[PATCH] libqmi-glib, utils: avoid getpwnam() call if --enable-qmi-username not used
Roshan Pius
rpius at chromium.org
Wed Jan 7 09:38:11 PST 2015
If --enable-qmi-username isn't explicitly used, we should just check
for the root user UID, without using getpwnam(). See e.g. these SELinux warnings:
SELinux is preventing /usr/bin/bash from read access on the file /etc/passwd.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that bash should be allowed read access on the passwd file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do allow this access for now by executing:
# grep qmi-proxy /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
---
configure.ac | 20 ++++++++++++++------
src/libqmi-glib/qmi-utils.c | 9 +++++++++
src/qmi-proxy/Makefile.am | 2 +-
3 files changed, 24 insertions(+), 7 deletions(-)
diff --git a/configure.ac b/configure.ac
index c1ca6ef..0c87850 100644
--- a/configure.ac
+++ b/configure.ac
@@ -80,17 +80,20 @@ dnl Documentation
GTK_DOC_CHECK(1.0)
# QMI username
+QMI_USERNAME="root"
AC_ARG_ENABLE(qmi-username,
AS_HELP_STRING([--enable-qmi-username=<username>], [user allowed to access QMI devices]))
if test -n "$enable_qmi_username" ; then
+ QMI_USERNAME_ENABLED=yes
+ AC_DEFINE(QMI_USERNAME_ENABLED, 1, [Define if we enable QMI username])
QMI_USERNAME="$enable_qmi_username"
+ AC_SUBST(QMI_USERNAME)
+ AC_DEFINE_UNQUOTED(QMI_USERNAME, "$QMI_USERNAME", [Define the QMI username])
else
- QMI_USERNAME="root"
+ QMI_USERNAME_ENABLED=no
fi
-AM_CONDITIONAL([INSTALL_QMI_UDEV_RULES], [test "x$enable_qmi_username" = "x$QMI_USERNAME"])
-AC_SUBST(QMI_USERNAME)
-AC_DEFINE_UNQUOTED(QMI_USERNAME, "$QMI_USERNAME", [Define the QMI username])
-AM_COND_IF([INSTALL_QMI_UDEV_RULES], [AC_CONFIG_FILES([src/qmi-proxy/76-qmi-proxy-device-ownership.rules])])
+
+AM_CONDITIONAL([QMI_USERNAME_ENABLED], [test "x$QMI_USERNAME_ENABLED" = "xyes"])
# udev base directory
AC_ARG_WITH(udev-base-dir, AS_HELP_STRING([--with-udev-base-dir=DIR], [where udev base directory is]))
@@ -126,6 +129,11 @@ AC_CONFIG_FILES([Makefile
docs/reference/libqmi-glib/Makefile
docs/reference/libqmi-glib/version.xml
docs/man/Makefile])
+
+if test "x$QMI_USERNAME_ENABLED" = "xyes"; then
+ AC_CONFIG_FILES([src/qmi-proxy/76-qmi-proxy-device-ownership.rules])
+fi
+
AC_OUTPUT
echo "
@@ -137,5 +145,5 @@ echo "
Maintainer mode: ${USE_MAINTAINER_MODE}
udev base directory: ${UDEV_BASE_DIR}
Documentation: ${enable_gtk_doc}
- QMI username: ${QMI_USERNAME}
+ QMI username: ${QMI_USERNAME_ENABLED} (${QMI_USERNAME})
"
diff --git a/src/libqmi-glib/qmi-utils.c b/src/libqmi-glib/qmi-utils.c
index 11f1d90..60100b6 100644
--- a/src/libqmi-glib/qmi-utils.c
+++ b/src/libqmi-glib/qmi-utils.c
@@ -81,6 +81,14 @@ gboolean
__qmi_user_allowed (uid_t uid,
GError **error)
{
+#ifndef QMI_USERNAME_ENABLED
+ if (uid == 0)
+ return TRUE;
+#else
+# ifndef QMI_USERNAME
+# error QMI username not defined
+# endif
+
struct passwd *expected_usr = NULL;
expected_usr = getpwnam (QMI_USERNAME);
@@ -99,6 +107,7 @@ __qmi_user_allowed (uid_t uid,
if (uid == expected_usr->pw_uid)
return TRUE;
+#endif
g_set_error (error,
QMI_CORE_ERROR,
diff --git a/src/qmi-proxy/Makefile.am b/src/qmi-proxy/Makefile.am
index 3eb532e..e03bfaa 100644
--- a/src/qmi-proxy/Makefile.am
+++ b/src/qmi-proxy/Makefile.am
@@ -16,7 +16,7 @@ qmi_proxy_LDADD = \
$(top_builddir)/src/libqmi-glib/libqmi-glib.la
#Install udev rules only if configured with --enable-qmi-username
-if INSTALL_QMI_UDEV_RULES
+if QMI_USERNAME_ENABLED
udevrulesdir = $(UDEV_BASE_DIR)/rules.d
udevrules_DATA = 76-qmi-proxy-device-ownership.rules
--
2.2.0.rc0.207.ga3a616c
More information about the libqmi-devel
mailing list