From b697a78dd3a39052b5497c7d9e19ef75421f9064 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 17 May 2016 13:06:59 +0200
Subject: system-helper: Support running unprivileged on session bus

This is only useful for testing.
---
 common/flatpak-dir.c                  |  3 ++-
 system-helper/flatpak-system-helper.c | 15 +++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 736a5ec..9c1b0d8 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -237,12 +237,13 @@ flatpak_dir_get_system_helper (FlatpakDir *self)
   if (g_once_init_enter (&self->system_helper))
     {
       FlatpakSystemHelper *system_helper;
+      const char *on_session = g_getenv ("FLATPAK_SYSTEM_HELPER_ON_SESSION");
 
       /* To ensure reverse mapping */
       flatpak_error_quark ();
 
       system_helper =
-        flatpak_system_helper_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
+        flatpak_system_helper_proxy_new_for_bus_sync (on_session != NULL ? G_BUS_TYPE_SESSION : G_BUS_TYPE_SYSTEM,
                                                       G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
                                                       G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
                                                       "org.freedesktop.Flatpak.SystemHelper",
diff --git a/system-helper/flatpak-system-helper.c b/system-helper/flatpak-system-helper.c
index 40a7037..8b5c1aa 100644
--- a/system-helper/flatpak-system-helper.c
+++ b/system-helper/flatpak-system-helper.c
@@ -35,6 +35,7 @@ static FlatpakSystemHelper *helper = NULL;
 static GMainLoop *main_loop = NULL;
 static guint name_owner_id = 0;
 
+static gboolean on_session_bus = FALSE;
 static gboolean no_idle_exit = FALSE;
 
 #define IDLE_TIMEOUT_SECS 10*60
@@ -447,7 +448,16 @@ flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface,
   sender = g_dbus_method_invocation_get_sender (invocation);
   subject = polkit_system_bus_name_new (sender);
 
-  if (g_strcmp0 (method_name, "Deploy") == 0)
+  if (on_session_bus)
+    {
+      /* This is test code, make sure it never runs with privileges */
+      g_assert (geteuid () != 0);
+      g_assert (getuid () != 0);
+      g_assert (getegid () != 0);
+      g_assert (getgid () != 0);
+      authorized = TRUE;
+    }
+  else if (g_strcmp0 (method_name, "Deploy") == 0)
     {
       const char *ref, *origin;
       guint32 flags;
@@ -682,6 +692,7 @@ main (int    argc,
   const GOptionEntry options[] = {
     { "replace", 'r', 0, G_OPTION_ARG_NONE, &replace,  "Replace old daemon.", NULL },
     { "verbose", 'v', 0, G_OPTION_ARG_NONE, &verbose,  "Enable debug output.", NULL },
+    { "session", 0, 0, G_OPTION_ARG_NONE, &on_session_bus,  "Run in session, not system scope (for tests).", NULL },
     { "no-idle-exit", 0, 0, G_OPTION_ARG_NONE, &no_idle_exit,  "Don't exit when idle.", NULL },
     { "version", 0, 0, G_OPTION_ARG_NONE, &show_version, "Show program version.", NULL},
     { NULL }
@@ -755,7 +766,7 @@ main (int    argc,
   if (replace)
     flags |= G_BUS_NAME_OWNER_FLAGS_REPLACE;
 
-  name_owner_id = g_bus_own_name (G_BUS_TYPE_SYSTEM,
+  name_owner_id = g_bus_own_name (on_session_bus ? G_BUS_TYPE_SESSION  : G_BUS_TYPE_SYSTEM,
                                   "org.freedesktop.Flatpak.SystemHelper",
                                   flags,
                                   on_bus_acquired,
-- 
cgit v1.2.1