Bug 85036

Summary: location: buildtime option to restrict location into a particular user only
Product: ModemManager Reporter: Aleksander Morgado <aleksander>
Component: generalAssignee: ModemManager bug user <modemmanager>
Status: RESOLVED MOVED QA Contact:
Severity: minor    
Priority: medium CC: bugzilla, zeenix
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Aleksander Morgado 2014-10-15 08:24:24 UTC 
Originally reported at:
  https://bugzilla.gnome.org/show_bug.cgi?id=724543
Please refer to the original bug report if more details are needed.

Currently, every user which is able to access the ModemManager interfaces is able to read the Location information, which is given in two different ways:
 * Via GetLocation() request/responses.
 * Via Location property read/updates.

In order to restrict who can read the location information to just the geoclue user (and root), ModemManager should have a build-time option where a given username is specified. This username should be the one used to run the geoclue client that access MM.

Once the buildtime option is enabled:
 * Location property read/updates will be disabled. There is currently no easy way to manage this access control at DBus-level, especially for the property update notifications via the PropertiesChanged signal.
 * The only way to retrieve location information will be through GetLocation() request/responses, which will validate the remote user to ensure it's either root or the geoclue user.

An initial implementation is already available in the "aleksander/limited-location-user" branch in upstream git:
http://cgit.freedesktop.org/ModemManager/ModemManager/log/?h=aleksander/limited-location-user
Comment 1 GitLab Migration User 2018-06-10 09:02:17 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/mobile-broadband/ModemManager/issues/24.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.