From 49d4b1eecfefded66fd48a992633958da30035d7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 14 Nov 2014 18:47:54 +0100
Subject: [PATCH] bus-proxy: drop broken access check in driver

The access check call was broken (as it tried to read a service name
from the UpdateActivationEnvironment() method call which doesn't carry
any). Also, it's unnecessary to make any access checks here, as we just
forward the call to PID 1 which should do the access checks necessary.
---
 src/bus-proxyd/bus-proxyd.c | 26 --------------------------
 1 file changed, 26 deletions(-)

diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index cbbafcf12..7037301e4 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -444,29 +444,6 @@ static int get_creds_by_message(sd_bus *bus, sd_bus_message *m, uint64_t mask, s
         return get_creds_by_name(bus, name, mask, _creds, error);
 }
 
-static int peer_is_privileged(sd_bus *bus, sd_bus_message *m) {
-        _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
-        uid_t uid;
-        int r;
-
-        r = get_creds_by_message(bus, m, SD_BUS_CREDS_UID, &creds, NULL);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_creds_get_uid(creds, &uid);
-        if (r < 0)
-                return r;
-
-        r = sd_bus_creds_has_effective_cap(creds, CAP_SYS_ADMIN);
-        if (r > 0)
-                return true;
-
-        if (uid == getuid())
-                return true;
-
-        return false;
-}
-
 static int process_policy(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *policy, const struct ucred *ucred) {
         int r;
         char **name;
@@ -981,9 +958,6 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic
                 _cleanup_bus_message_unref_ sd_bus_message *msg = NULL;
                 _cleanup_strv_free_ char **args = NULL;
 
-                if (!peer_is_privileged(a, m))
-                        return synthetic_reply_method_errno(m, -EPERM, NULL);
-
                 r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "{ss}");
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, NULL);
-- 
2.30.2