From 77b134b5f3f2856cd6a915904b9ff3b207654c71 Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Tue, 6 Jan 2009 21:20:50 +0100
Subject: [PATCH] Add support for different security privileges

---
 include/security.h     |    9 ++++++++-
 plugins/connman.policy |   10 +++++-----
 plugins/polkit.c       |   20 +++++++++++++++++---
 src/connection.c       |    7 ++++++-
 src/connman.h          |    3 ++-
 src/device.c           |   13 ++++++++++---
 src/manager.c          |    7 ++++++-
 src/network.c          |   13 ++++++++++---
 src/security.c         |    5 +++--
 9 files changed, 67 insertions(+), 20 deletions(-)

diff --git a/include/security.h b/include/security.h
index 123e6fb..9e27a5f 100644
--- a/include/security.h
+++ b/include/security.h
@@ -32,6 +32,12 @@ extern "C" {
  * @short_description: Functions for registering security modules
  */
 
+enum connman_security_privilege {
+	CONNMAN_SECURITY_PRIVILEGE_PUBLIC  = 0,
+	CONNMAN_SECURITY_PRIVILEGE_MODIFY  = 1,
+	CONNMAN_SECURITY_PRIVILEGE_SECRET  = 2,
+};
+
 #define CONNMAN_SECURITY_PRIORITY_LOW      -100
 #define CONNMAN_SECURITY_PRIORITY_DEFAULT     0
 #define CONNMAN_SECURITY_PRIORITY_HIGH      100
@@ -39,7 +45,8 @@ extern "C" {
 struct connman_security {
 	const char *name;
 	int priority;
-	int (*authorize_sender) (const char *sender);
+	int (*authorize_sender) (const char *sender,
+				enum connman_security_privilege privilege);
 };
 
 extern int connman_security_register(struct connman_security *security);
diff --git a/plugins/connman.policy b/plugins/connman.policy
index 1b34381..bc36a6d 100644
--- a/plugins/connman.policy
+++ b/plugins/connman.policy
@@ -6,10 +6,10 @@
 <policyconfig>
 
   <vendor>Connection Manager</vendor>
-  <icon_name>stock_internet</icon_name>
+  <icon_name>network-wireless</icon_name>
 
   <action id="org.moblin.connman.modify">
-    <description>Modify configuration</description>
+    <description>Settings configuration</description>
     <message>Policy prevents modification of settings</message>
     <defaults>
       <allow_inactive>no</allow_inactive>
@@ -17,9 +17,9 @@
     </defaults>
   </action>
 
-  <action id="org.moblin.connman.passphrase">
-    <description>Passphrase configuration</description>
-    <message>Policy prevents modification of passphrases</message>
+  <action id="org.moblin.connman.secret">
+    <description>Secrets configuration</description>
+    <message>Policy prevents modification of secrets</message>
     <defaults>
       <allow_inactive>no</allow_inactive>
       <allow_active>auth_admin_keep_always</allow_active>
diff --git a/plugins/polkit.c b/plugins/polkit.c
index d3ca692..de183a2 100644
--- a/plugins/polkit.c
+++ b/plugins/polkit.c
@@ -34,20 +34,34 @@
 #include <connman/dbus.h>
 #include <connman/log.h>
 
-#define ACTION "org.moblin.connman.modify"
+#define ACTION_MODIFY "org.moblin.connman.modify"
+#define ACTION_SECRET "org.moblin.connman.secret"
 
 static DBusConnection *connection;
 static PolKitContext *polkit_context;
 
-static int polkit_authorize(const char *sender)
+static int polkit_authorize(const char *sender,
+				enum connman_security_privilege privilege)
 {
 	DBusError error;
 	PolKitCaller *caller;
 	PolKitAction *action;
 	PolKitResult result;
+	const char *id;
 
 	DBG("sender %s", sender);
 
+	switch (privilege) {
+	case CONNMAN_SECURITY_PRIVILEGE_PUBLIC:
+		return 0;
+	case CONNMAN_SECURITY_PRIVILEGE_MODIFY:
+		id = ACTION_MODIFY;
+		break;
+	case CONNMAN_SECURITY_PRIVILEGE_SECRET:
+		id = ACTION_SECRET;
+		break;
+	}
+
 	dbus_error_init(&error);
 
 	caller = polkit_caller_new_from_dbus_name(connection, sender, &error);
@@ -61,7 +75,7 @@ static int polkit_authorize(const char *sender)
 	}
 
 	action = polkit_action_new();
-	polkit_action_set_action_id(action, ACTION);
+	polkit_action_set_action_id(action, id);
 
 	result = polkit_context_is_caller_authorized(polkit_context,
 						action, caller, TRUE, NULL);
diff --git a/src/connection.c b/src/connection.c
index 0b3e59c..ad38147 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -211,6 +211,10 @@ static DBusMessage *get_properties(DBusConnection *conn,
 
 	DBG("conn %p", conn);
 
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
+		return __connman_error_permission_denied(msg);
+
 	reply = dbus_message_new_method_return(msg);
 	if (reply == NULL)
 		return NULL;
@@ -286,7 +290,8 @@ static DBusMessage *set_property(DBusConnection *conn,
 	dbus_message_iter_next(&iter);
 	dbus_message_iter_recurse(&iter, &value);
 
-	if (__connman_security_check_privileges(msg) < 0)
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
 		return __connman_error_permission_denied(msg);
 
 	return g_dbus_create_reply(msg, DBUS_TYPE_INVALID);
diff --git a/src/connman.h b/src/connman.h
index b160719..f98fc79 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -67,7 +67,8 @@ void __connman_plugin_cleanup(void);
 
 #include <connman/security.h>
 
-int __connman_security_check_privileges(DBusMessage *message);
+int __connman_security_check_privilege(DBusMessage *message,
+				enum connman_security_privilege privilege);
 
 #include <connman/ipv4.h>
 
diff --git a/src/device.c b/src/device.c
index f07128f..d865ad4 100644
--- a/src/device.c
+++ b/src/device.c
@@ -244,6 +244,10 @@ static DBusMessage *get_properties(DBusConnection *conn,
 
 	DBG("conn %p", conn);
 
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
+		return __connman_error_permission_denied(msg);
+
 	reply = dbus_message_new_method_return(msg);
 	if (reply == NULL)
 		return NULL;
@@ -323,7 +327,8 @@ static DBusMessage *set_property(DBusConnection *conn,
 	dbus_message_iter_next(&iter);
 	dbus_message_iter_recurse(&iter, &value);
 
-	if (__connman_security_check_privileges(msg) < 0)
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
 		return __connman_error_permission_denied(msg);
 
 	if (g_str_equal(name, "Powered") == TRUE) {
@@ -369,7 +374,8 @@ static DBusMessage *create_network(DBusConnection *conn,
 {
 	DBG("conn %p", conn);
 
-	if (__connman_security_check_privileges(msg) < 0)
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
 		return __connman_error_permission_denied(msg);
 
 	return __connman_error_invalid_arguments(msg);
@@ -380,7 +386,8 @@ static DBusMessage *remove_network(DBusConnection *conn,
 {
 	DBG("conn %p", conn);
 
-	if (__connman_security_check_privileges(msg) < 0)
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
 		return __connman_error_permission_denied(msg);
 
 	return __connman_error_invalid_arguments(msg);
diff --git a/src/manager.c b/src/manager.c
index 7143974..f943720 100644
--- a/src/manager.c
+++ b/src/manager.c
@@ -152,6 +152,10 @@ static DBusMessage *get_properties(DBusConnection *conn,
 
 	DBG("conn %p", conn);
 
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
+		return __connman_error_permission_denied(msg);
+
 	reply = dbus_message_new_method_return(msg);
 	if (reply == NULL)
 		return NULL;
@@ -204,7 +208,8 @@ static DBusMessage *set_property(DBusConnection *conn,
 	dbus_message_iter_next(&iter);
 	dbus_message_iter_recurse(&iter, &value);
 
-	if (__connman_security_check_privileges(msg) < 0)
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
 		return __connman_error_permission_denied(msg);
 
 	if (g_str_equal(name, "Policy") == TRUE) {
diff --git a/src/network.c b/src/network.c
index 4af71c3..7b0ed7a 100644
--- a/src/network.c
+++ b/src/network.c
@@ -83,6 +83,10 @@ static DBusMessage *get_properties(DBusConnection *conn,
 
 	DBG("conn %p", conn);
 
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
+		return __connman_error_permission_denied(msg);
+
 	reply = dbus_message_new_method_return(msg);
 	if (reply == NULL)
 		return NULL;
@@ -153,7 +157,8 @@ static DBusMessage *set_property(DBusConnection *conn,
 	dbus_message_iter_next(&iter);
 	dbus_message_iter_recurse(&iter, &value);
 
-	if (__connman_security_check_privileges(msg) < 0)
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
 		return __connman_error_permission_denied(msg);
 
 	if (g_str_equal(name, "Remember") == TRUE) {
@@ -185,7 +190,8 @@ static DBusMessage *do_connect(DBusConnection *conn,
 
 	DBG("conn %p", conn);
 
-	if (__connman_security_check_privileges(msg) < 0)
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
 		return __connman_error_permission_denied(msg);
 
 	if (network->connected == TRUE)
@@ -209,7 +215,8 @@ static DBusMessage *do_disconnect(DBusConnection *conn,
 
 	DBG("conn %p", conn);
 
-	if (__connman_security_check_privileges(msg) < 0)
+	if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
 		return __connman_error_permission_denied(msg);
 
 	if (network->connected == FALSE)
diff --git a/src/security.c b/src/security.c
index 31c7734..9b27423 100644
--- a/src/security.c
+++ b/src/security.c
@@ -66,7 +66,8 @@ void connman_security_unregister(struct connman_security *security)
 	security_list = g_slist_remove(security_list, security);
 }
 
-int __connman_security_check_privileges(DBusMessage *message)
+int __connman_security_check_privilege(DBusMessage *message,
+				enum connman_security_privilege privilege)
 {
 	GSList *list;
 	const char *sender;
@@ -82,7 +83,7 @@ int __connman_security_check_privileges(DBusMessage *message)
 		DBG("%s", security->name);
 
 		if (security->authorize_sender) {
-			err = security->authorize_sender(sender);
+			err = security->authorize_sender(sender, privilege);
 			break;
 		}
 	}
-- 
1.7.9.5