fix: improve the dbus security

2025-05-20 07:26:58 -04:00 · 2022-05-23 21:24:22 +08:00
parent 8fe717d844
commit 829298bb84
6 changed files with 35 additions and 20 deletions
--- a/GPService/CMakeLists.txt
+++ b/GPService/CMakeLists.txt
@@ -4,6 +4,12 @@ project(GPService)

 set(gpservice_GENERATED_SOURCES)

+execute_process(COMMAND logname OUTPUT_VARIABLE CMAKE_LOGNAME)
+string(STRIP "${CMAKE_LOGNAME}" CMAKE_LOGNAME)
+
+message(STATUS "CMAKE_LOGNAME: ${CMAKE_LOGNAME}")
+
+configure_file(dbus/com.yuezk.qt.GPService.conf.in dbus/com.yuezk.qt.GPService.conf)
 configure_file(dbus/com.yuezk.qt.GPService.service.in dbus/com.yuezk.qt.GPService.service)
 configure_file(systemd/gpservice.service.in systemd/gpservice.service)

@@ -65,7 +71,7 @@ target_link_libraries(gpservice
 target_compile_definitions(gpservice PUBLIC QAPPLICATION_CLASS=QCoreApplication)

 install(TARGETS gpservice DESTINATION bin)
-install(FILES "dbus/com.yuezk.qt.GPService.conf" DESTINATION share/dbus-1/system.d )
+install(FILES "${CMAKE_CURRENT_BINARY_DIR}/dbus/com.yuezk.qt.GPService.conf" DESTINATION share/dbus-1/system.d )
 install(FILES "${CMAKE_CURRENT_BINARY_DIR}/dbus/com.yuezk.qt.GPService.service" DESTINATION share/dbus-1/system-services)
 install(FILES "gp.conf" DESTINATION /etc/gpservice)

--- a/GPService/dbus/com.yuezk.qt.GPService.conf
+++ b/GPService/dbus/com.yuezk.qt.GPService.conf
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE busconfig PUBLIC
-"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
-"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-        <policy user="root">
-                <allow own="com.yuezk.qt.GPService"/>
-        </policy>
-
-        <policy context="default">
-                <allow send_destination="com.yuezk.qt.GPService"
-                        send_interface="com.yuezk.qt.GPService"
-                        />
-                <allow send_destination="com.yuezk.qt.GPService"
-                        send_interface="org.freedesktop.DBus.Introspectable"
-                        />
-        </policy>
-</busconfig>
--- a/GPService/dbus/com.yuezk.qt.GPService.conf.in
+++ b/GPService/dbus/com.yuezk.qt.GPService.conf.in
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE busconfig PUBLIC
+"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+	<policy context="default">
+		<deny own="com.yuezk.qt.GPService"/>
+		<deny send_destination="com.yuezk.qt.GPService" />
+	</policy>
+	<policy user="root">
+		<allow own="com.yuezk.qt.GPService"/>
+		<allow send_destination="com.yuezk.qt.GPService" />
+	</policy>
+
+	<!--LOGNAME-->
+	<policy user="@CMAKE_LOGNAME@">
+		<allow own="com.yuezk.qt.GPService"/>
+		<allow send_destination="com.yuezk.qt.GPService" />
+	</policy>
+</busconfig>