libmbim-glib,utils: avoid getpwnam() call if --enable-mbim-username not used

If --enable-mbim-username isn't explicitly used, we should just check for the
root user UID, without using getpwnam(). See e.g. these SELinux warnings:

SELinux is preventing /usr/bin/bash from read access on the file /etc/passwd.

    *****  Plugin catchall (100. confidence) suggests   **************************

    If you believe that bash should be allowed read access on the passwd file by default.
    Then you should report this as a bug.
    You can generate a local policy module to allow this access.
    Do allow this access for now by executing:
    # grep mbim-proxy /var/log/audit/audit.log | audit2allow -M mypol
    # semodule -i mypol.pp

3 files changed, 24 insertions, 7 deletions

diff --git a/configure.ac b/configure.ac
index 13a0c38..c46ccd4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -97,17 +97,20 @@ dnl Documentation
 GTK_DOC_CHECK(1.0)
 
 # MBIM username
+MBIM_USERNAME="root"
 AC_ARG_ENABLE(mbim-username,
               AS_HELP_STRING([--enable-mbim-username=<username>], [user allowed to access MBIM devices]))
 if test -n "$enable_mbim_username" ; then
+    MBIM_USERNAME_ENABLED=yes
+    AC_DEFINE(MBIM_USERNAME_ENABLED, 1, [Define if we enable MBIM username])
     MBIM_USERNAME="$enable_mbim_username"
+    AC_SUBST(MBIM_USERNAME)
+    AC_DEFINE_UNQUOTED(MBIM_USERNAME, "$MBIM_USERNAME", [Define the MBIM username])
 else
-    MBIM_USERNAME="root"
+    MBIM_USERNAME_ENABLED=no
 fi
-AM_CONDITIONAL([INSTALL_MBIM_UDEV_RULES], [test "x$enable_mbim_username" = "x$MBIM_USERNAME"])
-AC_SUBST(MBIM_USERNAME)
-AC_DEFINE_UNQUOTED(MBIM_USERNAME, "$MBIM_USERNAME", [Define the MBIM username])
-AM_COND_IF([INSTALL_MBIM_UDEV_RULES], [AC_CONFIG_FILES([src/mbim-proxy/76-mbim-proxy-device-ownership.rules])])
+
+AM_CONDITIONAL([MBIM_USERNAME_ENABLED], [test "x$MBIM_USERNAME_ENABLED" = "xyes"])
 
 # udev base directory
 AC_ARG_WITH(udev-base-dir, AS_HELP_STRING([--with-udev-base-dir=DIR], [where udev base directory is]))
@@ -142,6 +145,11 @@ AC_CONFIG_FILES([Makefile
                  docs/reference/libmbim-glib/Makefile
                  docs/reference/libmbim-glib/version.xml
                  docs/man/Makefile])
+
+if test "x$MBIM_USERNAME_ENABLED" = "xyes"; then
+    AC_CONFIG_FILES([src/mbim-proxy/76-mbim-proxy-device-ownership.rules])
+fi
+
 AC_OUTPUT
 
 echo "
@@ -153,5 +161,5 @@ echo "
     Maintainer mode:      ${USE_MAINTAINER_MODE}
     udev base directory:  ${UDEV_BASE_DIR}
     Documentation:        ${enable_gtk_doc}
-    MBIM username:        ${MBIM_USERNAME}
+    MBIM username:        ${MBIM_USERNAME_ENABLED} (${MBIM_USERNAME})
 "
diff --git a/src/libmbim-glib/mbim-utils.c b/src/libmbim-glib/mbim-utils.c
index f5a766b..2b89f7c 100644
--- a/src/libmbim-glib/mbim-utils.c
+++ b/src/libmbim-glib/mbim-utils.c
@@ -79,6 +79,14 @@ gboolean
 __mbim_user_allowed (uid_t uid,
                      GError **error)
 {
+#ifndef MBIM_USERNAME_ENABLED
+    if (uid == 0)
+        return TRUE;
+#else
+# ifndef MBIM_USERNAME
+#  error MBIM username not defined
+# endif
+
     struct passwd *expected_usr = NULL;
 
     expected_usr = getpwnam (MBIM_USERNAME);
@@ -97,6 +105,7 @@ __mbim_user_allowed (uid_t uid,
 
     if (uid == expected_usr->pw_uid)
         return TRUE;
+#endif
 
     g_set_error (error,
                  MBIM_CORE_ERROR,
diff --git a/src/mbim-proxy/Makefile.am b/src/mbim-proxy/Makefile.am
index 1558fe5..33425e0 100644
--- a/src/mbim-proxy/Makefile.am
+++ b/src/mbim-proxy/Makefile.am
@@ -16,7 +16,7 @@ mbim_proxy_LDADD = \
 	$(top_builddir)/src/libmbim-glib/libmbim-glib.la
 
 #Install udev rules only if configured with --enable-mbim-username
-if INSTALL_MBIM_UDEV_RULES
+if MBIM_USERNAME_ENABLED
 udevrulesdir = $(UDEV_BASE_DIR)/rules.d
 udevrules_DATA = 76-mbim-proxy-device-ownership.rules
 endif