bus/connection: don't check cmdline in session dbus-daemon

Session dbus-daemon may have no rights to look into cmdline in /proc.
In such cases logs are cluttered with access denied.

This commit disables checking cmdline for session dbus-daemon.

(Before)
May 21 08:13:06 localhost dbus-daemon[676]: [session uid=5001 pid=676] Rejected send message, 1 matched rules; type="method_call", send
er=":1.33" (uid=5001 pid=1090 comm="/usr/apps/org.tizen.multi-assistant-service/bin/or" label="User::Pkg::org.tizen.multi-assistant-ser
vice") interface="org.freedesktop.DBus" member="RequestName" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus
" privilege="(n/a)" (bus) rule(<deny send_type="method_call" />)

(After)
May 21 08:21:55 localhost dbus-daemon[678]: [session uid=5001 pid=678] Rejected send message, 1 matched rules; type="method_call", send
er=":1.33" (uid=5001 pid=1110 comm="<not-read>" label="User::Pkg::org.tizen.multi-assistant-service") interface="org.freedesktop.DBus"
member="RequestName" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" privilege="(n/a)" (bus) rule(<deny sen
d_type="method_call" />)

Change-Id: I15c3b9b2a5675546b6adb3b1521e790088bd8f85
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>

diff --git a/bus/connection.c b/bus/connection.c
index 89cf979..6b85ba3 100644 (file)
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -591,6 +591,13 @@ bus_connections_unref (BusConnections *connections)
     }
 }
 
+static dbus_bool_t
+is_context_type_session (BusConnectionData *d)
+{
+  const char *context_type = bus_context_get_type (d->connections->context);
+  return context_type && !strcmp (context_type, "session");
+}
+
 /* Used for logging */
 static dbus_bool_t
 cache_peer_loginfo_string (BusConnectionData *d, 
@@ -624,8 +631,19 @@ cache_peer_loginfo_string (BusConnectionData *d,
       if (!_dbus_string_append_printf (&loginfo_buf, "pid=%ld comm=\"", pid))
         goto oom;
       /* Ignore errors here; we may not have permissions to read the
-       * proc file. */
-      _dbus_command_for_pid (pid, &loginfo_buf, MAX_LOG_COMMAND_LEN, NULL);
+       * proc file.
+       * Don't even try it for the session daemon, to avoid cluttering logs with security error logs for
+       * accessing the proc file.
+       */
+      if (!is_context_type_session(d))
+        {
+          _dbus_command_for_pid (pid, &loginfo_buf, MAX_LOG_COMMAND_LEN, NULL);
+        }
+      else
+        {
+          if (!_dbus_string_append (&loginfo_buf, "<not-read>"))   /* for session daemon just say that we didn't try */
+            goto oom;
+        }
       if (!_dbus_string_append_byte (&loginfo_buf, '"'))
         goto oom;
       else