From bc149d759b07ad97f5baad1f4004e4243a300f69 Mon Sep 17 00:00:00 2001 From: Adrian Szyndela Date: Fri, 18 Sep 2020 14:50:10 +0200 Subject: [PATCH] bus/connection: don't check cmdline in session dbus-daemon Session dbus-daemon may have no rights to look into cmdline in /proc. In such cases logs are cluttered with access denied. This commit disables checking cmdline for session dbus-daemon. (Before) May 21 08:13:06 localhost dbus-daemon[676]: [session uid=5001 pid=676] Rejected send message, 1 matched rules; type="method_call", send er=":1.33" (uid=5001 pid=1090 comm="/usr/apps/org.tizen.multi-assistant-service/bin/or" label="User::Pkg::org.tizen.multi-assistant-ser vice") interface="org.freedesktop.DBus" member="RequestName" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus " privilege="(n/a)" (bus) rule() (After) May 21 08:21:55 localhost dbus-daemon[678]: [session uid=5001 pid=678] Rejected send message, 1 matched rules; type="method_call", send er=":1.33" (uid=5001 pid=1110 comm="" label="User::Pkg::org.tizen.multi-assistant-service") interface="org.freedesktop.DBus" member="RequestName" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" privilege="(n/a)" (bus) rule() Change-Id: I15c3b9b2a5675546b6adb3b1521e790088bd8f85 Signed-off-by: Hyotaek Shim --- bus/connection.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/bus/connection.c b/bus/connection.c index 89cf979..6b85ba3 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -591,6 +591,13 @@ bus_connections_unref (BusConnections *connections) } } +static dbus_bool_t +is_context_type_session (BusConnectionData *d) +{ + const char *context_type = bus_context_get_type (d->connections->context); + return context_type && !strcmp (context_type, "session"); +} + /* Used for logging */ static dbus_bool_t cache_peer_loginfo_string (BusConnectionData *d, @@ -624,8 +631,19 @@ cache_peer_loginfo_string (BusConnectionData *d, if (!_dbus_string_append_printf (&loginfo_buf, "pid=%ld comm=\"", pid)) goto oom; /* Ignore errors here; we may not have permissions to read the - * proc file. */ - _dbus_command_for_pid (pid, &loginfo_buf, MAX_LOG_COMMAND_LEN, NULL); + * proc file. + * Don't even try it for the session daemon, to avoid cluttering logs with security error logs for + * accessing the proc file. + */ + if (!is_context_type_session(d)) + { + _dbus_command_for_pid (pid, &loginfo_buf, MAX_LOG_COMMAND_LEN, NULL); + } + else + { + if (!_dbus_string_append (&loginfo_buf, "")) /* for session daemon just say that we didn't try */ + goto oom; + } if (!_dbus_string_append_byte (&loginfo_buf, '"')) goto oom; else -- 2.7.4