Yikes, sorry for just getting back to this now. "1. NetworkManager polkit allows full access to sudo: I assume you meant that the decision was taken *before* we had proper polkit support on the phone?"
AFAIK, we don't have polkit prompting on the phone still. It doesn't really matter-- we don't want to go that route anyway because it is a poor user experience. "2. urfkill polkit - allows active seat to call Block: The policy also allows BlockIdx ( ie. by index, whereas Block is by type ), and FlightMode by the active seat. How is this more permissive than needed? I'm not familiar enough with polkit to grok how this could be made more restrictive?" I am not familiar with what Block and BlockIdx are supposed to do (which is why having someone more familiar like yourself comment is great :), but will trust your judgement that active seat is fine for these. FlightMode for active seat seems fine. "3. Regarding your proposed solution, why is polkit necessary when all non-system processes that run as 'phablet' are confined ( ie. can't make raw DBus calls anyways )?" It is true that click apps are confined and we have DBus mediation which will block access to wpasupplicant. Those aren't the problem. I'm concerned about the other things that run as the phablet user that are not click apps that are unconfined and providing security in depth. With polkit, we can make sure that just SetInterfaceFirmware() is available to the active seat and deny all others (the intended policy from /etc/dbus-1/system.d/wpa_supplicant.conf is to only allow root processes to talk to wpasupplicant over DBus-- changing this policy may break assumptions in the implementation and introduce security issues. I'm ok poking a hole for SetInterfaceFirmware() (through the use of polkit, leaving the defaults as they are but then adding an override in /var/lib/polkit-1/localauthority/10-vendor.d/... for SetInterfaceFirmware() on Touch), but not ok with opening all of wpasupplicant to the phablet user. "4. Do you really think that adding polkit support to wpa_supplicant for a single DBus method is more work than creating a new proxy service? Also, I assume the proxy service would handle the polkit logic, and then fwd the call(s)?" I was leaving the choice of what was easier up to you. We control connectivity-api but don't control wpasupplicant. My thinking was perhaps there are other hotspot related items that could be used in the proxy service instead of patches multiple sources and I was suggesting using the existing connectivity-api service to add a single API call for this. Eg, /com/ubuntu/connectivity1/Something. I looked at this a bit just now and it seems that the com.ubuntu.connectivity1 service is a session service implemented in network-indicator, which runs as phablet, which means that you won't save any time using connectivity-api since you'd have to still do the polkit stuff for wpasupplicant to poke a hole for SetInterfaceFirmware(). I'll leave whether to use connectivity-api for API design reasons up to you as an implementation detail. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to indicator-network in Ubuntu. https://bugs.launchpad.net/bugs/1426923 Title: Allow ubuntu-system-settings to set a device's firmware through the private Connectivity API Status in indicator-network package in Ubuntu: New Status in wpasupplicant package in Ubuntu: Invalid Bug description: Background: To do Wi-Fi hotspots on krillin, we need to poke wifi by doing a call to wpa_supplicant's (undocumented/local) SetInterfaceFirmware method. See [1] for details. Rationale: Ubuntu System Settings needs to do the same things as aforementioned script, but via dbus [2], as phablet/current non-privileged user and unconfined. What happens: If phablet runs [2], this error message [3] is produced, which I interpret to be equivalent with "you're not welcome here". What should happen instead: Ubuntu System Settings should be able to make a call to the Connectivity API, like Jamie suggests, SetAP(), SetSTA(), SetP2P(). [1] http://bazaar.launchpad.net/~mathieu-tl/+junk/touch-hotspot/view/head:/hotspot.py [2] gdbus call --system -d fi.w1.wpa_supplicant1 -o /fi/w1/wpa_supplicant1 -m fi.w1.wpa_supplicant1.SetInterfaceFirmware / ap [3] http://pastebin.ubuntu.com/10489519/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/indicator-network/+bug/1426923/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
