Allow radio user to manage systemd units

Certain non-root users need to be able to communicate with systemd
to start or stop root processes.

Change-Id: I26f32675f86bb195eca3b365dc1fb07b530fc1b3

recipes-core/dbus/dbus_%.bbappend

 include dbus.inc
 
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI += "file://extra-users.conf"
+
 INITSCRIPT_NAME = "dbus-1"
 INITSCRIPT_PARAMS = "start 98 5 3 2 . stop 02 0 1 6 ."
 
+do_install_append() {
+   install -d ${D}/${datadir}/dbus-1/system.d/
+   install -m 0644 ${WORKDIR}/extra-users.conf -D ${D}${datadir}/dbus-1/system.d/extra-users.conf
+}
 
 

recipes-core/dbus/files/extra-users.conf

+<!-- Copyright (c) 2019, The Linux Foundation. All rights reserved.         -->
+<!--                                                                        -->
+<!-- Redistribution and use in source and binary forms, with or without     -->
+<!-- modification, are permitted provided that the following conditions are -->
+<!-- met:                                                                   -->
+<!--     * Redistributions of source code must retain the above copyright   -->
+<!--       notice, this list of conditions and the following disclaimer.    -->
+<!--     * Redistributions in binary form must reproduce the above          -->
+<!--       copyright notice, this list of conditions and the following      -->
+<!--       disclaimer in the documentation and/or other materials provided  -->
+<!--       with the distribution.                                           -->
+<!--     * Neither the name of The Linux Foundation nor the names of its    -->
+<!--       contributors may be used to endorse or promote products derived  -->
+<!--       from this software without specific prior written permission.    -->
+<!--                                                                        -->
+<!-- THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED           -->
+<!-- WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF   -->
+<!-- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT -->
+<!-- ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS -->
+<!-- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -->
+<!-- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF   -->
+<!-- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR        -->
+<!-- BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,  -->
+<!-- OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN -->
+<!-- IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.                          -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+           "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+    <policy user="radio">
+        <allow send_destination="org.freedesktop.systemd1" send_interface="org.freedesktop.systemd1.Manager"/>
+        <allow receive_sender="org.freedesktop.systemd1"/>
+    </policy>
+</busconfig>

recipes-core/systemd/systemd/sd-bus-Allow-extra-users-to-communicate.patch

+From bf013c53c131dd7643cf4cc54ac33157b38b6ea8 Mon Sep 17 00:00:00 2001
+From: Dennis Cagle <dcagle@codeaurora.org>
+Date: Thu, 6 Dec 2018 15:42:37 -0800
+Subject: [PATCH] sd-bus: Allow extra users to communicate
+
+Change-Id: I709b16940eba72609a2092b891884ec9b0f800e9
+---
+ src/libsystemd/sd-bus/bus-convenience.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-convenience.c b/src/libsystemd/sd-bus/bus-convenience.c
+index 04158ca..f02800b 100644
+--- a/src/libsystemd/sd-bus/bus-convenience.c
++++ b/src/libsystemd/sd-bus/bus-convenience.c
+@@ -565,9 +565,7 @@ _public_ int sd_bus_query_sender_privilege(sd_bus_message *call, int capability)
+ 
+         if (!BUS_IS_OPEN(call->bus->state))
+                 return -ENOTCONN;
+-
+         if (capability >= 0) {
+-
+                 r = sd_bus_query_sender_creds(call, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS, &creds);
+                 if (r < 0)
+                         return r;
+@@ -616,6 +614,10 @@ _public_ int sd_bus_query_sender_privilege(sd_bus_message *call, int capability)
+                         if (sender_uid == our_uid)
+                                 return 1;
+ 
++                        /* Other specific users also allowed access (radio) */
++                        if (sender_uid == 1001)
++                                return 1;
++
+                         /* Sender is root, we are not root. */
+                         if (our_uid != 0 && sender_uid == 0)
+                                 return 1;
+-- 
+1.9.1
+

recipes-core/systemd/systemd_%.bbappend

@@ -13,6 +13,7 @@ SRC_URI += "file://kgsl.rules"
 SRC_URI += "file://set-usb-nodes.rules"
 SRC_URI += "file://sysctl.conf"
 SRC_URI += "file://platform.conf"
+SRC_URI += "file://sd-bus-Allow-extra-users-to-communicate.patch"
 
 # Custom setup for PACKAGECONFIG to get a slimmer systemd.
 # Removed following:
@@ -32,6 +33,7 @@ SRC_URI += "file://platform.conf"
 #   * localed   - Service used to change the system locale settings, not needed.
 #   * machined  - For tracking local Virtual Machines and Containers, not needed.
 #   * networkd  - Manages network configurations, custom solution is used.
+#   * polkit    - Not used.
 #   * quotacheck- Not using Quota.
 #   * resolvd   - Use custom network name resolution manager.
 #   * smack     - Not used.
@@ -49,7 +51,6 @@ PACKAGECONFIG = " \
     ima \
     kmod \
     logind \
-    polkit \
     randomseed \
     sysusers \
     timedated \