Bug 1176474 - AUDIT-0: powerdevil5 (suse-dbus-unauthorized-service, polkit-untracked-privilege)
Summary: AUDIT-0: powerdevil5 (suse-dbus-unauthorized-service, polkit-untracked-privil...
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Matthias Gerstner
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-14 05:23 UTC by Luca Beltrame
Modified: 2024-03-13 09:20 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Luca Beltrame 2020-09-14 05:23:37 UTC 
Hello, 

the upcoming version of Plasma 5 (5.20), planned for next month (October 13th) includes a new KAuth helper to handle new privileged operations, in particular, getting and setting battery charge thresholds in laptops that support it (like Lenovo Thinkpads). 

This meant that powerdevil5 has now additional helpers to handle this. Two new polkit privileges are asked:  org.kde.powerdevil.chargethresholdhelper.getthreshold (??:yes:yes) and org.kde.powerdevil.chargethresholdhelper.setthreshold (??:no:auth_admin_keep). 

The two D-Bus service files found by rpmlint are:

- /usr/share/dbus-1/system-services/org.kde.powerdevil.chargethresholdhelper.service
- /usr/share/dbus-1/system.d/org.kde.powerdevil.chargethresholdhelper.conf

Code used by the helper:

- https://invent.kde.org/plasma/powerdevil/-/blob/master/daemon/chargethresholdhelper.cpp
- https://invent.kde.org/plasma/powerdevil/-/blob/master/daemon/chargethresholdhelper.h
- https://invent.kde.org/plasma/powerdevil/-/blob/master/daemon/chargethreshold_helper_actions.actions

A package including these features is available at https://build.opensuse.org/package/show/KDE:Unstable:Frameworks/powerdevil5.
Comment 1 Matthias Gerstner 2020-09-14 07:37:25 UTC 
We will schedule this for review.
Comment 2 OBSbugzilla Bot 2020-09-28 15:40:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1176474) was mentioned in
https://build.opensuse.org/request/show/838324 Factory / plasma5-workspace
Comment 3 Matthias Gerstner 2020-09-30 11:33:44 UTC 
I will do the review.
Comment 4 Matthias Gerstner 2020-10-01 11:17:20 UTC 
The new helper is okay. It only accepts integer parameters in D-Bus methods
and they control the battery charging threshold. Only getting is allowed for
locally logged in users, setting requires admin privileges. That's okay.
Comment 5 Matthias Gerstner 2020-10-01 13:51:17 UTC 
I started the whitelisting process and it should be available within a couple
of days (polkit-default-privs and rpmlint are affected).
Comment 6 OBSbugzilla Bot 2020-10-03 11:00:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1176474) was mentioned in
https://build.opensuse.org/request/show/839299 Factory / plasma5-workspace
Comment 7 Matthias Gerstner 2020-10-06 09:55:50 UTC 
Closing as fixed.
Comment 8 OBSbugzilla Bot 2020-10-11 12:20:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1176474) was mentioned in
https://build.opensuse.org/request/show/841022 Factory / plasma5-workspace