bus: add a temporary hard-coded policy to proxyd to make gdm work

gdm relies on the policy to deny its own requests to not deadlock. Given
that we currently do not enforce any policy in the dbus1 compat proxy
service this means that gdm will necessarily deadlock on our systems.

To work around this, enforce a fixed policy teomporarily, until we
interpret the legacy XML policy in full.

Booh, gdm, booh, for requring this and making me waste two days on
tracking this brokenness down.

diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 27122a5d717de9c39f69a7863ced5678da4070b3..fa52a387b649afc3572b875e42c94d6bcb9fd0d8 100644 (file)
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -258,6 +258,45 @@ static int synthesize_name_acquired(sd_bus *a, sd_bus *b, sd_bus_message *m) {
         return sd_bus_send(b, n, NULL);
 }
 
+static int process_policy(sd_bus *a, sd_bus *b, sd_bus_message *m) {
+        _cleanup_bus_message_unref_ sd_bus_message *n = NULL;
+        int r;
+
+        assert(a);
+        assert(b);
+        assert(m);
+
+        if (!sd_bus_message_is_method_call(m, "org.freedesktop.DBus.Properties", "GetAll"))
+                return 0;
+
+        if (!streq_ptr(m->path, "/org/gnome/DisplayManager/Slave"))
+                return 0;
+
+        r = sd_bus_message_new_method_errorf(m, &n, SD_BUS_ERROR_ACCESS_DENIED, "gdm, you are stupid");
+        if (r < 0)
+                return r;
+
+        r = bus_message_append_sender(n, "org.freedesktop.DBus");
+        if (r < 0) {
+                log_error("Failed to append sender to gdm reply: %s", strerror(-r));
+                return r;
+        }
+
+        r = bus_seal_synthetic_message(b, n);
+        if (r < 0) {
+                log_error("Failed to seal gdm reply: %s", strerror(-r));
+                return r;
+        }
+
+        r = sd_bus_send(b, n, NULL);
+        if (r < 0) {
+                log_error("Failed to send gdm reply: %s", strerror(-r));
+                return r;
+        }
+
+        return 1;
+}
+
 static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hello) {
         _cleanup_bus_message_unref_ sd_bus_message *n = NULL;
         bool is_hello;
@@ -614,6 +653,12 @@ int main(int argc, char *argv[]) {
                         if (k > 0)
                                 r = k;
                         else {
+                                k = process_policy(a, b, m);
+                                if (k < 0) {
+                                        r = k;
+                                        goto finish;
+                                }
+
                                 k = sd_bus_send(a, m, NULL);
                                 if (k < 0) {
                                         r = k;