fix: dbus permission authentication is skipped

The interface org.freedesktop.DBus.Introspectable can not be rejected in dbus(1.12.20.11-deepin1). We use org.deepin.linglong.PackageManager.Prune to identify permissions now. Log:
OpenAtom-Linyaps · Dec 4, 2024 · ca45488 · ca45488
1 parent 5631566
commit ca45488
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 27 deletions.
diff --git a/libs/linglong/src/linglong/cli/cli.cpp b/libs/linglong/src/linglong/cli/cli.cpp
@@ -845,13 +845,7 @@ int Cli::install()
 {
     LINGLONG_TRACE("command install");
 
-    // Note: we deny the org.freedesktop.DBus.Introspectable for now.
-    // Use this interface to determin that this client whether have permission to call PM.
-    QDBusInterface dbusIntrospect(this->pkgMan.service(),
-                                  this->pkgMan.path(),
-                                  "org.freedesktop.DBus.Introspectable",
-                                  this->pkgMan.connection());
-    QDBusReply<QString> authReply = dbusIntrospect.call("Introspect");
+    QDBusReply<QString> authReply = this->authorization();
     if (!authReply.isValid() && authReply.error().type() == QDBusError::AccessDenied) {
         auto args = QCoreApplication::instance()->arguments();
         // pkexec在0.120版本之前没有keep-cwd选项，会将目录切换到/root
@@ -971,11 +965,7 @@ int Cli::upgrade()
 {
     LINGLONG_TRACE("command upgrade");
 
-    QDBusInterface dbusIntrospect(this->pkgMan.service(),
-                                  this->pkgMan.path(),
-                                  "org.freedesktop.DBus.Introspectable",
-                                  this->pkgMan.connection());
-    QDBusReply<QString> authReply = dbusIntrospect.call("Introspect");
+    QDBusReply<QString> authReply = this->authorization();
     if (!authReply.isValid() && authReply.error().type() == QDBusError::AccessDenied) {
         auto ret = this->runningAsRoot();
         if (!ret) {
@@ -1177,11 +1167,7 @@ int Cli::prune()
 {
     LINGLONG_TRACE("command prune");
 
-    QDBusInterface dbusIntrospect(this->pkgMan.service(),
-                                  this->pkgMan.path(),
-                                  "org.freedesktop.DBus.Introspectable",
-                                  this->pkgMan.connection());
-    QDBusReply<QString> authReply = dbusIntrospect.call("Introspect");
+    QDBusReply<QString> authReply = this->authorization();
     if (!authReply.isValid() && authReply.error().type() == QDBusError::AccessDenied) {
         auto ret = this->runningAsRoot();
         if (!ret) {
@@ -1247,11 +1233,7 @@ int Cli::uninstall()
 {
     LINGLONG_TRACE("command uninstall");
 
-    QDBusInterface dbusIntrospect(this->pkgMan.service(),
-                                  this->pkgMan.path(),
-                                  "org.freedesktop.DBus.Introspectable",
-                                  this->pkgMan.connection());
-    QDBusReply<QString> authReply = dbusIntrospect.call("Introspect");
+    QDBusReply<QString> authReply = this->authorization();
     if (!authReply.isValid() && authReply.error().type() == QDBusError::AccessDenied) {
         auto ret = this->runningAsRoot();
         if (!ret) {
@@ -1615,11 +1597,7 @@ int Cli::setRepoConfig(const QVariantMap &config)
 {
     LINGLONG_TRACE("set repo config");
 
-    QDBusInterface dbusIntrospect(this->pkgMan.service(),
-                                  this->pkgMan.path(),
-                                  "org.freedesktop.DBus.Introspectable",
-                                  this->pkgMan.connection());
-    QDBusReply<QString> authReply = dbusIntrospect.call("Introspect");
+    QDBusReply<QString> authReply = this->authorization();
     if (!authReply.isValid() && authReply.error().type() == QDBusError::AccessDenied) {
         auto ret = this->runningAsRoot();
         if (!ret) {
@@ -1901,4 +1879,14 @@ utils::error::Result<void> Cli::runningAsRoot(const QList<QString> &args)
     return LINGLONG_ERR("execve error", ret);
 }
 
+QDBusReply<QString> Cli::authorization()
+{
+    // Note: we have marked the method Prune of PM as rejected.
+    // Use this method to determin that this client whether have permission to call PM.
+    QDBusInterface dbusIntrospect(this->pkgMan.service(),
+                                  this->pkgMan.path(),
+                                  this->pkgMan.service(),
+                                  this->pkgMan.connection());
+    return dbusIntrospect.call("Prune");
+}
 } // namespace linglong::cli
diff --git a/libs/linglong/src/linglong/cli/cli.h b/libs/linglong/src/linglong/cli/cli.h
@@ -92,6 +92,7 @@ class Cli : public QObject
     listUpgradable(const std::vector<api::types::v1::PackageInfoV2> &pkgs);
     utils::error::Result<std::vector<api::types::v1::UpgradeListResult>>
     listUpgradable(const std::string &type);
+    QDBusReply<QString> authorization();
 
 private Q_SLOTS:
     // maybe use in the future