Originally reported at:
Please refer to the original bug report if more details are needed.
Currently, every user which is able to access the ModemManager interfaces is able to read the Location information, which is given in two different ways:
* Via GetLocation() request/responses.
* Via Location property read/updates.
In order to restrict who can read the location information to just the geoclue user (and root), ModemManager should have a build-time option where a given username is specified. This username should be the one used to run the geoclue client that access MM.
Once the buildtime option is enabled:
* Location property read/updates will be disabled. There is currently no easy way to manage this access control at DBus-level, especially for the property update notifications via the PropertiesChanged signal.
* The only way to retrieve location information will be through GetLocation() request/responses, which will validate the remote user to ensure it's either root or the geoclue user.
An initial implementation is already available in the "aleksander/limited-location-user" branch in upstream git:
-- GitLab Migration Automatic Message --
This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/mobile-broadband/ModemManager/issues/24.