void ShutdownScreen::setShutdownMode(const QString &mode) { if (!isPrivileged()) return; shutdownMode = mode; applySystemState(MeeGo::QmSystemState::Shutdown); }
void Booster::setEnvironmentBeforeLaunch() { // Possibly restore process priority errno = 0; const int cur_prio = getpriority(PRIO_PROCESS, 0); if (!errno && cur_prio < m_appData->priority()) setpriority(PRIO_PROCESS, 0, m_appData->priority()); // Currently, we only have two levels of privileges: // privileged and non-privileged. // Going forward, this could be improved to support // a larger range of privileges via ACLs. if (!isPrivileged(m_appData)) { // The application is not privileged. Drop any user or // group ID inherited from the booster, and instead set // the user ID and group ID of the calling process. if (getuid() != m_appData->userId()) setuid(m_appData->userId()); if (getgid() != m_appData->groupId()) setgid(m_appData->groupId()); // Flip the real group ID forth and back to a dedicated group // id to generate an event for policy (re-)classification. // Using real ID instead of effective for dropping setgid // from calling process (for example lipstick). gid_t orig = getgid(); setegid(m_boosted_gid); if (setregid(orig, orig) == -1) Logger::logError("Failed to set process gid to %d, %s", orig, strerror(errno)); } // Make sure that boosted application can dump core. This must be // done after set[ug]id(). prctl(PR_SET_DUMPABLE, 1); // Reset out-of-memory killer adjustment if (!m_appData->disableOutOfMemAdj()) resetOomAdj(); // Duplicate I/O descriptors for (unsigned int i = 0; i < m_appData->ioDescriptors().size(); i++) { if (m_appData->ioDescriptors()[i] > 0) { dup2(m_appData->ioDescriptors()[i], i); close(m_appData->ioDescriptors()[i]); } } // Set PWD const char * pwd = getenv("PWD"); if (pwd) chdir(pwd); Logger::logDebug("Booster: launching process: '%s' ", m_appData->fileName().c_str()); }
void DeviceLock::setState(int state) { if (deviceLockState != (LockState)state) { if (state == Locked || isPrivileged()) { deviceLockState = (LockState)state; emit stateChanged(state); emit _notifyStateChanged(); setupLockTimer(); } else { sendErrorReply(QDBusError::AccessDenied, QString("Caller is not in privileged group")); } } }
void Booster::setEnvironmentBeforeLaunch() { // Possibly restore process priority errno = 0; const int cur_prio = getpriority(PRIO_PROCESS, 0); if (!errno && cur_prio < m_appData->priority()) setpriority(PRIO_PROCESS, 0, m_appData->priority()); // Currently, we only have two levels of privileges: // privileged and non-privileged. // Going forward, this could be improved to support // a larger range of privileges via ACLs. if (!isPrivileged(m_appData)) { // The application is not privileged. Drop any user or // group ID inherited from the booster, and instead set // the user ID and group ID of the calling process. if (geteuid() != m_appData->userId()) { setuid(m_appData->userId()); } if (getegid() != m_appData->groupId()) { setgid(m_appData->groupId()); } } // Make sure that boosted application can dump core. This must be // done after set[ug]id(). prctl(PR_SET_DUMPABLE, 1); // Reset out-of-memory killer adjustment if (!m_appData->disableOutOfMemAdj()) resetOomAdj(); // Duplicate I/O descriptors for (unsigned int i = 0; i < m_appData->ioDescriptors().size(); i++) { if (m_appData->ioDescriptors()[i] > 0) { dup2(m_appData->ioDescriptors()[i], i); close(m_appData->ioDescriptors()[i]); } } // Set PWD const char * pwd = getenv("PWD"); if (pwd) chdir(pwd); Logger::logDebug("Booster: launching process: '%s' ", m_appData->fileName().c_str()); }
// Add this user to the list of privileged ones void Museek::Museekd::addPrivilegedUser(const std::string & user) { if (!isPrivileged(user)) { mPrivilegedUsers.push_back(user); NNLOG("museekd.debug", "%u privileged users", mPrivilegedUsers.size()); } }