From ca45488ca4301e4304c06b577b6008449bdd4408 Mon Sep 17 00:00:00 2001
From: kamiyadm <chenhuixing@deepin.org>
Date: Tue, 3 Dec 2024 15:34:38 +0800
Subject: [PATCH] fix: dbus permission authentication is skipped

The interface org.freedesktop.DBus.Introspectable can not be rejected in
dbus(1.12.20.11-deepin1). We use org.deepin.linglong.PackageManager.Prune
to identify permissions now.

Log:
---
 libs/linglong/src/linglong/cli/cli.cpp | 42 +++++++++-----------------
 libs/linglong/src/linglong/cli/cli.h   |  1 +
 2 files changed, 16 insertions(+), 27 deletions(-)

diff --git a/libs/linglong/src/linglong/cli/cli.cpp b/libs/linglong/src/linglong/cli/cli.cpp
index b9a505303..3c5227720 100644
--- a/libs/linglong/src/linglong/cli/cli.cpp
+++ b/libs/linglong/src/linglong/cli/cli.cpp
@@ -845,13 +845,7 @@ int Cli::install()
 {
     LINGLONG_TRACE("command install");
 
-    // Note: we deny the org.freedesktop.DBus.Introspectable for now.
-    // Use this interface to determin that this client whether have permission to call PM.
-    QDBusInterface dbusIntrospect(this->pkgMan.service(),
-                                  this->pkgMan.path(),
-                                  "org.freedesktop.DBus.Introspectable",
-                                  this->pkgMan.connection());
-    QDBusReply<QString> authReply = dbusIntrospect.call("Introspect");
+    QDBusReply<QString> authReply = this->authorization();
     if (!authReply.isValid() && authReply.error().type() == QDBusError::AccessDenied) {
         auto args = QCoreApplication::instance()->arguments();
         // pkexec在0.120版本之前没有keep-cwd选项，会将目录切换到/root
@@ -971,11 +965,7 @@ int Cli::upgrade()
 {
     LINGLONG_TRACE("command upgrade");
 
-    QDBusInterface dbusIntrospect(this->pkgMan.service(),
-                                  this->pkgMan.path(),
-                                  "org.freedesktop.DBus.Introspectable",
-                                  this->pkgMan.connection());
-    QDBusReply<QString> authReply = dbusIntrospect.call("Introspect");
+    QDBusReply<QString> authReply = this->authorization();
     if (!authReply.isValid() && authReply.error().type() == QDBusError::AccessDenied) {
         auto ret = this->runningAsRoot();
         if (!ret) {
@@ -1177,11 +1167,7 @@ int Cli::prune()
 {
     LINGLONG_TRACE("command prune");
 
-    QDBusInterface dbusIntrospect(this->pkgMan.service(),
-                                  this->pkgMan.path(),
-                                  "org.freedesktop.DBus.Introspectable",
-                                  this->pkgMan.connection());
-    QDBusReply<QString> authReply = dbusIntrospect.call("Introspect");
+    QDBusReply<QString> authReply = this->authorization();
     if (!authReply.isValid() && authReply.error().type() == QDBusError::AccessDenied) {
         auto ret = this->runningAsRoot();
         if (!ret) {
@@ -1247,11 +1233,7 @@ int Cli::uninstall()
 {
     LINGLONG_TRACE("command uninstall");
 
-    QDBusInterface dbusIntrospect(this->pkgMan.service(),
-                                  this->pkgMan.path(),
-                                  "org.freedesktop.DBus.Introspectable",
-                                  this->pkgMan.connection());
-    QDBusReply<QString> authReply = dbusIntrospect.call("Introspect");
+    QDBusReply<QString> authReply = this->authorization();
     if (!authReply.isValid() && authReply.error().type() == QDBusError::AccessDenied) {
         auto ret = this->runningAsRoot();
         if (!ret) {
@@ -1615,11 +1597,7 @@ int Cli::setRepoConfig(const QVariantMap &config)
 {
     LINGLONG_TRACE("set repo config");
 
-    QDBusInterface dbusIntrospect(this->pkgMan.service(),
-                                  this->pkgMan.path(),
-                                  "org.freedesktop.DBus.Introspectable",
-                                  this->pkgMan.connection());
-    QDBusReply<QString> authReply = dbusIntrospect.call("Introspect");
+    QDBusReply<QString> authReply = this->authorization();
     if (!authReply.isValid() && authReply.error().type() == QDBusError::AccessDenied) {
         auto ret = this->runningAsRoot();
         if (!ret) {
@@ -1901,4 +1879,14 @@ utils::error::Result<void> Cli::runningAsRoot(const QList<QString> &args)
     return LINGLONG_ERR("execve error", ret);
 }
 
+QDBusReply<QString> Cli::authorization()
+{
+    // Note: we have marked the method Prune of PM as rejected.
+    // Use this method to determin that this client whether have permission to call PM.
+    QDBusInterface dbusIntrospect(this->pkgMan.service(),
+                                  this->pkgMan.path(),
+                                  this->pkgMan.service(),
+                                  this->pkgMan.connection());
+    return dbusIntrospect.call("Prune");
+}
 } // namespace linglong::cli
diff --git a/libs/linglong/src/linglong/cli/cli.h b/libs/linglong/src/linglong/cli/cli.h
index 455c02222..644e239da 100644
--- a/libs/linglong/src/linglong/cli/cli.h
+++ b/libs/linglong/src/linglong/cli/cli.h
@@ -92,6 +92,7 @@ class Cli : public QObject
     listUpgradable(const std::vector<api::types::v1::PackageInfoV2> &pkgs);
     utils::error::Result<std::vector<api::types::v1::UpgradeListResult>>
     listUpgradable(const std::string &type);
+    QDBusReply<QString> authorization();
 
 private Q_SLOTS:
     // maybe use in the future