From 97bb808d1010f4bbd699b9e7388b4c533bc55ff5 Mon Sep 17 00:00:00 2001
From: Mateusz Moscicki <m.moscicki2@partner.samsung.com>
Date: Mon, 17 Jul 2023 15:16:39 +0200
Subject: [PATCH] Use private dbus connection for synchronous calls.

This change is related to dotnet-launcher which in the process
preparation, caused the connection to be established, which had a
privileged label and was later used by an unprivileged application

From now the connection is established before the dbus method is called
and closed immediately after that.

Change-Id: If672046f68b9e5aa37053fdb772ef17873df2340
---
 src/storage-external-dbus.c | 53 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 52 insertions(+), 1 deletion(-)

diff --git a/src/storage-external-dbus.c b/src/storage-external-dbus.c
index 731296a..1fe6f8b 100755
--- a/src/storage-external-dbus.c
+++ b/src/storage-external-dbus.c
@@ -123,6 +123,55 @@ static GDBusConnection *get_dbus_connection(void)
 	return conn;
 }
 
+static GDBusConnection *get_dbus_private_connection(void)
+{
+        GError *err = NULL;
+        GDBusConnection *conn = NULL;
+        const char * address;
+
+        address = g_dbus_address_get_for_bus_sync(G_BUS_TYPE_SYSTEM, NULL, &err);
+        if (!address || err) {
+                _E("failed to get bus address\n");
+                g_error_free(err);
+                return NULL;
+        }
+
+        conn = g_dbus_connection_new_for_address_sync(address,
+                        (GDBusConnectionFlags) (G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT |
+                        G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION),
+                        NULL, /* GDBusAuthObserver */
+                        NULL,
+                        &err);
+        if (!conn || err) {
+                _E("failed to get private bus\n");
+                g_error_free(err);
+                return NULL;
+        }
+
+        return conn;
+
+}
+
+static void free_dbus_connection(GDBusConnection *conn)
+{
+	assert(conn);
+
+	GError *err = NULL;
+        if (!g_dbus_connection_flush_sync(conn, NULL, &err)) {
+                _E("failed to flush %s\n", err->message);
+                g_error_free(err);
+                err = NULL;
+        }
+
+	if (!g_dbus_connection_close_sync(conn, NULL, &err)) {
+		_E("Error closing connection %s\n", err->message);
+		g_error_free(err);
+		err = NULL;
+	}
+
+	g_object_unref(conn);
+}
+
 static void _cb_pending(GDBusConnection *conn,
 			GAsyncResult *res,
 			gpointer user_data)
@@ -206,7 +255,7 @@ GVariant *dbus_method_call_sync(const gchar *dest, const gchar *path,
 	if (!dest || !path || !iface || !method)
 		return NULL;
 
-	conn = get_dbus_connection();
+	conn = get_dbus_private_connection();
 	if (!conn) {
 		_E("fail to get dbus connection"); //LCOV_EXCL_LINE
 		return NULL;
@@ -227,6 +276,8 @@ GVariant *dbus_method_call_sync(const gchar *dest, const gchar *path,
 //LCOV_EXCL_STOP
 	}
 
+	free_dbus_connection(conn);
+
 	return ret;
 }
 
-- 
2.7.4