Add daemon configuration 'OnlyTrusted' to D-Bus properties

2025-07-27 03:46:49 +00:00 · 2022-03-10 01:07:46 +08:00 · 2022-03-10 01:07:46 +08:00 · a2b46e15cf
commit a2b46e15cf
parent 61226b49f3
7 changed files with 81 additions and 0 deletions
--- a/libfwupd/fwupd-client.c
+++ b/libfwupd/fwupd-client.c
@ -66,6 +66,7 @@ typedef struct {
 	gchar *host_product;
 	gchar *host_machine_id;
 	gchar *host_security_id;
+	gboolean only_trusted;
 	GMutex proxy_mutex; /* for @proxy */
 	GDBusProxy *proxy;
 	GProxyResolver *proxy_resolver;
@ -108,6 +109,7 @@ enum {
 	PROP_HOST_SECURITY_ID,
 	PROP_HOST_BKC,
 	PROP_INTERACTIVE,
+	PROP_ONLY_TRUSTED,
 	PROP_LAST
 };

@ -421,6 +423,14 @@ fwupd_client_properties_changed_cb(GDBusProxy *proxy,
 		if (val != NULL)
 			fwupd_client_set_host_security_id(self, g_variant_get_string(val, NULL));
 	}
+	if (g_variant_dict_contains(dict, "OnlyTrusted")) {
+		g_autoptr(GVariant) val = NULL;
+		val = g_dbus_proxy_get_cached_property(proxy, "OnlyTrusted");
+		if (val != NULL) {
+			priv->only_trusted = g_variant_get_boolean(val);
+			fwupd_client_object_notify(self, "only-trusted");
+		}
+	}
 }

 static void
@ -666,6 +676,7 @@ fwupd_client_connect_get_proxy_cb(GObject *source, GAsyncResult *res, gpointer u
 	g_autoptr(GVariant) val6 = NULL;
 	g_autoptr(GVariant) val7 = NULL;
 	g_autoptr(GVariant) val8 = NULL;
+	g_autoptr(GVariant) val9 = NULL;
 	g_autoptr(GMutexLocker) locker = NULL;

 	proxy = g_dbus_proxy_new_finish(res, &error);
@ -715,6 +726,9 @@ fwupd_client_connect_get_proxy_cb(GObject *source, GAsyncResult *res, gpointer u
 	val8 = g_dbus_proxy_get_cached_property(priv->proxy, "HostBkc");
 	if (val8 != NULL)
 		fwupd_client_set_host_bkc(self, g_variant_get_string(val8, NULL));
+	val9 = g_dbus_proxy_get_cached_property(priv->proxy, "OnlyTrusted");
+	if (val9 != NULL)
+		priv->only_trusted = g_variant_get_boolean(val9);

 	/* build client hints */
 	g_variant_builder_init(&builder, G_VARIANT_TYPE("a{ss}"));
@ -3280,6 +3294,24 @@ fwupd_client_get_tainted(FwupdClient *self)
 	return priv->tainted;
 }

+/**
+ * fwupd_client_get_only_trusted:
+ * @self: a #FwupdClient
+ *
+ * Gets if the daemon is verifying signatures from a trusted authority.
+ *
+ * Returns: %TRUE if the daemon is checking signatures
+ *
+ * Since: 1.8.0
+ **/
+gboolean
+fwupd_client_get_only_trusted(FwupdClient *self)
+{
+	FwupdClientPrivate *priv = GET_PRIVATE(self);
+	g_return_val_if_fail(FWUPD_IS_CLIENT(self), FALSE);
+	return priv->only_trusted;
+}
+
 /**
 * fwupd_client_get_daemon_interactive:
 * @self: a #FwupdClient
@ -5106,6 +5138,9 @@ fwupd_client_get_property(GObject *object, guint prop_id, GValue *value, GParamS
 	case PROP_HOST_SECURITY_ID:
 		g_value_set_string(value, priv->host_security_id);
 		break;
+	case PROP_ONLY_TRUSTED:
+		g_value_set_boolean(value, priv->only_trusted);
+		break;
 	case PROP_INTERACTIVE:
 		g_value_set_boolean(value, priv->interactive);
 		break;
@ -5414,6 +5449,20 @@ fwupd_client_class_init(FwupdClientClass *klass)
 				    NULL,
 				    G_PARAM_READABLE | G_PARAM_STATIC_NAME);
 	g_object_class_install_property(object_class, PROP_HOST_SECURITY_ID, pspec);
+
+	/**
+	 * FwupdClient:only-trusted:
+	 *
+	 * If the daemon is verifying signatures from a trusted authority.
+	 *
+	 * Since: 1.8.0
+	 */
+	pspec = g_param_spec_boolean("only-trusted",
+				     NULL,
+				     NULL,
+				     TRUE,
+				     G_PARAM_READABLE | G_PARAM_STATIC_NAME);
+	g_object_class_install_property(object_class, PROP_ONLY_TRUSTED, pspec);
 }

 static void
--- a/libfwupd/fwupd-client.h
+++ b/libfwupd/fwupd-client.h
@ -364,6 +364,8 @@ fwupd_client_get_status(FwupdClient *self);
 gboolean
 fwupd_client_get_tainted(FwupdClient *self);
 gboolean
+fwupd_client_get_only_trusted(FwupdClient *self);
+gboolean
 fwupd_client_get_daemon_interactive(FwupdClient *self);
 guint
 fwupd_client_get_percentage(FwupdClient *self);
--- a/libfwupd/fwupd.map
+++ b/libfwupd/fwupd.map
@ -755,3 +755,9 @@ LIBFWUPD_1.7.6 {
    fwupd_device_get_issues;
  local: *;
 } LIBFWUPD_1.7.4;
+
+LIBFWUPD_1.8.0 {
+  global:
+    fwupd_client_get_only_trusted;
+  local: *;
+} LIBFWUPD_1.7.6;
--- a/src/fu-engine.c
+++ b/src/fu-engine.c
@ -110,6 +110,7 @@ struct _FuEngine {
 	FuDeviceList *device_list;
 	FwupdStatus status;
 	gboolean tainted;
+	gboolean only_trusted;
 	gboolean write_history;
 	guint percentage;
 	FuHistory *history;
@ -6274,6 +6275,13 @@ fu_engine_get_tainted(FuEngine *self)
 	return self->tainted;
 }

+gboolean
+fu_engine_get_only_trusted(FuEngine *self)
+{
+	g_return_val_if_fail(FU_IS_ENGINE(self), FALSE);
+	return fu_config_get_only_trusted(self->config);
+}
+
 const gchar *
 fu_engine_get_host_product(FuEngine *self)
 {
--- a/src/fu-engine.h
+++ b/src/fu-engine.h
@ -59,6 +59,8 @@ gboolean
 fu_engine_load_plugins(FuEngine *self, GError **error);
 gboolean
 fu_engine_get_tainted(FuEngine *self);
+gboolean
+fu_engine_get_only_trusted(FuEngine *self);
 const gchar *
 fu_engine_get_host_product(FuEngine *self);
 const gchar *
--- a/src/fu-main.c
+++ b/src/fu-main.c
@ -1889,6 +1889,9 @@ fu_main_daemon_get_property(GDBusConnection *connection_,
 	if (g_strcmp0(property_name, "Interactive") == 0)
 		return g_variant_new_boolean(isatty(fileno(stdout)) != 0);

+	if (g_strcmp0(property_name, "OnlyTrusted") == 0)
+		return g_variant_new_boolean(fu_engine_get_only_trusted(priv->engine));
+
 	/* return an error */
 	g_set_error(error,
 		    G_DBUS_ERROR,
--- a/src/org.freedesktop.fwupd.xml
+++ b/src/org.freedesktop.fwupd.xml
@ -111,6 +111,17 @@
      </doc:doc>
    </property>

+    <!--***********************************************************-->
+    <property name='OnlyTrusted' type='b' access='read'>
+      <doc:doc>
+        <doc:description>
+          <doc:para>
+            If the daemon requires trusted payloads.
+          </doc:para>
+        </doc:description>
+      </doc:doc>
+    </property>
+
    <!--***********************************************************-->
    <method name='GetDevices'>
      <doc:doc>