Revert "Revert "fix: improve the dbus security""

This reverts commit ffa99d3783.

GPService/CMakeLists.txt

@@ -4,6 +4,12 @@ project(GPService)
 
 set(gpservice_GENERATED_SOURCES)
 
+execute_process(COMMAND logname OUTPUT_VARIABLE CMAKE_LOGNAME)
+string(STRIP "${CMAKE_LOGNAME}" CMAKE_LOGNAME)
+
+message(STATUS "CMAKE_LOGNAME: ${CMAKE_LOGNAME}")
+
+configure_file(dbus/com.yuezk.qt.GPService.conf.in dbus/com.yuezk.qt.GPService.conf)
 configure_file(dbus/com.yuezk.qt.GPService.service.in dbus/com.yuezk.qt.GPService.service)
 configure_file(systemd/gpservice.service.in systemd/gpservice.service)
 
@@ -65,7 +71,7 @@ target_link_libraries(gpservice
 target_compile_definitions(gpservice PUBLIC QAPPLICATION_CLASS=QCoreApplication)
 
 install(TARGETS gpservice DESTINATION bin)
-install(FILES "dbus/com.yuezk.qt.GPService.conf" DESTINATION share/dbus-1/system.d )
+install(FILES "${CMAKE_CURRENT_BINARY_DIR}/dbus/com.yuezk.qt.GPService.conf" DESTINATION share/dbus-1/system.d )
 install(FILES "${CMAKE_CURRENT_BINARY_DIR}/dbus/com.yuezk.qt.GPService.service" DESTINATION share/dbus-1/system-services)
 install(FILES "gp.conf" DESTINATION /etc/gpservice)
 

GPService/dbus/com.yuezk.qt.GPService.conf

@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE busconfig PUBLIC
-"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
-"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-        <policy user="root">
-                <allow own="com.yuezk.qt.GPService"/>
-        </policy>
-
-        <policy context="default">
-                <allow send_destination="com.yuezk.qt.GPService"
-                        send_interface="com.yuezk.qt.GPService"
-                        />
-                <allow send_destination="com.yuezk.qt.GPService"
-                        send_interface="org.freedesktop.DBus.Introspectable"
-                        />
-        </policy>
-</busconfig>

GPService/dbus/com.yuezk.qt.GPService.conf.in

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE busconfig PUBLIC
+"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+	<policy context="default">
+		<deny own="com.yuezk.qt.GPService"/>
+		<deny send_destination="com.yuezk.qt.GPService" />
+	</policy>
+	<policy user="root">
+		<allow own="com.yuezk.qt.GPService"/>
+		<allow send_destination="com.yuezk.qt.GPService" />
+	</policy>
+
+	<!--LOGNAME-->
+	<policy user="@CMAKE_LOGNAME@">
+		<allow own="com.yuezk.qt.GPService"/>
+		<allow send_destination="com.yuezk.qt.GPService" />
+	</policy>
+</busconfig>

debian/rules

@@ -10,4 +10,6 @@ export DEBIAN_PACKAGE=1
 %:
 	dh $@
 override_dh_installsystemd:
+	# Update the the dbus user to logname
+	sed -i "/LOGNAME/N;s/user=\".*\"/user=\"$(logname)\"/" /usr/share/dbus-1/system.d/com.yuezk.qt.GPService.conf
 	dh_installsystemd gpservice.service

packaging/aur/gp.install

@@ -1,8 +1,11 @@
 post_install() {
+    # Update the the dbus user to logname
+    sed -i "/LOGNAME/N;s/user=\".*\"/user=\"$(logname)\"/" /usr/share/dbus-1/system.d/com.yuezk.qt.GPService.conf
+
     systemctl enable gpservice.service
     systemctl restart gpservice.service
 }
 
 post_upgrade() {
     post_install
-}
+}

packaging/obs/globalprotect-openconnect.spec

@@ -33,6 +33,8 @@ A GlobalProtect VPN client (GUI) for Linux based on OpenConnect and built with Q
 
 %post
 
+sed -i "/LOGNAME/N;s/user=\".*\"/user=\"$(logname)\"/" /usr/share/dbus-1/system.d/com.yuezk.qt.GPService.conf
+
 %if 0%{?suse_version}
     %service_add_post gpservice.service
 %else