diff --git a/src/sysprofd/ipc-service-impl.c b/src/sysprofd/ipc-service-impl.c index d8ef8d76..1733bd1f 100644 --- a/src/sysprofd/ipc-service-impl.c +++ b/src/sysprofd/ipc-service-impl.c @@ -22,6 +22,8 @@ #include "config.h" +#include + #include "ipc-service-impl.h" struct _IpcServiceImpl @@ -108,6 +110,43 @@ ipc_service_impl_handle_get_proc_file (IpcService *service, return TRUE; } +static gboolean +ipc_service_impl_g_authorize_method (GDBusInterfaceSkeleton *skeleton, + GDBusMethodInvocation *invocation) +{ + PolkitAuthority *authority = NULL; + PolkitSubject *subject = NULL; + const gchar *peer_name; + gboolean ret = TRUE; + + g_assert (IPC_IS_SERVICE_IMPL (skeleton)); + g_assert (G_IS_DBUS_METHOD_INVOCATION (invocation)); + + peer_name = g_dbus_method_invocation_get_sender (invocation); + + if (!(authority = polkit_authority_get_sync (NULL, NULL)) || + !(subject = polkit_system_bus_name_new (peer_name)) || + !polkit_authority_check_authorization_sync (authority, + POLKIT_SUBJECT (subject), + "org.gnome.sysprof3.profile", + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + NULL, + NULL)) + { + g_dbus_method_invocation_return_error (g_steal_pointer (&invocation), + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Not authorized to make request"); + ret = FALSE; + } + + g_clear_object (&authority); + g_clear_object (&subject); + + return ret; +} + static void init_service_iface (IpcServiceIface *iface) { @@ -121,11 +160,16 @@ G_DEFINE_TYPE_WITH_CODE (IpcServiceImpl, ipc_service_impl, IPC_TYPE_SERVICE_SKEL static void ipc_service_impl_class_init (IpcServiceImplClass *klass) { + GDBusInterfaceSkeletonClass *skeleton_class = G_DBUS_INTERFACE_SKELETON_CLASS (klass); + + skeleton_class->g_authorize_method = ipc_service_impl_g_authorize_method; } static void ipc_service_impl_init (IpcServiceImpl *self) { + g_dbus_interface_skeleton_set_flags (G_DBUS_INTERFACE_SKELETON (self), + G_DBUS_INTERFACE_SKELETON_FLAGS_HANDLE_METHOD_INVOCATIONS_IN_THREAD); } IpcService * diff --git a/src/sysprofd/meson.build b/src/sysprofd/meson.build index 2586788d..fc9b3444 100644 --- a/src/sysprofd/meson.build +++ b/src/sysprofd/meson.build @@ -58,8 +58,8 @@ configure_file( ) i18n.merge_file( - input: 'org.gnome.sysprof2.policy.in', - output: 'org.gnome.sysprof2.policy', + input: 'org.gnome.sysprof3.policy.in', + output: 'org.gnome.sysprof3.policy', po_dir: podir, install: true, install_dir: join_paths(datadir, 'polkit-1/actions'), diff --git a/src/sysprofd/org.gnome.sysprof2.policy.in b/src/sysprofd/org.gnome.sysprof2.policy.in deleted file mode 100644 index 7398a163..00000000 --- a/src/sysprofd/org.gnome.sysprof2.policy.in +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - The sysprof Project - https://wiki.gnome.org/Apps/Sysprof - sysprof - - - Open a perf event stream - Authentication is required to access system performance counters. - - auth_admin_keep - auth_admin_keep - auth_admin_keep - - org.gnome.sysprof2.get-kernel-symbols - - - - Get a list of kernel symbols and their address - Authentication is required to access Linux kernel information. - - auth_admin_keep - auth_admin_keep - auth_admin_keep - - org.gnome.sysprof2.perf-event-open - - - diff --git a/src/sysprofd/org.gnome.sysprof3.policy.in b/src/sysprofd/org.gnome.sysprof3.policy.in new file mode 100644 index 00000000..e29ed2aa --- /dev/null +++ b/src/sysprofd/org.gnome.sysprof3.policy.in @@ -0,0 +1,20 @@ + + + + + + The sysprof Project + https://wiki.gnome.org/Apps/Sysprof + org.gnome.Sysprof-symbolic + + Profile the system + Authentication is required to profile the system. + + auth_admin_keep + auth_admin_keep + auth_admin_keep + + +