desktop-packages team mailing list archive

Thread
Date

[Bug 1426923] Re: Allow ubuntu-system-settings to set a device's firmware through the private Connectivity API

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Tue, 24 Mar 2015 14:57:18 -0000
Reply-to: Bug 1426923 <1426923@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Yikes, sorry for just getting back to this now.

"1. NetworkManager polkit allows full access to sudo: I assume you meant
that the decision was taken *before* we had proper polkit support on the
phone?"

AFAIK, we don't have polkit prompting on the phone still. It doesn't
really matter-- we don't want to go that route anyway because it is a
poor user experience.

"2. urfkill polkit - allows active seat to call Block: The policy also
allows BlockIdx ( ie. by index, whereas Block is by type ), and
FlightMode by the active seat. How is this more permissive than needed?
I'm not familiar enough with polkit to grok how this could be made more
restrictive?"

I am not familiar with what Block and BlockIdx are supposed to do (which
is why having someone more familiar like yourself comment is great :),
but will trust your judgement that active seat is fine for these.
FlightMode for active seat seems fine.

"3. Regarding your proposed solution, why is polkit necessary when all
non-system processes that run as 'phablet' are confined ( ie. can't make
raw DBus calls anyways )?"

It is true that click apps are confined and we have DBus mediation which
will block access to wpasupplicant. Those aren't the problem. I'm
concerned about the other things that run as the phablet user that are
not click apps that are unconfined and providing security in depth. With
polkit, we can make sure that just SetInterfaceFirmware() is available
to the active seat and deny all others (the intended policy from
/etc/dbus-1/system.d/wpa_supplicant.conf is to only allow root processes
to talk to wpasupplicant over DBus-- changing this policy may break
assumptions in the implementation and introduce security issues. I'm ok
poking a hole for SetInterfaceFirmware() (through the use of polkit,
leaving the defaults as they are but then adding an override in
/var/lib/polkit-1/localauthority/10-vendor.d/... for
SetInterfaceFirmware() on Touch), but not ok with opening all of
wpasupplicant to the phablet user.

"4. Do you really think that adding polkit support to wpa_supplicant for
a single DBus method is more work than creating a new proxy service?
Also, I assume the proxy service would handle the polkit logic, and then
fwd the call(s)?"

I was leaving the choice of what was easier up to you. We control
connectivity-api but don't control wpasupplicant. My thinking was
perhaps there are other hotspot related items that could be used in the
proxy service instead of patches multiple sources and I was suggesting
using the existing connectivity-api service to add a single API call for
this. Eg, /com/ubuntu/connectivity1/Something. I looked at this a bit
just now and it seems that the com.ubuntu.connectivity1 service is a
session service implemented in network-indicator, which runs as phablet,
which means that you won't save any time using connectivity-api since
you'd have to still do the polkit stuff for wpasupplicant to poke a hole
for SetInterfaceFirmware().

I'll leave whether to use connectivity-api for API design reasons up to
you as an implementation detail.

--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to wpasupplicant in Ubuntu.
https://bugs.launchpad.net/bugs/1426923

Title:
Allow ubuntu-system-settings to set a device's firmware through the
private Connectivity API

Status in indicator-network package in Ubuntu:
New
Status in wpasupplicant package in Ubuntu:
Invalid

Bug description:
Background:
To do Wi-Fi hotspots on krillin, we need to poke wifi by doing a call to wpa_supplicant's (undocumented/local) SetInterfaceFirmware method. See [1] for details.

Rationale:
Ubuntu System Settings needs to do the same things as aforementioned script, but via dbus [2], as phablet/current non-privileged user and unconfined.

What happens:
If phablet runs [2], this error message [3] is produced, which I interpret to be equivalent with "you're not welcome here".

What should happen instead:
Ubuntu System Settings should be able to make a call to the Connectivity API, like Jamie suggests, SetAP(), SetSTA(), SetP2P().

[1] http://bazaar.launchpad.net/~mathieu-tl/+junk/touch-hotspot/view/head:/hotspot.py
[2] gdbus call --system -d fi.w1.wpa_supplicant1 -o /fi/w1/wpa_supplicant1 -m fi.w1.wpa_supplicant1.SetInterfaceFirmware / ap
[3] http://pastebin.ubuntu.com/10489519/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/indicator-network/+bug/1426923/+subscriptions