diff options
| author | Adrian Szyndela <adrian.s@samsung.com> | 2020-09-18 14:50:10 +0200 |
|---|---|---|
| committer | Hyotaek Shim <hyotaek.shim@samsung.com> | 2020-09-21 11:26:44 +0900 |
| commit | bc149d759b07ad97f5baad1f4004e4243a300f69 (patch) | |
| tree | 18c26ff9388a7303d7451aa0d3ade9877b803f53 | |
| parent | 58b46293becfc2fe6f70efd5db99fb543b07cdeb (diff) | |
| download | dbus-bc149d759b07ad97f5baad1f4004e4243a300f69.tar.gz dbus-bc149d759b07ad97f5baad1f4004e4243a300f69.tar.bz2 dbus-bc149d759b07ad97f5baad1f4004e4243a300f69.zip | |
bus/connection: don't check cmdline in session dbus-daemonsubmit/tizen/20200921.022732accepted/tizen/unified/20200922.090815
Session dbus-daemon may have no rights to look into cmdline in /proc.
In such cases logs are cluttered with access denied.
This commit disables checking cmdline for session dbus-daemon.
(Before)
May 21 08:13:06 localhost dbus-daemon[676]: [session uid=5001 pid=676] Rejected send message, 1 matched rules; type="method_call", send
er=":1.33" (uid=5001 pid=1090 comm="/usr/apps/org.tizen.multi-assistant-service/bin/or" label="User::Pkg::org.tizen.multi-assistant-ser
vice") interface="org.freedesktop.DBus" member="RequestName" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus
" privilege="(n/a)" (bus) rule(<deny send_type="method_call" />)
(After)
May 21 08:21:55 localhost dbus-daemon[678]: [session uid=5001 pid=678] Rejected send message, 1 matched rules; type="method_call", send
er=":1.33" (uid=5001 pid=1110 comm="<not-read>" label="User::Pkg::org.tizen.multi-assistant-service") interface="org.freedesktop.DBus"
member="RequestName" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" privilege="(n/a)" (bus) rule(<deny sen
d_type="method_call" />)
Change-Id: I15c3b9b2a5675546b6adb3b1521e790088bd8f85
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
| -rw-r--r-- | bus/connection.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/bus/connection.c b/bus/connection.c index 89cf979a..6b85ba37 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -591,6 +591,13 @@ bus_connections_unref (BusConnections *connections) } } +static dbus_bool_t +is_context_type_session (BusConnectionData *d) +{ + const char *context_type = bus_context_get_type (d->connections->context); + return context_type && !strcmp (context_type, "session"); +} + /* Used for logging */ static dbus_bool_t cache_peer_loginfo_string (BusConnectionData *d, @@ -624,8 +631,19 @@ cache_peer_loginfo_string (BusConnectionData *d, if (!_dbus_string_append_printf (&loginfo_buf, "pid=%ld comm=\"", pid)) goto oom; /* Ignore errors here; we may not have permissions to read the - * proc file. */ - _dbus_command_for_pid (pid, &loginfo_buf, MAX_LOG_COMMAND_LEN, NULL); + * proc file. + * Don't even try it for the session daemon, to avoid cluttering logs with security error logs for + * accessing the proc file. + */ + if (!is_context_type_session(d)) + { + _dbus_command_for_pid (pid, &loginfo_buf, MAX_LOG_COMMAND_LEN, NULL); + } + else + { + if (!_dbus_string_append (&loginfo_buf, "<not-read>")) /* for session daemon just say that we didn't try */ + goto oom; + } if (!_dbus_string_append_byte (&loginfo_buf, '"')) goto oom; else |