From 9cec151e19b2b096da6b8d3098c10aed37e1b9de Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Thu, 26 Apr 2018 11:41:54 +0200 Subject: [PATCH] service-client: Refuse access without an agent To avoid races between clients and agents, make sure that an agent is required for each UID that wants its applications to be able to access location services. This will mean that desktop environments (and DIY ones) will need to have an agent running in the background to be able to ask authorisation questions. https://bugs.freedesktop.org/show_bug.cgi?id=106236 --- src/gclue-service-client.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/gclue-service-client.c b/src/gclue-service-client.c index e8a591a..d9f3dfd 100644 --- a/src/gclue-service-client.c +++ b/src/gclue-service-client.c @@ -478,9 +478,19 @@ gclue_service_client_handle_start (GClueDBusClient *client, GCLUE_ACCURACY_LEVEL_COUNTRY, GCLUE_ACCURACY_LEVEL_EXACT); - /* No agent == No authorization needed */ - if (priv->agent_proxy == NULL || - gclue_config_is_system_component (config, desktop_id) || + /* No agent == No authorization */ + if (priv->agent_proxy == NULL) { + g_dbus_method_invocation_return_error (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "'%s' disallowed, no agent " + "for UID %u", + desktop_id, + uid); + return TRUE; + } + + if (gclue_config_is_system_component (config, desktop_id) || app_perm == GCLUE_APP_PERM_ALLOWED) { complete_start (data); -- 2.17.0