[ofono] Access control for SIM Toolkit agent. Fixes JB#49163

Non-privileged process will get org.ofono.Error.AccessDenied from
RegisterAgent. Other methods already check that D-Bus call is coming
from a registered agent.

ofono/include/dbus-access.h

@@ -1,7 +1,8 @@
 /*
  *  oFono - Open Source Telephony
  *
- *  Copyright (C) 2019 Jolla Ltd.
+ *  Copyright (C) 2019-2020 Jolla Ltd.
+ *  Copyright (C) 2020 Open Mobile Platform LLC.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2 as
@@ -25,7 +26,7 @@ extern "C" {
 enum ofono_dbus_access {
 	OFONO_DBUS_ACCESS_DENY,       /* Deny access */
 	OFONO_DBUS_ACCESS_ALLOW,      /* Allow access */
-	OFONO_DBUS_ACCESS_DONT_CARE,  /* No decision */
+	OFONO_DBUS_ACCESS_DONT_CARE   /* No decision */
 };
 
 enum ofono_dbus_access_intf {
@@ -38,6 +39,7 @@ enum ofono_dbus_access_intf {
 	OFONO_DBUS_ACCESS_INTF_SIMMGR,        /* org.ofono.SimManager */
 	OFONO_DBUS_ACCESS_INTF_MODEM,         /* org.ofono.Modem */
 	OFONO_DBUS_ACCESS_INTF_RADIOSETTINGS, /* org.ofono.RadioSettings */
+	OFONO_DBUS_ACCESS_INTF_STK,           /* org.ofono.SimToolkit */
 	OFONO_DBUS_ACCESS_INTF_COUNT
 };
 
@@ -116,6 +118,12 @@ enum ofono_dbus_access_radiosettings_method {
 	OFONO_DBUS_ACCESS_RADIOSETTINGS_METHOD_COUNT
 };
 
+/* OFONO_DBUS_ACCESS_INTF_STK */
+enum ofono_dbus_access_stk_method {
+	OFONO_DBUS_ACCESS_STK_REGISTER_AGENT,
+	OFONO_DBUS_ACCESS_STK_METHOD_COUNT
+};
+
 #define OFONO_DBUS_ACCESS_PRIORITY_LOW     (-100)
 #define OFONO_DBUS_ACCESS_PRIORITY_DEFAULT (0)
 #define OFONO_DBUS_ACCESS_PRIORITY_HIGH    (100)

ofono/src/dbus-access.c

@@ -1,7 +1,8 @@
 /*
  *  oFono - Open Source Telephony
  *
- *  Copyright (C) 2019 Jolla Ltd.
+ *  Copyright (C) 2019-2020 Jolla Ltd.
+ *  Copyright (C) 2020 Open Mobile Platform LLC.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2 as
@@ -41,6 +42,8 @@ const char *ofono_dbus_access_intf_name(enum ofono_dbus_access_intf intf)
 		return OFONO_MODEM_INTERFACE;
 	case OFONO_DBUS_ACCESS_INTF_RADIOSETTINGS:
 		return OFONO_RADIO_SETTINGS_INTERFACE;
+	case OFONO_DBUS_ACCESS_INTF_STK:
+		return OFONO_STK_INTERFACE;
 	case OFONO_DBUS_ACCESS_INTF_COUNT:
 		break;
 	}
@@ -165,6 +168,14 @@ const char *ofono_dbus_access_method_name(enum ofono_dbus_access_intf intf,
 			break;
 		}
 		break;
+	case OFONO_DBUS_ACCESS_INTF_STK:
+		switch ((enum ofono_dbus_access_stk_method)method) {
+		case OFONO_DBUS_ACCESS_STK_REGISTER_AGENT:
+			return "RegisterAgent";
+		case OFONO_DBUS_ACCESS_STK_METHOD_COUNT:
+			break;
+		}
+		break;
 	case OFONO_DBUS_ACCESS_INTF_COUNT:
 		break;
 	}

ofono/src/stk.c

@@ -3,6 +3,8 @@
  *  oFono - Open Source Telephony
  *
  *  Copyright (C) 2008-2011  Intel Corporation. All rights reserved.
+ *  Copyright (C) 2020 Jolla Ltd.
+ *  Copyright (C) 2020 Open Mobile Platform LLC.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2 as
@@ -725,6 +727,12 @@ static DBusMessage *stk_register_agent(DBusConnection *conn,
 	if (!dbus_validate_path(agent_path, NULL))
 		return __ofono_error_invalid_format(msg);
 
+	if (!__ofono_dbus_access_method_allowed(dbus_message_get_sender(msg),
+					OFONO_DBUS_ACCESS_INTF_STK,
+					OFONO_DBUS_ACCESS_STK_REGISTER_AGENT,
+					agent_path))
+		return __ofono_error_access_denied(msg);
+
 	stk->default_agent = stk_agent_new(agent_path,
 						dbus_message_get_sender(msg),
 						FALSE);

ofono/unit/test-dbus-access.c

@@ -1,7 +1,8 @@
 /*
  *  oFono - Open Source Telephony
  *
- *  Copyright (C) 2019 Jolla Ltd.
+ *  Copyright (C) 2019-2020 Jolla Ltd.
+ *  Copyright (C) 2020 Open Mobile Platform LLC.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2 as
@@ -103,6 +104,9 @@ static const struct test_method_name_data method_name_tests[] = {
 	},{
 		OFONO_DBUS_ACCESS_INTF_RADIOSETTINGS,
 		OFONO_DBUS_ACCESS_RADIOSETTINGS_METHOD_COUNT
+	},{
+		OFONO_DBUS_ACCESS_INTF_STK,
+		OFONO_DBUS_ACCESS_STK_METHOD_COUNT
 	}
 };