resolve: include interface name in org.freedesktop.resolve1 polkit checks

this patch adds the interface name of the interface to be modified
to *details* when verifying dbus calls to the `org.freedesktop.resolve1`
D-Bus interface for all `Set*` and the `Revert` method.

when defining a polkit rule, this allows limiting the access to a specific
interface:

```js
// This rule prevents the user "vpn" to disable DNSoverTLS for any
// other interface than "vpn0". The vpn service should be allowed
// to disable DNSoverTLS on its own as it provides a local DNS
// server with search domains on the interface and this server does
// not support DNSoverTLS.
polkit.addRule(function(action, subject) {
  if (action.id == "org.freedesktop.resolve1.set-dns-over-tls" &&
      action.lookup("interface") == "vpn0" &&
      subject.user == "vpn") {
    return polkit.Result.YES;
  }
});
```

diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c
index 7ca3214b0649db304f9fe7547a65e4608c3faee2..65562dc93390c8d77f3b2e47f6b44e3d8361f822 100644 (file)
--- a/src/resolve/resolved-link-bus.c
+++ b/src/resolve/resolved-link-bus.c
@@ -239,7 +239,7 @@ static int bus_link_method_set_dns_servers_internal(sd_bus_message *message, voi
         r = bus_verify_polkit_async(
                         message,
                         "org.freedesktop.resolve1.set-dns-servers",
-                        /* details= */ NULL,
+                        (const char**) STRV_MAKE("interface", l->ifname),
                         &l->manager->polkit_registry, error);
         if (r < 0)
                 goto finalize;
@@ -372,7 +372,7 @@ int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_
         r = bus_verify_polkit_async(
                         message,
                         "org.freedesktop.resolve1.set-domains",
-                        /* details= */ NULL,
+                        (const char**) STRV_MAKE("interface", l->ifname),
                         &l->manager->polkit_registry,
                         error);
         if (r < 0)
@@ -452,7 +452,7 @@ int bus_link_method_set_default_route(sd_bus_message *message, void *userdata, s
         r = bus_verify_polkit_async(
                         message,
                         "org.freedesktop.resolve1.set-default-route",
-                        /* details= */ NULL,
+                        (const char**) STRV_MAKE("interface", l->ifname),
                         &l->manager->polkit_registry,
                         error);
         if (r < 0)
@@ -501,7 +501,7 @@ int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_er
         r = bus_verify_polkit_async(
                         message,
                         "org.freedesktop.resolve1.set-llmnr",
-                        /* details= */ NULL,
+                        (const char**) STRV_MAKE("interface", l->ifname),
                         &l->manager->polkit_registry,
                         error);
         if (r < 0)
@@ -551,7 +551,7 @@ int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_err
         r = bus_verify_polkit_async(
                         message,
                         "org.freedesktop.resolve1.set-mdns",
-                        /* details= */ NULL,
+                        (const char**) STRV_MAKE("interface", l->ifname),
                         &l->manager->polkit_registry,
                         error);
         if (r < 0)
@@ -601,7 +601,7 @@ int bus_link_method_set_dns_over_tls(sd_bus_message *message, void *userdata, sd
         r = bus_verify_polkit_async(
                         message,
                         "org.freedesktop.resolve1.set-dns-over-tls",
-                        /* details= */ NULL,
+                        (const char**) STRV_MAKE("interface", l->ifname),
                         &l->manager->polkit_registry,
                         error);
         if (r < 0)
@@ -651,7 +651,7 @@ int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_e
         r = bus_verify_polkit_async(
                         message,
                         "org.freedesktop.resolve1.set-dnssec",
-                        /* details= */ NULL,
+                        (const char**) STRV_MAKE("interface", l->ifname),
                         &l->manager->polkit_registry,
                         error);
         if (r < 0)
@@ -714,7 +714,7 @@ int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, v
         r = bus_verify_polkit_async(
                         message,
                         "org.freedesktop.resolve1.set-dnssec-negative-trust-anchors",
-                        /* details= */ NULL,
+                        (const char**) STRV_MAKE("interface", l->ifname),
                         &l->manager->polkit_registry,
                         error);
         if (r < 0)
@@ -752,7 +752,7 @@ int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error
         r = bus_verify_polkit_async(
                         message,
                         "org.freedesktop.resolve1.revert",
-                        /* details= */ NULL,
+                        (const char**) STRV_MAKE("interface", l->ifname),
                         &l->manager->polkit_registry,
                         error);
         if (r < 0)