From 1a12bd4f3038c88eebe6f9890be7902aedc3e0c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Thu, 11 Jul 2024 13:36:25 +0200 Subject: [PATCH] accessDialog: Restrict senders Now that we no longer provide a portal implementation ourselves, the only expected callers are the GNOME portal implementation and (since recently) the remote desktop daemon. Make that explicit and restrict callers to these senders, like we do for other D-Bus APIs. Part-of: --- js/ui/accessDialog.js | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/js/ui/accessDialog.js b/js/ui/accessDialog.js index cd001a6d9..259a7bb6a 100644 --- a/js/ui/accessDialog.js +++ b/js/ui/accessDialog.js @@ -10,6 +10,7 @@ import * as CheckBox from './checkBox.js'; import * as Dialog from './dialog.js'; import * as ModalDialog from './modalDialog.js'; +import {DBusSenderChecker} from '../misc/util.js'; import {loadInterfaceXML} from '../misc/fileUtils.js'; const RequestIface = loadInterfaceXML('org.freedesktop.impl.portal.Request'); @@ -22,6 +23,11 @@ const DialogResponse = { CLOSED: 2, }; +const ALLOWED_SENDERS = [ + 'org.gnome.RemoteDesktop.Handover', + 'org.freedesktop.impl.portal.desktop.gnome', +]; + const AccessDialog = GObject.registerClass( class AccessDialog extends ModalDialog.ModalDialog { _init(invocation, handle, title, description, body, options) { @@ -133,12 +139,20 @@ export class AccessDialogDBus { this._accessDialog = null; this._windowTracker = Shell.WindowTracker.get_default(); + this._senderChecker = new DBusSenderChecker(ALLOWED_SENDERS); this._dbusImpl = Gio.DBusExportedObject.wrapJSObject(AccessIface, this); this._dbusImpl.export(Gio.DBus.session, '/org/freedesktop/portal/desktop'); } - AccessDialogAsync(params, invocation) { + async AccessDialogAsync(params, invocation) { + try { + await this._senderChecker.checkInvocation(invocation); + } catch (e) { + invocation.return_gerror(e); + return; + } + if (this._accessDialog) { invocation.return_error_literal( Gio.DBusError,