pool/power-profiles-daemon
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 923689 from home:iznogood:branches:Base:System

Browse Source 
- Update to version 0.10.0:
  + This release adds authorisation checks for the profile holds
    and profile switching features of the backend daemon, through
    polkit. It is recommended that all distributions upgrade to
    this version as soon as possible.
  + This release also adds support for the "quiet" kernel platform
    profile used in some systems.
- Drop patches fixed upstream:
  + power-profiles-daemon-polkit-policy.patch
  + c9b646025d9f155509a6cda1c292bfd120daeb9e.patch
  + 20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch
- Add f83685732b9dd8211840645ce76f43718b30218b.patch: build: Make
  pylint test optional. As power-profiles-daemon keeps getting
  built with slightly different versions of pylint with newer
  warnings, disable pylint test by default to avoid getting bug
  reports about it.
- Add hold-profile-hardening.patch: Hardening of HoldProfile D-Bus
  method (boo#1189900). Requested by openSUSE security team.

OBS-URL: https://build.opensuse.org/request/show/923689
OBS-URL: https://build.opensuse.org/package/show/Base:System/power-profiles-daemon?expand=0&rev=4
This commit is contained in:
Atri Bhattacharya 2021-10-07 12:26:42 +00:00 committed by Git OBS Bridge
parent dff9ff7384
commit 035d269280
9 changed files with 161 additions and 321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch
View File

@ -1,45 +0,0 @@
From 20a2d7f7b80a1847f36236d40388f14ae99fa94b Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Sat, 24 Jul 2021 23:00:04 +0200
Subject: [PATCH] tests: Add tests for quiet profile support
---
tests/integration-test | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/tests/integration-test b/tests/integration-test
index 848f743..9ff577f 100755
--- a/tests/integration-test
+++ b/tests/integration-test
@@ -559,6 +559,28 @@ class Tests(dbusmock.DBusTestCase):
self.stop_daemon()
+ def test_quiet(self):
+ # Uses cool instead of low-power
+ acpi_dir = os.path.join(self.testbed.get_root_dir(), "sys/firmware/acpi/")
+ os.makedirs(acpi_dir)
+ with open(os.path.join(acpi_dir, "platform_profile") ,'w') as profile:
+ profile.write("cool\n")
+ with open(os.path.join(acpi_dir, "platform_profile_choices") ,'w') as choices:
+ choices.write("quiet balanced balanced-performance performance\n")
+
+ self.start_daemon()
+ profiles = self.get_dbus_property('Profiles')
+ self.assertEqual(len(profiles), 3)
+ self.assertEqual(profiles[0]['Driver'], 'platform_profile')
+ self.assertEqual(profiles[0]['Profile'], 'power-saver')
+ self.assertEqual(self.get_dbus_property('ActiveProfile'), 'balanced')
+ self.assertEqual(self.read_sysfs_file("sys/firmware/acpi/platform_profile"), b'balanced')
+ self.set_dbus_property('ActiveProfile', GLib.Variant.new_string('power-saver'))
+ self.assertEqual(self.get_dbus_property('ActiveProfile'), 'power-saver')
+ self.assertEqual(self.read_sysfs_file("sys/firmware/acpi/platform_profile"), b'quiet')
+
+ self.stop_daemon()
+
def test_hold_release_profile(self):
self.create_platform_profile()
self.start_daemon()
--
GitLab

37
c9b646025d9f155509a6cda1c292bfd120daeb9e.patch
View File

@ -1,37 +0,0 @@
From c9b646025d9f155509a6cda1c292bfd120daeb9e Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Sat, 24 Jul 2021 22:59:12 +0200
Subject: [PATCH] platform-profile: Add support for 'quiet' profile
---
src/ppd-driver-platform-profile.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/ppd-driver-platform-profile.c b/src/ppd-driver-platform-profile.c
index 1da5a75..8111251 100644
--- a/src/ppd-driver-platform-profile.c
+++ b/src/ppd-driver-platform-profile.c
@@ -59,7 +59,9 @@ profile_to_acpi_platform_profile_value (PpdDriverPlatformProfile *self,
case PPD_PROFILE_POWER_SAVER:
if (g_strv_contains ((const char * const*) self->profile_choices, "low-power"))
return "low-power";
- return "cool";
+ if (g_strv_contains ((const char * const*) self->profile_choices, "cool"))
+ return "cool";
+ return "quiet";
case PPD_PROFILE_BALANCED:
return "balanced";
case PPD_PROFILE_PERFORMANCE:
@@ -141,7 +143,8 @@ verify_acpi_platform_profile_choices (PpdDriverPlatformProfile *self)
const char * const *choices = (const char * const*) self->profile_choices;
if ((g_strv_contains (choices, "low-power") ||
- g_strv_contains (choices, "cool")) &&
+ g_strv_contains (choices, "cool") ||
+ g_strv_contains (choices, "quiet")) &&
g_strv_contains (choices, "balanced") &&
g_strv_contains (choices, "performance"))
return PPD_PROBE_RESULT_SUCCESS;
--
GitLab

75
f83685732b9dd8211840645ce76f43718b30218b.patch Normal file
View File

@ -0,0 +1,75 @@
From f83685732b9dd8211840645ce76f43718b30218b Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 6 Oct 2021 10:22:10 +0200
Subject: [PATCH] build: Make pylint test optional
As power-profiles-daemon keeps getting built with slightly different
versions of pylint with newer warnings, disable pylint test by default
to avoid getting bug reports about it.
Closes: #52
---
.gitlab-ci.yml | 2 +-
meson.build | 6 ++++--
meson_options.txt | 4 ++++
src/meson.build | 2 +-
4 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ab28029..592a89d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,7 +22,7 @@ build_stable:
- dnf upgrade -y --nogpgcheck fedora-release fedora-repos*
- dnf update -y && dnf install -y $DEPENDENCIES
script:
- - meson -Dgtk_doc=true _build
+ - meson -Dgtk_doc=true -Dpylint=true _build
- ninja -v -C _build
- ninja -v -C _build install
- ninja -v -C _build uninstall
diff --git a/meson.build b/meson.build
index 70ab243..4ae43c0 100644
--- a/meson.build
+++ b/meson.build
@@ -42,8 +42,10 @@ gnome = import('gnome')
add_global_arguments('-D_GNU_SOURCE=1', language: 'c')
add_global_arguments(common_cflags, language: 'c')
-pylint = find_program('pylint-3', 'pylint3', 'pylint', required: false)
-pylint_flags = ['-d', 'C0116', '-d', 'C0114', '-d', 'W0707']
+if get_option('pylint')
+ pylint = find_program('pylint-3', 'pylint3', 'pylint', required: true)
+ pylint_flags = ['-d', 'C0116', '-d', 'C0114', '-d', 'W0707']
+endif
xmllint = find_program('xmllint', required: false)
subdir('src')
diff --git a/meson_options.txt b/meson_options.txt
index a3789f6..7e89619 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -6,3 +6,7 @@ option('gtk_doc',
type: 'boolean',
value: false,
description: 'Build docs')
+option('pylint',
+ type: 'boolean',
+ value: false,
+ description: 'Run pylint checks, for developers only')
diff --git a/src/meson.build b/src/meson.build
index 0c00564..f20e42a 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -72,7 +72,7 @@ script = configure_file(
install_dir: get_option('bindir')
)
-if pylint.found()
+if get_option('pylint')
test('pylint-powerprofilesctl',
pylint,
args: pylint_flags + [ script ],
--
GitLab

53
hold-profile-hardening.patch Normal file
View File

@ -0,0 +1,53 @@
Index: power-profiles-daemon-0.9.0/src/power-profiles-daemon.c
===================================================================
--- power-profiles-daemon-0.9.0.orig/src/power-profiles-daemon.c
+++ power-profiles-daemon-0.9.0/src/power-profiles-daemon.c
@@ -526,6 +526,29 @@ holder_disappeared (GDBusConnection *con
g_ptr_array_free (cookies, TRUE);
}
+#define MAX_UNTRUSTED_STR_LEN 1024
+#define MAX_PROFILE_HOLDS 32
+
+static gboolean
+check_sane_string(const char *s)
+{
+ guint i;
+
+ for (i = 0; s[i] != 0; i++) {
+ gchar ch = s[i];
+
+ if (i > MAX_UNTRUSTED_STR_LEN)
+ return FALSE;
+
+ if (g_ascii_isalnum(ch) || g_ascii_isspace(ch))
+ continue;
+
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
static void
hold_profile (PpdApp *data,
GVariant *parameters,
@@ -548,6 +571,18 @@ hold_profile (PpdApp *dat
return;
}
+ if (!check_sane_string(reason) || !check_sane_string(application_id)) {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
+ "Input strings are too long or contain invalid characters");
+ return;
+ }
+
+ if (g_hash_table_size(data->profile_holds) > MAX_PROFILE_HOLDS) {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_LIMITS_EXCEEDED,
+ "Too many profile holds already active");
+ return;
+ }
+
hold = g_new0 (ProfileHold, 1);
hold->profile = profile;
hold->reason = g_strdup (reason);

3
power-profiles-daemon-0.10.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8abc36acb4abeef8731f09b97931b894fcc11c2e6c7806adbd0652264318b92d
size 43887

3
power-profiles-daemon-0.9.0.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:67278728af6661b805dcf8dcaf96b9c89ecde928147dc4dca45f82e273ba3b80
size 41940

226
power-profiles-daemon-polkit-policy.patch
View File

@ -1,226 +0,0 @@
From 9d6e1735f3859ce8ead1847bc473e44a27b82f65 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Tue, 28 Sep 2021 12:55:59 +0200
Subject: [PATCH 1/3] data: Add polkit policy description
Describe and set defaults for switching and holding power profiles.
---
data/meson.build | 15 ++++++++++++++
data/net.hadess.PowerProfiles.policy | 31 ++++++++++++++++++++++++++++
meson.build | 1 +
3 files changed, 47 insertions(+)
create mode 100644 data/net.hadess.PowerProfiles.policy
Index: power-profiles-daemon-0.9.0/data/meson.build
===================================================================
--- power-profiles-daemon-0.9.0.orig/data/meson.build
+++ power-profiles-daemon-0.9.0/data/meson.build
@@ -19,3 +19,18 @@ install_data(
'net.hadess.PowerProfiles.service',
install_dir: dbusservicedir
)
+
+polkit_policy = 'net.hadess.PowerProfiles.policy'
+if xmllint.found()
+ test(polkit_policy,
+ xmllint,
+ args: [
+ '--noout',
+ meson.source_root() / 'data' / polkit_policy,
+ ])
+endif
+
+install_data(
+ polkit_policy,
+ install_dir: polkit_policy_directory,
+)
Index: power-profiles-daemon-0.9.0/data/net.hadess.PowerProfiles.policy
===================================================================
--- /dev/null
+++ power-profiles-daemon-0.9.0/data/net.hadess.PowerProfiles.policy
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<policyconfig>
+
+ <vendor>power-profiles-daemon</vendor>
+ <vendor_url>https://gitlab.freedesktop.org/hadess/power-profiles-daemon</vendor_url>
+
+ <action id="net.hadess.PowerProfiles.switch-profile">
+ <description>Switch Power Profile</description>
+ <message>Privileges are required to switch power profiles.</message>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ </action>
+
+ <action id="net.hadess.PowerProfiles.hold-profile">
+ <description>Hold Power Profile</description>
+ <message>Privileges are required to hold power profiles.</message>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ </action>
+
+</policyconfig>
Index: power-profiles-daemon-0.9.0/meson.build
===================================================================
--- power-profiles-daemon-0.9.0.orig/meson.build
+++ power-profiles-daemon-0.9.0/meson.build
@@ -34,6 +34,8 @@ endif
gio_dep = dependency('gio-2.0')
gudev_dep = dependency('gudev-1.0', version: '>= 234')
upower_dep = dependency('upower-glib')
+polkit_gobject_dep = dependency('polkit-gobject-1', version: '>= 0.91')
+polkit_policy_directory = polkit_gobject_dep.get_pkgconfig_variable('policydir')
gnome = import('gnome')
@@ -42,6 +44,7 @@ add_global_arguments(common_cflags, lang
pylint = find_program('pylint-3', 'pylint3', 'pylint', required: false)
pylint_flags = ['-d', 'C0116', '-d', 'C0114', '-d', 'W0707']
+xmllint = find_program('xmllint', required: false)
subdir('src')
subdir('data')
Index: power-profiles-daemon-0.9.0/.gitlab-ci.yml
===================================================================
--- power-profiles-daemon-0.9.0.orig/.gitlab-ci.yml
+++ power-profiles-daemon-0.9.0/.gitlab-ci.yml
@@ -8,6 +8,7 @@ variables:
pkgconfig(gio-2.0)
pkgconfig(gudev-1.0)
pkgconfig(upower-glib)
+ pkgconfig(polkit-gobject-1)
systemd
meson
git
Index: power-profiles-daemon-0.9.0/README.md
===================================================================
--- power-profiles-daemon-0.9.0.orig/README.md
+++ power-profiles-daemon-0.9.0/README.md
@@ -9,7 +9,7 @@ Installation
$ meson _build -Dprefix=/usr
$ ninja -v -C _build install
```
-It requires libgudev and systemd.
+It requires libgudev, systemd and polkit-gobject.
Introduction
------------
Index: power-profiles-daemon-0.9.0/src/meson.build
===================================================================
--- power-profiles-daemon-0.9.0.orig/src/meson.build
+++ power-profiles-daemon-0.9.0/src/meson.build
@@ -1,4 +1,4 @@
-deps = [ gio_dep, gudev_dep, upower_dep ]
+deps = [ gio_dep, gudev_dep, upower_dep, polkit_gobject_dep ]
resources = gnome.compile_resources(
'power-profiles-daemon-resources', 'power-profiles-daemon.gresource.xml',
Index: power-profiles-daemon-0.9.0/src/power-profiles-daemon.c
===================================================================
--- power-profiles-daemon-0.9.0.orig/src/power-profiles-daemon.c
+++ power-profiles-daemon-0.9.0/src/power-profiles-daemon.c
@@ -9,6 +9,7 @@
*/
#include <locale.h>
+#include <polkit/polkit.h>
#include "power-profiles-daemon-resources.h"
#include "power-profiles-daemon.h"
@@ -31,6 +32,8 @@ typedef struct {
GKeyFile *config;
const char *config_path;
+ PolkitAuthority *auth;
+
PpdProfile active_profile;
PpdProfile selected_profile;
GPtrArray *probed_drivers;
@@ -591,6 +594,36 @@ release_profile (PpdApp *
g_dbus_method_invocation_return_value (invocation, NULL);
}
+static gboolean
+check_action_permission (PpdApp *data,
+ const char *sender,
+ const char *action,
+ GError **error)
+{
+ g_autoptr(GError) local_error = NULL;
+ g_autoptr(PolkitAuthorizationResult) result = NULL;
+ g_autoptr(PolkitSubject) subject = NULL;
+
+ subject = polkit_system_bus_name_new (sender);
+ result = polkit_authority_check_authorization_sync (data->auth,
+ subject,
+ action,
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ NULL, &local_error);
+ if (result == NULL ||
+ !polkit_authorization_result_get_is_authorized (result))
+ {
+ g_set_error (error, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Not Authorized: %s", local_error ? local_error->message : action);
+ return FALSE;
+ }
+
+ return TRUE;
+
+}
+
static GVariant *
handle_get_property (GDBusConnection *connection,
const gchar *sender,
@@ -639,6 +672,8 @@ handle_set_property (GDBusConnection *c
"No such property: %s", property_name);
return FALSE;
}
+ if (!check_action_permission (data, sender, "net.hadess.PowerProfiles.switch-profile", error))
+ return FALSE;
g_variant_get (value, "&s", &profile);
return set_active_profile (data, profile, error);
@@ -664,6 +699,13 @@ handle_method_call (GDBusConnection
}
if (g_strcmp0 (method_name, "HoldProfile") == 0) {
+ g_autoptr(GError) local_error = NULL;
+ if (!check_action_permission (data,
+ g_dbus_method_invocation_get_sender (invocation),
+ "net.hadess.PowerProfiles.hold-profile",
+ &local_error)) {
+ g_dbus_method_invocation_return_gerror (invocation, local_error);
+ }
hold_profile (data, parameters, invocation);
} else if (g_strcmp0 (method_name, "ReleaseProfile") == 0) {
release_profile (data, parameters, invocation);
@@ -900,6 +942,8 @@ free_app_data (PpdApp *data)
g_clear_object (&data->driver);
g_hash_table_destroy (data->profile_holds);
+ g_clear_object (&data->auth);
+
g_clear_pointer (&data->main_loop, g_main_loop_unref);
g_clear_pointer (&data->introspection_data, g_dbus_node_info_unref);
g_clear_object (&data->connection);
@@ -942,6 +986,7 @@ int main (int argc, char **argv)
data = g_new0 (PpdApp, 1);
data->main_loop = g_main_loop_new (NULL, TRUE);
+ data->auth = polkit_authority_get_sync (NULL, NULL);
data->probed_drivers = g_ptr_array_new_with_free_func ((GDestroyNotify) g_object_unref);
data->actions = g_ptr_array_new_with_free_func ((GDestroyNotify) g_object_unref);
data->profile_holds = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, (GDestroyNotify) profile_hold_free);

22
power-profiles-daemon.changes
View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Wed Oct 6 20:32:31 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 0.10.0:
+ This release adds authorisation checks for the profile holds
and profile switching features of the backend daemon, through
polkit. It is recommended that all distributions upgrade to
this version as soon as possible.
+ This release also adds support for the "quiet" kernel platform
profile used in some systems.
- Drop patches fixed upstream:
+ power-profiles-daemon-polkit-policy.patch
+ c9b646025d9f155509a6cda1c292bfd120daeb9e.patch
+ 20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch
- Add f83685732b9dd8211840645ce76f43718b30218b.patch: build: Make
pylint test optional. As power-profiles-daemon keeps getting
built with slightly different versions of pylint with newer
warnings, disable pylint test by default to avoid getting bug
reports about it.
- Add hold-profile-hardening.patch: Hardening of HoldProfile D-Bus
method (boo#1189900). Requested by openSUSE security team.
-------------------------------------------------------------------
Tue Sep 28 13:05:16 UTC 2021 - Atri Bhattacharya <badshah400@gmail.com>

18
power-profiles-daemon.spec
View File

@ -17,18 +17,17 @@
Name: power-profiles-daemon
Version: 0.9.0
Version: 0.10.0
Release: 0
Summary: Power profiles handling over D-Bus
License: GPL-3.0-or-later
URL: https://gitlab.freedesktop.org/hadess/power-profiles-daemon
Source: %{url}/-/archive/%{version}/%{name}-%{version}.tar.bz2
# PATCH-FIX-UPSTREAM c9b646025d9f155509a6cda1c292bfd120daeb9e.patch -- platform-profile: Add support for 'quiet' profile
Patch1: https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/commit/c9b646025d9f155509a6cda1c292bfd120daeb9e.patch
# PATCH-FIX-UPSTREAM 20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch -- tests: Add tests for quiet profile support
Patch2: https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/commit/20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch
# PATCH-FIX-UPSTREAM power-profiles-daemon-polkit-policy.patch boo#1189900 badshah400@gmail.com -- Describe and set defaults for switching and holding power profiles; patch taken from upstream merge request
Patch3: power-profiles-daemon-polkit-policy.patch
# PATCH-FEATURE-OPENSUSE hold-profile-hardening.patch -- Hardening of HoldProfile D-Bus method
Patch0: hold-profile-hardening.patch
# PATCH-FIX-UPSTREAM f83685732b9dd8211840645ce76f43718b30218b.patch -- build: Make pylint test optional
Patch1: https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/commit/f83685732b9dd8211840645ce76f43718b30218b.patch
BuildRequires: c_compiler
BuildRequires: gtk-doc
BuildRequires: meson
@ -68,9 +67,8 @@ This package provides documentation for %{name}.
%install
%meson_install
# Disable test until polkit changes are integrated, in version >= 0.9.1
#%%check
#%%meson_test
%check
%meson_test
%pre
%service_add_pre %{name}.service