driver: Make eavesdropping a privileged action

Eavesdropping on unicast messages to other processes is not something
that should be done by processes in containers, or on the system bus
by users other than root or the bus owner. bus/system.conf.in
does not enable eavesdropping, but adding inadvisable configuration
could. This brings it into line with Monitoring.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567

diff --git a/bus/driver.c b/bus/driver.c
index d3ad878f005c01d51f216d0c47d3232f00b54168..6534382a51ac0394d4dc5723236c9b25c05276d0 100644 (file)
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -1354,9 +1354,16 @@ bus_driver_handle_add_match (DBusConnection *connection,
     goto failed;
 
   bustype = bus_context_get_type (context);
-  if (bus_match_rule_get_client_is_eavesdropping (rule) &&
-      !bus_apparmor_allows_eavesdropping (connection, bustype, error))
-    goto failed;
+
+  if (bus_match_rule_get_client_is_eavesdropping (rule))
+    {
+      if (!bus_driver_check_caller_is_privileged (connection,
+                                                  transaction,
+                                                  message,
+                                                  error) ||
+          !bus_apparmor_allows_eavesdropping (connection, bustype, error))
+        goto failed;
+    }
 
   matchmaker = bus_connection_get_matchmaker (connection);