void ShutdownScreen::setShutdownMode(const QString &mode)
{
if (!isPrivileged())
return;
shutdownMode = mode;
applySystemState(MeeGo::QmSystemState::Shutdown);
}
void Booster::setEnvironmentBeforeLaunch()
{
// Possibly restore process priority
errno = 0;
const int cur_prio = getpriority(PRIO_PROCESS, 0);
if (!errno && cur_prio < m_appData->priority())
setpriority(PRIO_PROCESS, 0, m_appData->priority());
// Currently, we only have two levels of privileges:
// privileged and non-privileged.
// Going forward, this could be improved to support
// a larger range of privileges via ACLs.
if (!isPrivileged(m_appData)) {
// The application is not privileged. Drop any user or
// group ID inherited from the booster, and instead set
// the user ID and group ID of the calling process.
if (getuid() != m_appData->userId())
setuid(m_appData->userId());
if (getgid() != m_appData->groupId())
setgid(m_appData->groupId());
// Flip the real group ID forth and back to a dedicated group
// id to generate an event for policy (re-)classification.
// Using real ID instead of effective for dropping setgid
// from calling process (for example lipstick).
gid_t orig = getgid();
setegid(m_boosted_gid);
if (setregid(orig, orig) == -1)
Logger::logError("Failed to set process gid to %d, %s", orig, strerror(errno));
}
// Make sure that boosted application can dump core. This must be
// done after set[ug]id().
prctl(PR_SET_DUMPABLE, 1);
// Reset out-of-memory killer adjustment
if (!m_appData->disableOutOfMemAdj())
resetOomAdj();
// Duplicate I/O descriptors
for (unsigned int i = 0; i < m_appData->ioDescriptors().size(); i++)
{
if (m_appData->ioDescriptors()[i] > 0)
{
dup2(m_appData->ioDescriptors()[i], i);
close(m_appData->ioDescriptors()[i]);
}
}
// Set PWD
const char * pwd = getenv("PWD");
if (pwd) chdir(pwd);
Logger::logDebug("Booster: launching process: '%s' ", m_appData->fileName().c_str());
}
void DeviceLock::setState(int state)
{
if (deviceLockState != (LockState)state) {
if (state == Locked || isPrivileged()) {
deviceLockState = (LockState)state;
emit stateChanged(state);
emit _notifyStateChanged();
setupLockTimer();
} else {
sendErrorReply(QDBusError::AccessDenied, QString("Caller is not in privileged group"));
}
}
}
void Booster::setEnvironmentBeforeLaunch()
{
// Possibly restore process priority
errno = 0;
const int cur_prio = getpriority(PRIO_PROCESS, 0);
if (!errno && cur_prio < m_appData->priority())
setpriority(PRIO_PROCESS, 0, m_appData->priority());
// Currently, we only have two levels of privileges:
// privileged and non-privileged.
// Going forward, this could be improved to support
// a larger range of privileges via ACLs.
if (!isPrivileged(m_appData)) {
// The application is not privileged. Drop any user or
// group ID inherited from the booster, and instead set
// the user ID and group ID of the calling process.
if (geteuid() != m_appData->userId()) {
setuid(m_appData->userId());
}
if (getegid() != m_appData->groupId()) {
setgid(m_appData->groupId());
}
}
// Make sure that boosted application can dump core. This must be
// done after set[ug]id().
prctl(PR_SET_DUMPABLE, 1);
// Reset out-of-memory killer adjustment
if (!m_appData->disableOutOfMemAdj())
resetOomAdj();
// Duplicate I/O descriptors
for (unsigned int i = 0; i < m_appData->ioDescriptors().size(); i++)
{
if (m_appData->ioDescriptors()[i] > 0)
{
dup2(m_appData->ioDescriptors()[i], i);
close(m_appData->ioDescriptors()[i]);
}
}
// Set PWD
const char * pwd = getenv("PWD");
if (pwd) chdir(pwd);
Logger::logDebug("Booster: launching process: '%s' ", m_appData->fileName().c_str());
}
// Add this user to the list of privileged ones
void Museek::Museekd::addPrivilegedUser(const std::string & user) {
if (!isPrivileged(user)) {
mPrivilegedUsers.push_back(user);
NNLOG("museekd.debug", "%u privileged users", mPrivilegedUsers.size());
}
}
