screenshot: Restrict callers

The shell D-Bus API was always meant as a private API for core components, so enforce that by limiting caller to a list of allowed well-known names. Applications that want to request a screenshot can use the corresponding desktop portal. https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3943 Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1970>
2021-06-16 22:11:50 +02:00 · 2021-06-16 22:11:50 +02:00 · dd2cd6286c
commit dd2cd6286c
parent a628bbc485
1 changed files with 28 additions and 0 deletions
--- a/js/ui/screenshot.js
+++ b/js/ui/screenshot.js
@ -15,6 +15,7 @@ Gio._promisify(Shell.Screenshot.prototype,
    'screenshot_area', 'screenshot_area_finish');

 const { loadInterfaceXML } = imports.misc.fileUtils;
+const { DBusSenderChecker } = imports.misc.util;

 const ScreenshotIface = loadInterfaceXML('org.gnome.Shell.Screenshot');

@ -24,6 +25,12 @@ var ScreenshotService = class {
        this._dbusImpl.export(Gio.DBus.session, '/org/gnome/Shell/Screenshot');

        this._screenShooter = new Map();
+        this._senderChecker = new DBusSenderChecker([
+            'org.gnome.SettingsDaemon.MediaKeys',
+            'org.freedesktop.impl.portal.desktop.gtk',
+            'org.freedesktop.impl.portal.desktop.gnome',
+            'org.gnome.Screenshot',
+        ]);

        this._lockdownSettings = new Gio.Settings({ schema_id: 'org.gnome.desktop.lockdown' });

@ -46,6 +53,13 @@ var ScreenshotService = class {
                Gio.IOErrorEnum, Gio.IOErrorEnum.PERMISSION_DENIED,
                'Saving to disk is disabled');
            return null;
+        } else {
+            try {
+                this._senderChecker.checkInvocation(invocation);
+            } catch (e) {
+                invocation.return_gerror(e);
+                return null;
+            }
        }

        let shooter = new Shell.Screenshot();
@ -254,6 +268,13 @@ var ScreenshotService = class {
    }

    async SelectAreaAsync(params, invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
        let selectArea = new SelectArea();
        try {
            let areaRectangle = await selectArea.selectAsync();
@ -269,6 +290,13 @@ var ScreenshotService = class {
    }

    FlashAreaAsync(params, invocation) {
+        try {
+            this._senderChecker.checkInvocation(invocation);
+        } catch (e) {
+            invocation.return_gerror(e);
+            return;
+        }
+
        let [x, y, width, height] = params;
        [x, y, width, height] = this._scaleArea(x, y, width, height);
        if (!this._checkArea(x, y, width, height)) {