From: Alessandro Astone <ales.astone@gmail.com>
Date: Sat, 21 Jan 2023 23:20:56 +0000 (+0100)
Subject: fixup! security: Verify session user_id against DBus connection
X-Git-Tag: 1.4.0~29
X-Git-Url: https://glassweightruler.freedombox.rocks/gitweb/waydroid.git/commitdiff_plain/37417977a80026d5e198bffd8f9c908cc5325c58?ds=sidebyside

fixup! security: Verify session user_id against DBus connection
---

diff --git a/tools/actions/container_manager.py b/tools/actions/container_manager.py
index 38b0040..0092f1e 100644
--- a/tools/actions/container_manager.py
+++ b/tools/actions/container_manager.py
@@ -24,11 +24,10 @@ class DbusContainerManager(dbus.service.Object):
 
     @dbus.service.method("id.waydro.ContainerManager", in_signature='a{ss}', out_signature='', sender_keyword="sender", connection_keyword="conn")
     def Start(self, session, sender, conn):
-        if session["user_id"] != "0":
-            dbus_info = dbus.Interface(conn.get_object("org.freedesktop.DBus", "/org/freedesktop/DBus/Bus", False), "org.freedesktop.DBus")
-            uid = dbus_info.GetConnectionUnixUser(sender)
-            if str(uid) != session["user_id"]:
-                raise RuntimeError("Cannot start a session on behalf of another user")
+        dbus_info = dbus.Interface(conn.get_object("org.freedesktop.DBus", "/org/freedesktop/DBus/Bus", False), "org.freedesktop.DBus")
+        uid = dbus_info.GetConnectionUnixUser(sender)
+        if str(uid) not in ["0", session["user_id"]]:
+            raise RuntimeError("Cannot start a session on behalf of another user")
         do_start(self.args, session)
 
     @dbus.service.method("id.waydro.ContainerManager", in_signature='b', out_signature='')