Include serial number in daemon device output when trusted

This moves the storing of the serial number into the daemon and when the calling process is UID 0 includes it in device output
2025-11-03 10:46:38 +00:00 · 2018-09-06 11:20:59 -05:00 · 2018-09-06 11:20:59 -05:00 · e3016602f8
commit e3016602f8
parent 405baebbf2
9 changed files with 139 additions and 44 deletions
--- a/libfwupd/fwupd-device-private.h
+++ b/libfwupd/fwupd-device-private.h
@ -15,6 +15,8 @@ G_BEGIN_DECLS

 FwupdDevice	*fwupd_device_from_variant		(GVariant	*data);
 GVariant	*fwupd_device_to_variant		(FwupdDevice	*device);
+GVariant	*fwupd_device_to_variant_full		(FwupdDevice	*device,
+							 FwupdDeviceFlags flags);
 void		 fwupd_device_incorporate		(FwupdDevice	*self,
 							 FwupdDevice	*donor);

--- a/libfwupd/fwupd-device.c
+++ b/libfwupd/fwupd-device.c
@ -36,6 +36,7 @@ typedef struct {
 	GPtrArray			*guids;
 	GPtrArray			*icons;
 	gchar				*name;
+	gchar				*serial;
 	gchar				*summary;
 	gchar				*description;
 	gchar				*vendor;
@ -133,6 +134,42 @@ fwupd_device_set_summary (FwupdDevice *device, const gchar *summary)
 	priv->summary = g_strdup (summary);
 }

+/**
+ * fwupd_device_get_serial:
+ * @device: A #FwupdDevice
+ *
+ * Gets the serial number for the device.
+ *
+ * Returns: a string value, or %NULL if never set.
+ *
+ * Since: 1.1.2
+ **/
+const gchar *
+fwupd_device_get_serial (FwupdDevice *device)
+{
+	FwupdDevicePrivate *priv = GET_PRIVATE (device);
+	g_return_val_if_fail (FWUPD_IS_DEVICE (device), NULL);
+	return priv->serial;
+}
+
+/**
+ * fwupd_device_set_serial:
+ * @device: A #FwupdDevice
+ * @serial: the device serial number
+ *
+ * Sets the serial number for the device.
+ *
+ * Since: 1.1.2
+ **/
+void
+fwupd_device_set_serial (FwupdDevice *device, const gchar *serial)
+{
+	FwupdDevicePrivate *priv = GET_PRIVATE (device);
+	g_return_if_fail (FWUPD_IS_DEVICE (device));
+	g_free (priv->serial);
+	priv->serial = g_strdup (serial);
+}
+
 /**
 * fwupd_device_get_id:
 * @device: A #FwupdDevice
@ -890,6 +927,8 @@ fwupd_device_incorporate (FwupdDevice *self, FwupdDevice *donor)
 		fwupd_device_set_parent_id (self, priv_donor->parent_id);
 	if (priv->name == NULL)
 		fwupd_device_set_name (self, priv_donor->name);
+	if (priv->serial == NULL)
+		fwupd_device_set_serial (self, priv_donor->serial);
 	if (priv->summary == NULL)
 		fwupd_device_set_summary (self, priv_donor->summary);
 	if (priv->vendor == NULL)
@ -925,17 +964,19 @@ fwupd_device_incorporate (FwupdDevice *self, FwupdDevice *donor)
 }

 /**
- * fwupd_device_to_variant:
+ * fwupd_device_to_variant_full:
 * @device: A #FwupdDevice
+ * @flags: #FwupdDeviceFlags for the call
 *
 * Creates a GVariant from the device data.
+ * Optionally provides additional data based upon flags
 *
 * Returns: the GVariant, or %NULL for error
 *
- * Since: 1.0.0
+ * Since: 1.1.2
 **/
 GVariant *
-fwupd_device_to_variant (FwupdDevice *device)
+fwupd_device_to_variant_full (FwupdDevice *device, FwupdDeviceFlags flags)
 {
 	FwupdDevicePrivate *priv = GET_PRIVATE (device);
 	GVariantBuilder builder;
@ -1054,6 +1095,13 @@ fwupd_device_to_variant (FwupdDevice *device)
 				       FWUPD_RESULT_KEY_UPDATE_STATE,
 				       g_variant_new_uint32 (priv->update_state));
 	}
+	if (flags & FWUPD_DEVICE_FLAG_TRUSTED) {
+		if (priv->serial != NULL) {
+			g_variant_builder_add (&builder, "{sv}",
+					       FWUPD_RESULT_KEY_SERIAL,
+					       g_variant_new_string (priv->serial));
+		}
+	}

 	/* create an array with all the metadata in */
 	if (priv->releases->len > 0) {
@ -1072,6 +1120,22 @@ fwupd_device_to_variant (FwupdDevice *device)
 	return g_variant_new ("a{sv}", &builder);
 }

+/**
+ * fwupd_device_to_variant:
+ * @device: A #FwupdDevice
+ *
+ * Creates a GVariant from the device data omitting sensitive fields
+ *
+ * Returns: the GVariant, or %NULL for error
+ *
+ * Since: 1.0.0
+ **/
+GVariant *
+fwupd_device_to_variant (FwupdDevice *device)
+{
+	return fwupd_device_to_variant_full (device, FWUPD_DEVICE_FLAG_NONE);
+}
+
 static void
 fwupd_device_from_key_value (FwupdDevice *device, const gchar *key, GVariant *value)
 {
@ -1131,6 +1195,10 @@ fwupd_device_from_key_value (FwupdDevice *device, const gchar *key, GVariant *va
 		fwupd_device_set_vendor_id (device, g_variant_get_string (value, NULL));
 		return;
 	}
+	if (g_strcmp0 (key, FWUPD_RESULT_KEY_SERIAL) == 0) {
+		fwupd_device_set_serial (device, g_variant_get_string (value, NULL));
+		return;
+	}
 	if (g_strcmp0 (key, FWUPD_RESULT_KEY_SUMMARY) == 0) {
 		fwupd_device_set_summary (device, g_variant_get_string (value, NULL));
 		return;
@ -1398,6 +1466,7 @@ fwupd_device_to_string (FwupdDevice *device)
 		const gchar *guid = g_ptr_array_index (priv->guids, i);
 		fwupd_pad_kv_str (str, FWUPD_RESULT_KEY_GUID, guid);
 	}
+	fwupd_pad_kv_str (str, FWUPD_RESULT_KEY_SERIAL, priv->serial);
 	fwupd_pad_kv_str (str, FWUPD_RESULT_KEY_SUMMARY, priv->summary);
 	fwupd_pad_kv_str (str, FWUPD_RESULT_KEY_DESCRIPTION, priv->description);
 	fwupd_pad_kv_str (str, FWUPD_RESULT_KEY_PLUGIN, priv->plugin);
@ -1467,6 +1536,7 @@ fwupd_device_finalize (GObject *object)
 	g_free (priv->id);
 	g_free (priv->parent_id);
 	g_free (priv->name);
+	g_free (priv->serial);
 	g_free (priv->summary);
 	g_free (priv->vendor);
 	g_free (priv->vendor_id);
--- a/libfwupd/fwupd-device.h
+++ b/libfwupd/fwupd-device.h
@ -45,6 +45,9 @@ void		 fwupd_device_set_parent		(FwupdDevice	*device,
 const gchar	*fwupd_device_get_name			(FwupdDevice	*device);
 void		 fwupd_device_set_name			(FwupdDevice	*device,
 							 const gchar	*name);
+const gchar	*fwupd_device_get_serial		(FwupdDevice	*device);
+void		 fwupd_device_set_serial		(FwupdDevice	*device,
+							 const gchar	*serial);
 const gchar	*fwupd_device_get_summary		(FwupdDevice	*device);
 void		 fwupd_device_set_summary		(FwupdDevice	*device,
 							 const gchar	*summary);
--- a/libfwupd/fwupd-enums-private.h
+++ b/libfwupd/fwupd-enums-private.h
@ -26,6 +26,7 @@
 #define FWUPD_RESULT_KEY_PLUGIN			"Plugin"	/* s */
 #define FWUPD_RESULT_KEY_RELEASE		"Release"	/* a{sv} */
 #define FWUPD_RESULT_KEY_REMOTE_ID		"RemoteId"	/* s */
+#define FWUPD_RESULT_KEY_SERIAL			"Serial"	/* s */
 #define FWUPD_RESULT_KEY_SIZE			"Size"		/* t */
 #define FWUPD_RESULT_KEY_SUMMARY		"Summary"	/* s */
 #define FWUPD_RESULT_KEY_TRUST_FLAGS		"TrustFlags"	/* t */
--- a/libfwupd/fwupd-enums.h
+++ b/libfwupd/fwupd-enums.h
@ -80,6 +80,7 @@ typedef enum {
 * @FWUPD_DEVICE_FLAG_IS_BOOTLOADER:		Is currently in bootloader mode
 * @FWUPD_DEVICE_FLAG_WAIT_FOR_REPLUG:		The hardware is waiting to be replugged
 * @FWUPD_DEVICE_FLAG_IGNORE_VALIDATION:	Ignore validation safety checks when flashing this device
+ * @FWUPD_DEVICE_FLAG_TRUSTED:			Extra metadata can be exposed about this device
 *
 * The device flags.
 **/
@ -100,6 +101,7 @@ typedef enum {
 #define FWUPD_DEVICE_FLAG_IS_BOOTLOADER		(1u << 13)	/* Since: 1.0.8 */
 #define FWUPD_DEVICE_FLAG_WAIT_FOR_REPLUG	(1u << 14)	/* Since: 1.1.2 */
 #define FWUPD_DEVICE_FLAG_IGNORE_VALIDATION	(1u << 15)	/* Since: 1.1.2 */
+#define FWUPD_DEVICE_FLAG_TRUSTED		(1u << 16)	/* Since: 1.1.2 */
 #define FWUPD_DEVICE_FLAG_UNKNOWN		G_MAXUINT64	/* Since: 0.7.3 */
 typedef guint64 FwupdDeviceFlags;

--- a/libfwupd/fwupd.map
+++ b/libfwupd/fwupd.map
@ -264,3 +264,11 @@ LIBFWUPD_1.1.1 {
    fwupd_device_compare;
  local: *;
 } LIBFWUPD_1.1.0;
+
+LIBFWUPD_1.1.2 {
+  global:
+    fwupd_device_get_serial;
+    fwupd_device_set_serial;
+    fwupd_device_to_variant_full;
+  local: *;
+} LIBFWUPD_1.1.1;
--- a/src/fu-device.c
+++ b/src/fu-device.c
@ -1056,40 +1056,6 @@ fu_device_get_physical_id (FuDevice *self)
 	return fu_device_get_metadata (self, "physical-id");
 }

-/**
- * fu_device_set_serial:
- * @self: A #FuDevice
- * @serial: a serial number string, e.g. `0000123`
- *
- * Sets the serial number for the device.
- *
- * Since: 1.0.3
- **/
-void
-fu_device_set_serial (FuDevice *self, const gchar *serial)
-{
-	g_return_if_fail (FU_IS_DEVICE (self));
-	g_return_if_fail (serial != NULL);
-	fu_device_set_metadata (self, "serial", serial);
-}
-
-/**
- * fu_device_get_serial:
- * @self: A #FuDevice
- *
- * Gets the serial number for the device.
- *
- * Returns: a string value, or %NULL if never set.
- *
- * Since: 1.0.3
- **/
-const gchar *
-fu_device_get_serial (FuDevice *self)
-{
-	g_return_val_if_fail (FU_IS_DEVICE (self), NULL);
-	return fu_device_get_metadata (self, "serial");
-}
-
 static void
 fu_device_set_custom_flag (FuDevice *self, const gchar *hint)
 {
--- a/src/fu-device.h
+++ b/src/fu-device.h
@ -85,6 +85,7 @@ FuDevice	*fu_device_new				(void);
 #define fu_device_has_guid(d,v)			fwupd_device_has_guid(FWUPD_DEVICE(d),v)
 #define fu_device_set_modified(d,v)		fwupd_device_set_modified(FWUPD_DEVICE(d),v)
 #define fu_device_set_plugin(d,v)		fwupd_device_set_plugin(FWUPD_DEVICE(d),v)
+#define fu_device_set_serial(d,v)		fwupd_device_set_serial(FWUPD_DEVICE(d),v)
 #define fu_device_set_summary(d,v)		fwupd_device_set_summary(FWUPD_DEVICE(d),v)
 #define fu_device_set_update_error(d,v)		fwupd_device_set_update_error(FWUPD_DEVICE(d),v)
 #define fu_device_set_update_state(d,v)		fwupd_device_set_update_state(FWUPD_DEVICE(d),v)
@ -102,6 +103,7 @@ FuDevice	*fu_device_new				(void);
 #define fu_device_get_guid_default(d)		fwupd_device_get_guid_default(FWUPD_DEVICE(d))
 #define fu_device_get_icons(d)			fwupd_device_get_icons(FWUPD_DEVICE(d))
 #define fu_device_get_name(d)			fwupd_device_get_name(FWUPD_DEVICE(d))
+#define fu_device_get_serial(d)			fwupd_device_get_serial(FWUPD_DEVICE(d))
 #define fu_device_get_summary(d)		fwupd_device_get_summary(FWUPD_DEVICE(d))
 #define fu_device_get_id(d)			fwupd_device_get_id(FWUPD_DEVICE(d))
 #define fu_device_get_plugin(d)			fwupd_device_get_plugin(FWUPD_DEVICE(d))
@ -157,9 +159,6 @@ void		 fu_device_set_physical_id		(FuDevice	*self,
 const gchar	*fu_device_get_logical_id		(FuDevice	*self);
 void		 fu_device_set_logical_id		(FuDevice	*self,
 							 const gchar	*logical_id);
-const gchar	*fu_device_get_serial			(FuDevice	*self);
-void		 fu_device_set_serial			(FuDevice	*self,
-							 const gchar	*serial);
 const gchar	*fu_device_get_custom_flags		(FuDevice	*self);
 gboolean	 fu_device_has_custom_flag		(FuDevice	*self,
 							 const gchar	*hint);
--- a/src/fu-main.c
+++ b/src/fu-main.c
@ -174,15 +174,51 @@ fu_main_engine_percentage_changed_cb (FuEngine *engine,
 				       g_variant_new_uint32 (percentage));
 }

+static gboolean
+fu_main_get_device_flags_for_sender (FuMainPrivate *priv, const char *sender,
+				     FwupdDeviceFlags *flags, GError **error)
+{
+	uid_t calling_uid;
+	g_autoptr(GVariant) value = NULL;
+
+	g_return_val_if_fail (sender != NULL, FALSE);
+	g_return_val_if_fail (flags != NULL, FALSE);
+
+	value = g_dbus_proxy_call_sync (priv->proxy_uid,
+					"GetConnectionUnixUser",
+					g_variant_new ("(s)", sender),
+					G_DBUS_CALL_FLAGS_NONE,
+					2000,
+					NULL,
+					error);
+	if (value == NULL) {
+		g_prefix_error (error, "failed to read user id of caller: ");
+		return FALSE;
+	}
+	g_variant_get (value, "(u)", &calling_uid);
+	if (calling_uid == 0)
+		*flags |= FWUPD_DEVICE_FLAG_TRUSTED;
+
+	return TRUE;
+}
+
 static GVariant *
-fu_main_device_array_to_variant (GPtrArray *devices)
+fu_main_device_array_to_variant (FuMainPrivate *priv, const gchar *sender,
+				 GPtrArray *devices, GError **error)
 {
 	GVariantBuilder builder;
+	FwupdDeviceFlags flags = FWUPD_DEVICE_FLAG_NONE;
+
 	g_return_val_if_fail (devices->len > 0, NULL);
 	g_variant_builder_init (&builder, G_VARIANT_TYPE_ARRAY);
+
+	if (!fu_main_get_device_flags_for_sender (priv, sender, &flags, error))
+		return FALSE;
+
 	for (guint i = 0; i < devices->len; i++) {
 		FuDevice *device = g_ptr_array_index (devices, i);
-		GVariant *tmp = fwupd_device_to_variant (FWUPD_DEVICE (device));
+		GVariant *tmp = fwupd_device_to_variant_full (FWUPD_DEVICE (device),
+							      flags);
 		g_variant_builder_add_value (&builder, tmp);
 	}
 	return g_variant_new ("(aa{sv})", &builder);
@ -581,7 +617,11 @@ fu_main_daemon_method_call (GDBusConnection *connection, const gchar *sender,
 			g_dbus_method_invocation_return_gerror (invocation, error);
 			return;
 		}
-		val = fu_main_device_array_to_variant (devices);
+		val = fu_main_device_array_to_variant (priv, sender, devices, &error);
+		if (val == NULL) {
+			g_dbus_method_invocation_return_gerror (invocation, error);
+			return;
+		}
 		g_dbus_method_invocation_return_value (invocation, val);
 		return;
 	}
@ -659,7 +699,11 @@ fu_main_daemon_method_call (GDBusConnection *connection, const gchar *sender,
 			g_dbus_method_invocation_return_gerror (invocation, error);
 			return;
 		}
-		val = fu_main_device_array_to_variant (devices);
+		val = fu_main_device_array_to_variant (priv, sender, devices, &error);
+		if (val == NULL) {
+			g_dbus_method_invocation_return_gerror (invocation, error);
+			return;
+		}
 		g_dbus_method_invocation_return_value (invocation, val);
 		return;
 	}