creating a proxy to the system standard bus interface for the sole
purpose of later calling GetConnectionUnixUser.
GeoClue does not have permission to use the org.freedesktop.DBus.Properties
interface on a proxy to /org/freedesktop/DBus (and there are no properties
to be loaded anyway).
Note that GeoClue works fine without this patch, however this patch
will avoid error messages being logged to the system logs.
https://bugs.freedesktop.org/show_bug.cgi?id=92979
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have been using /proc/${PID}/cmdline for identifying apps but that
can be overwritten by app itself very easily. Instead we look at what
/proc/${PID}/exe is pointing to. The only way an app/agent can fool
geoclue now is by overwriting the binary of a whitelisted agent or
authorized app.
We can make things a lot more secure by only allowing binaries to be in
privileged directories (e.g /usr/bin and /usr/libexec etc) since then a
random unprivileged binary can't just overwrite known binaries. However,
this will break geoclue for developers (think jhbuild). Perhaps we
should do this but provide an option in conf file to either disable
these checks or provide the whitelists binary directories?
Thanks to Lennart Poettering for advice.
|
|
This will be used to detect and carry around client info such as:
* Unique bus name
* Commandline
* ID of user client is running as
Also it emits 'peer-vanished' signal when the client disapears from bus.
|