device: Only handle Refresh() method if in debug mode

The Refresh D-Bus method could be used by clients to force re-reading the state of batteries in the upower backends. This is not needed as all the backends should be sending events when their states changes, removing the need for an explicit refresh. This is also a potential security problem if applications keep on refreshing their data. We now only allow access to the Refresh() method if the daemon was started in debugging mode. This should make it clearer that it is a debug tool. Also remove a mention of the never implemented refresh-power-source polkit authorisation.
2025-12-20 16:00:10 +01:00 · 2022-03-31 12:11:29 +02:00 · 2022-03-31 12:11:29 +02:00 · d0ebbe32bb
commit d0ebbe32bb
parent 2f3ccee059
3 changed files with 21 additions and 19 deletions
--- a/dbus/org.freedesktop.UPower.Device.xml
+++ b/dbus/org.freedesktop.UPower.Device.xml
@ -146,7 +146,7 @@ method return sender=:1.386 -> dest=:1.477 reply_serial=2
            Refreshes the data collected from the power source.
          </doc:para>
        </doc:description>
-        <doc:permission>Callers need the org.freedesktop.upower.refresh-power-source authorization</doc:permission>
+        <doc:permission>Callers will need to make sure that the daemon was started in debug mode</doc:permission>
        <doc:errors>
          <doc:error name="&ERROR_GENERAL;">if an error occured while refreshing</doc:error>
        </doc:errors>
--- a/libupower-glib/up-device.c
+++ b/libupower-glib/up-device.c
@ -408,7 +408,8 @@ up_device_to_text (UpDevice *device)
 * @error: a #GError, or %NULL.
 *
 * Refreshes properties on the device.
- * This function is normally not required.
+ * This function is normally not required and will only return without
+ * an error if the daemon was started in debug mode.
 *
 * Return value: #TRUE for success, else #FALSE and @error is used
 *
--- a/src/up-device.c
+++ b/src/up-device.c
@ -400,6 +400,21 @@ up_device_register_device (UpDevice *device)
 	return TRUE;
 }

+/**
+ * up_device_refresh:
+ *
+ * Return %TRUE on success, %FALSE if we failed to refresh or no data
+ **/
+static gboolean
+up_device_refresh (UpExportedDevice *skeleton,
+		   GDBusMethodInvocation *invocation,
+		   UpDevice *device)
+{
+	up_device_refresh_internal (device);
+	up_exported_device_complete_refresh (skeleton, invocation);
+	return TRUE;
+}
+
 /**
 * up_device_coldplug:
 *
@ -416,6 +431,9 @@ up_device_coldplug (UpDevice *device)
 	g_return_val_if_fail (UP_IS_DEVICE (device), FALSE);

 	native_path = up_native_get_native_path (device->priv->native);
+	if (up_daemon_get_debug (device->priv->daemon))
+		g_signal_connect (device, "handle-refresh",
+				  G_CALLBACK (up_device_refresh), device);
 	up_exported_device_set_native_path (UP_EXPORTED_DEVICE (device), native_path);

 	/* coldplug source */
@ -581,21 +599,6 @@ out:
 	return TRUE;
 }

-/**
- * up_device_refresh:
- *
- * Return %TRUE on success, %FALSE if we failed to refresh or no data
- **/
-static gboolean
-up_device_refresh (UpExportedDevice *skeleton,
-		   GDBusMethodInvocation *invocation,
-		   UpDevice *device)
-{
-	up_device_refresh_internal (device);
-	up_exported_device_complete_refresh (skeleton, invocation);
-	return TRUE;
-}
-
 /**
 * up_device_register_display_device:
 **/
@ -685,8 +688,6 @@ up_device_init (UpDevice *device)
 			  G_CALLBACK (up_device_get_history), device);
 	g_signal_connect (device, "handle-get-statistics",
 			  G_CALLBACK (up_device_get_statistics), device);
-	g_signal_connect (device, "handle-refresh",
-			  G_CALLBACK (up_device_refresh), device);
 }

 /**