diff --git a/.gitignore b/.gitignore index 3bc98861d..dfd34ec7d 100644 --- a/.gitignore +++ b/.gitignore @@ -47,3 +47,14 @@ CMakeLists.txt.user* .cursor .specstory .cursorindexingignore + +# debian +debian/.debhelper/ +debian/deepin-devicemanager.debhelper.log +debian/deepin-devicemanager.postrm.debhelper +debian/deepin-devicemanager.substvars +debian/deepin-devicemanager/ +debian/files + +# build +obj-x86_64-linux-gnu/ diff --git a/debian/control b/debian/control index 07f455adf..44917663e 100644 --- a/debian/control +++ b/debian/control @@ -1,5 +1,5 @@ Source: deepin-devicemanager -Section: devel +Section: utils Priority: optional Maintainer: Packages Build-Depends: debhelper-compat (= 11), @@ -29,7 +29,27 @@ Standards-Version: 4.1.3 Package: deepin-devicemanager Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, dmidecode, x11-xserver-utils, hwinfo, cups, upower, deepin-shortcut-viewer, lshw, libdtk6core,libkmod2,libdeepin-service-framework,deepin-service-manager +Depends: ${shlibs:Depends}, ${misc:Depends}, + dmidecode, + x11-xserver-utils, + hwinfo, + cups, + upower, + deepin-shortcut-viewer, + lshw, + libdtk6core, + libkmod2, + libdeepin-service-framework, + deepin-service-manager, + usbutils, + pciutils, + smartmontools, + bluez, + apt, + lastore-daemon, + kmod, + iputils-ping, + net-tools Recommends: uos-reporter, deepin-event-log, deepin-elf-sign-tool Description: Device Manager is a handy tool for viewing hardware information and managing the devices. Device Manager helps users manage hardware devices installed on computers, diff --git a/deepin-devicemanager-server/deepin-devicecontrol/CMakeLists.txt b/deepin-devicemanager-server/deepin-devicecontrol/CMakeLists.txt index 204ad6136..3a590aefe 100644 --- a/deepin-devicemanager-server/deepin-devicecontrol/CMakeLists.txt +++ b/deepin-devicemanager-server/deepin-devicecontrol/CMakeLists.txt @@ -8,7 +8,7 @@ set(CMAKE_AUTOMOC ON) set(CMAKE_CXX_STANDARD 11) set(CMAKE_CXX_STANDARD_REQUIRED ON) -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong -D_FORTITY_SOURCE=1 -z noexecstack -pie -fPIC -z lazy") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong -D_FORTIFY_SOURCE=2 -z noexecstack -pie -fPIC -z lazy") # 设置包含头文件的时候不用包含路径 begin **************************************************************************************** MACRO(SUBDIRLIST result curdir) diff --git a/deepin-devicemanager-server/deepin-devicecontrol/deepin-devicecontrol.service b/deepin-devicemanager-server/deepin-devicecontrol/deepin-devicecontrol.service index 21d45974b..6d312cc22 100644 --- a/deepin-devicemanager-server/deepin-devicecontrol/deepin-devicecontrol.service +++ b/deepin-devicemanager-server/deepin-devicecontrol/deepin-devicecontrol.service @@ -4,6 +4,7 @@ Description=Deepin Device Control Daemon [Service] Type=dbus BusName=org.deepin.DeviceControl +User=root ExecStart=/usr/bin/deepin-devicecontrol CapabilityBoundingSet=~CAP_NET_RAW MemoryMax=8G diff --git a/deepin-devicemanager-server/deepin-devicecontrol/src/controlinterface.cpp b/deepin-devicemanager-server/deepin-devicecontrol/src/controlinterface.cpp index 1adb65f6d..af4c0efb2 100644 --- a/deepin-devicemanager-server/deepin-devicecontrol/src/controlinterface.cpp +++ b/deepin-devicemanager-server/deepin-devicecontrol/src/controlinterface.cpp @@ -89,15 +89,10 @@ bool ControlInterface::getUserAuthorPasswd() return true; } - int pid = getPidByName("deepin-devicemanager"); - if (pid >= 0) { - Authority::Result result = Authority::instance()->checkAuthorizationSync("com.deepin.deepin-devicemanager.checkAuthentication", - UnixProcessSubject(pid), - Authority::AllowUserInteraction); - return result == Authority::Yes; - } - - return false; + Authority::Result result = Authority::instance()->checkAuthorizationSync("com.deepin.deepin-devicemanager.checkAuthentication", + SystemBusNameSubject(message().service()), + Authority::AllowUserInteraction); + return result == Authority::Yes; } ControlInterface::ControlInterface(QObject *parent) : QDBusService(parent) @@ -132,11 +127,15 @@ void ControlInterface::initConnects() QString ControlInterface::getRemoveInfo() { + if (!getUserAuthorPasswd()) + return {}; return EnableSqlManager::getInstance()->removedInfo(); } QString ControlInterface::getAuthorizedInfo() { + if (!getUserAuthorPasswd()) + return {}; return EnableSqlManager::getInstance()->authorizedInfo(); } @@ -223,6 +222,8 @@ void ControlInterface::disableOutDevice(const QString &devInfo) bool ControlInterface::isDeviceEnabled(const QString &unique_id) { + if (!getUserAuthorPasswd()) + return {}; return EnableSqlManager::getInstance()->isUniqueIdEnabled(unique_id); } @@ -263,6 +264,8 @@ void ControlInterface::updateWakeup(const QString &devInfo) int ControlInterface::isNetworkWakeup(const QString &logicalName) { + if (!getUserAuthorPasswd()) + return {}; return WakeupUtils::wakeOnLanIsOpen(logicalName); } @@ -275,6 +278,8 @@ void ControlInterface::setMonitorWorkingDBFlag(bool flag) bool ControlInterface::monitorWorkingDBFlag() { + if (!getUserAuthorPasswd()) + return {}; return EnableSqlManager::getInstance()->monitorWorkingFlag(); } @@ -317,6 +322,8 @@ void ControlInterface::undoInstallDriver() QStringList ControlInterface::checkModuleInUsed(const QString &modulename) { + if (!getUserAuthorPasswd()) + return {}; return mp_drivermanager->checkModuleInUsed(modulename); } @@ -330,16 +337,22 @@ bool ControlInterface::isDriverPackage(const QString &filepath) bool ControlInterface::isBlackListed(const QString &modName) { + if (!getUserAuthorPasswd()) + return {}; return mp_drivermanager->isBlackListed(modName); } bool ControlInterface::isArchMatched(const QString &filePath) { + if (!getUserAuthorPasswd()) + return {}; return mp_drivermanager->isArchMatched(filePath); } bool ControlInterface::isDebValid(const QString &filePath) { + if (!getUserAuthorPasswd()) + return {}; return mp_drivermanager->isDebValid(filePath); } diff --git a/deepin-devicemanager-server/deepin-devicecontrol/src/drivercontrol/driverinstallerapt.cpp b/deepin-devicemanager-server/deepin-devicecontrol/src/drivercontrol/driverinstallerapt.cpp index ad4357773..087bbc505 100644 --- a/deepin-devicemanager-server/deepin-devicecontrol/src/drivercontrol/driverinstallerapt.cpp +++ b/deepin-devicemanager-server/deepin-devicecontrol/src/drivercontrol/driverinstallerapt.cpp @@ -73,15 +73,15 @@ void DriverInstallerApt::aptClean() { qCDebug(appLog) << "Cleaning apt cache"; - executeCommand("lastore-apt-clean"); + executeCommand("lastore-apt-clean", QStringList()); } -QString DriverInstallerApt::executeCommand(const QString &cmd) +QString DriverInstallerApt::executeCommand(const QString &cmd, const QStringList &args) { - qCDebug(appLog) << "Executing command:" << cmd; + qCDebug(appLog) << "Executing command:" << cmd << args; QProcess process; - process.start("bash", QStringList() << "-c" << cmd); + process.start(cmd, args); process.waitForFinished(); return QString::fromUtf8(process.readAllStandardOutput()); } @@ -94,11 +94,11 @@ void DriverInstallerApt::doOperate(const QString &package, const QString &versio aptClean(); // 更新软件源 - executeCommand("apt update"); + executeCommand("apt", QStringList() << "update"); // 检查包是否存在 - QString checkCmd = QString("apt-cache show %1=%2").arg(package).arg(version); - if (executeCommand(checkCmd).isEmpty()) { + QStringList args = QStringList() << "show" << QString("%1=%2").arg(package).arg(version); + if (executeCommand("apt-cache", args).isEmpty()) { emit errorOccurred(1); // 包不存在 qCInfo(appLog) << "DRIVER_LOG : ************************** 安装包不存在"; return; @@ -149,8 +149,8 @@ void DriverInstallerApt::doOperate(const QString &package, const QString &versio }); // 执行安装命令 - QString cmd = QString("apt-get install -y %1=%2").arg(package).arg(version); - m_process->start("bash", QStringList() << "-c" << cmd); + QStringList installArgs = QStringList() << "install" << "-y" << QString("%1=%2").arg(package).arg(version); + m_process->start("apt-get", installArgs); } bool DriverInstallerApt::isNetworkOnline(uint sec) diff --git a/deepin-devicemanager-server/deepin-devicecontrol/src/drivercontrol/driverinstallerapt.h b/deepin-devicemanager-server/deepin-devicecontrol/src/drivercontrol/driverinstallerapt.h index c94d0074d..2da8d1b3f 100644 --- a/deepin-devicemanager-server/deepin-devicecontrol/src/drivercontrol/driverinstallerapt.h +++ b/deepin-devicemanager-server/deepin-devicecontrol/src/drivercontrol/driverinstallerapt.h @@ -61,7 +61,7 @@ public slots: * @param cmd 命令字符串 * @return 命令输出 */ - QString executeCommand(const QString &cmd); + QString executeCommand(const QString &cmd, const QStringList &args); private: QProcess *m_process; // apt进程指针 diff --git a/deepin-devicemanager-server/deepin-deviceinfo/CMakeLists.txt b/deepin-devicemanager-server/deepin-deviceinfo/CMakeLists.txt index 0e97e79f8..2ace52970 100644 --- a/deepin-devicemanager-server/deepin-deviceinfo/CMakeLists.txt +++ b/deepin-devicemanager-server/deepin-deviceinfo/CMakeLists.txt @@ -8,7 +8,7 @@ set(CMAKE_AUTOMOC ON) set(CMAKE_CXX_STANDARD 11) set(CMAKE_CXX_STANDARD_REQUIRED ON) -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong -D_FORTITY_SOURCE=1 -z noexecstack -pie -fPIC -z lazy") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong -D_FORTIFY_SOURCE=2 -z noexecstack -pie -fPIC -z lazy") # 设置包含头文件的时候不用包含路径 begin **************************************************************************************** MACRO(SUBDIRLIST result curdir) diff --git a/deepin-devicemanager-server/deepin-deviceinfo/src/loadinfo/deviceinterface.cpp b/deepin-devicemanager-server/deepin-deviceinfo/src/loadinfo/deviceinterface.cpp index afdf60070..38d79dd0c 100644 --- a/deepin-devicemanager-server/deepin-deviceinfo/src/loadinfo/deviceinterface.cpp +++ b/deepin-devicemanager-server/deepin-deviceinfo/src/loadinfo/deviceinterface.cpp @@ -42,6 +42,13 @@ DeviceInterface::DeviceInterface(const char *name, QObject *parent) QString DeviceInterface::getInfo(const QString &key) { qCDebug(appLog) << "Getting info for key:" << key; + + // 获取设备信息需要身份验证 + if (!getUserAuthorPasswd()) { + qCWarning(appLog) << "Authorization failed for getInfo operation"; + return "0"; + } + // 不能返回用常引用 if ("is_server_running" != key) { return DeviceInfoManager::getInstance()->getInfo(key); @@ -56,12 +63,23 @@ QString DeviceInterface::getInfo(const QString &key) void DeviceInterface::refreshInfo() { + if (!getUserAuthorPasswd()) { + qCWarning(appLog) << "Authorization failed for refreshInfo operation"; + return; + } + emit sigUpdate(); } void DeviceInterface::setMonitorDeviceFlag(bool flag) { qCDebug(appLog) << "Setting monitor device flag to:" << flag; + + if (!getUserAuthorPasswd()) { + qCWarning(appLog) << "Authorization failed for setMonitorDeviceFlag operation"; + return; + } + MainJob *parentMainJob = dynamic_cast(parent()); if (parentMainJob != nullptr) { parentMainJob->setWorkingFlag(flag); diff --git a/deepin-devicemanager-server/tests/CMakeLists.txt b/deepin-devicemanager-server/tests/CMakeLists.txt index 4a3aa7afc..f9297af33 100644 --- a/deepin-devicemanager-server/tests/CMakeLists.txt +++ b/deepin-devicemanager-server/tests/CMakeLists.txt @@ -175,7 +175,7 @@ else() endif() # 设置添加gocv相关信息的输出 -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -fprofile-arcs -ftest-coverage -fstack-protector-strong -D_FORTITY_SOURCE=1 -z noexecstack -pie -fPIC -z lazy") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -fprofile-arcs -ftest-coverage -fstack-protector-strong -D_FORTIFY_SOURCE=2 -z noexecstack -pie -fPIC -z lazy") if(CMAKE_SAFETYTEST STREQUAL "CMAKE_SAFETYTEST_ARG_ON") #安全测试选项 diff --git a/deepin-devicemanager/CMakeLists.txt b/deepin-devicemanager/CMakeLists.txt index 084114afa..4138654d5 100644 --- a/deepin-devicemanager/CMakeLists.txt +++ b/deepin-devicemanager/CMakeLists.txt @@ -32,7 +32,6 @@ set(APP_DESKTOP "${APP_RES_DIR}/deepin-devicemanager.desktop") set(APP_QRC "${APP_RES_DIR}/appimage.qrc") set(APP_ICON_FILE "${APP_RES_DIR}/icons/deepin/builtin/deepin-devicemanager.svg") set(APP_AUTHENTICATION "${APP_RES_DIR}/com.deepin.deepin-devicemanager.policy") -set(APP_SERVICE "${APP_RES_DIR}/dbus/com.deepin.Devicemanager.service") project(${APP_BIN_NAME}) set(CMAKE_VERBOSE_MAKEFILE ON) @@ -41,7 +40,7 @@ set(CMAKE_INCLUDE_CURRENT_DIR ON) set(CMAKE_AUTOMOC ON) set(CMAKE_AUTORCC ON) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall") -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,--as-needed -fPIE -fstack-protector-strong -D_FORTITY_SOURCE=1 -z noexecstack -pie -fPIC -z lazy") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,--as-needed -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -z noexecstack -pie -fPIC -z lazy") set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -pie") option (PERF_ON "Use provided math implementation" ON) @@ -202,7 +201,6 @@ install(FILES ${APP_DESKTOP} DESTINATION ${CMAKE_INSTALL_DATADIR}/applications) install(FILES ${APP_ICON_FILE} DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor/scalable/apps) install(DIRECTORY ${APP_RES_DIR}/deepin-devicemanager DESTINATION ${CMAKE_INSTALL_DATADIR}/deepin-manual/manual-assets/application/) install(FILES ${APP_AUTHENTICATION} DESTINATION ${CMAKE_INSTALL_DATADIR}/polkit-1/actions) -install(FILES ${APP_SERVICE} DESTINATION ${CMAKE_INSTALL_DATADIR}/dbus-1/services) install(FILES ${CMAKE_SOURCE_DIR}/deepin-devicemanager/assets/deepin-devicemanager.json DESTINATION /usr/share/deepin-log-viewer/deepin-log.conf.d/) #hw机型增加DConfig配置 set(APPID org.deepin.devicemanager) diff --git a/deepin-devicemanager/assets/dbus/com.deepin.Devicemanager.service b/deepin-devicemanager/assets/dbus/com.deepin.Devicemanager.service deleted file mode 100644 index 5a6c77d85..000000000 --- a/deepin-devicemanager/assets/dbus/com.deepin.Devicemanager.service +++ /dev/null @@ -1,3 +0,0 @@ -[D-BUS Service] -Name=com.deepin.devicemanagerfront -Exec=/usr/bin/deepin-devicemanager diff --git a/deepin-devicemanager/assets/dbus/com.deepin.Devicemanager.xml b/deepin-devicemanager/assets/dbus/com.deepin.Devicemanager.xml deleted file mode 100644 index e35cd5841..000000000 --- a/deepin-devicemanager/assets/dbus/com.deepin.Devicemanager.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - - diff --git a/deepin-devicemanager/src/DriverControl/DriverBackupThread.cpp b/deepin-devicemanager/src/DriverControl/DriverBackupThread.cpp index a5bd3a88f..8d491efec 100644 --- a/deepin-devicemanager/src/DriverControl/DriverBackupThread.cpp +++ b/deepin-devicemanager/src/DriverControl/DriverBackupThread.cpp @@ -9,9 +9,7 @@ #include #include #include - -// 备份临时路径 -#define DB_PATH_TMP "/tmp/deepin-devicemanager" +#include static bool updateFlag = false; @@ -37,7 +35,8 @@ void DriverBackupThread::run() return; } - QString backupPath = QString("%1/driver/%2").arg(DB_PATH_TMP).arg(debname); + QTemporaryDir tempDir(QDir::tempPath() + "/XXXXXX"); + QString backupPath = QString("%1/driver/%2").arg(tempDir.path()).arg(debname); QDir destdir(backupPath); if (!destdir.exists()) { qCDebug(appLog) << "Backup destination directory does not exist, creating:" << backupPath; diff --git a/deepin-devicemanager/src/Page/PageDriverControl.cpp b/deepin-devicemanager/src/Page/PageDriverControl.cpp index d30cdf3b8..935679e94 100644 --- a/deepin-devicemanager/src/Page/PageDriverControl.cpp +++ b/deepin-devicemanager/src/Page/PageDriverControl.cpp @@ -245,15 +245,6 @@ void PageDriverControl::installDriverLogical() connect(this->getButton(0), &QPushButton::clicked, this, &PageDriverControl::slotBackPathPage); } else if (1 == curIndex) { qCDebug(appLog) << "PageDriverControl::installDriverLogical at name page"; - // 驱动安装之前需要先提权 - Authority::Result result = Authority::instance()->checkAuthorizationSync("com.deepin.deepin-devicemanager.checkAuthentication", - UnixProcessSubject(getpid()), - Authority::AllowUserInteraction); - if (result != Authority::Yes) { - qCWarning(appLog) << "PageDriverControl::installDriverLogical no authorization"; - return; - } - QString driveName = mp_NameDialog->selectName(); //先判断是否是驱动文件,如果不是,再判断是否存在。 //因为后台isDriverPackage返回false的情况有2种:1.文件不存在 2.不是驱动文件 diff --git a/deepin-devicemanager/src/main.cpp b/deepin-devicemanager/src/main.cpp index f6a1eb1fb..0a7d002f8 100644 --- a/deepin-devicemanager/src/main.cpp +++ b/deepin-devicemanager/src/main.cpp @@ -105,7 +105,7 @@ int main(int argc, char *argv[]) exit(0); } Authority::Result result = Authority::instance()->checkAuthorizationSync("com.deepin.deepin-devicemanager.checkAuthentication", - UnixProcessSubject(getpid()), + SystemBusNameSubject(QDBusConnection::systemBus().baseService()), Authority::AllowUserInteraction); qCDebug(appLog) << "Authorization check result:" << result; if (result != Authority::Yes) { diff --git a/deepin-devicemanager/tests/CMakeLists.txt b/deepin-devicemanager/tests/CMakeLists.txt index 6bd8facad..cd0678e35 100644 --- a/deepin-devicemanager/tests/CMakeLists.txt +++ b/deepin-devicemanager/tests/CMakeLists.txt @@ -18,7 +18,7 @@ set(CMAKE_INCLUDE_CURRENT_DIR ON) set(CMAKE_AUTOMOC ON) set(CMAKE_AUTORCC ON) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall") -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,--as-needed -fPIE -fstack-protector-strong -D_FORTITY_SOURCE=1 -z noexecstack -pie -fPIC -z lazy") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,--as-needed -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -z noexecstack -pie -fPIC -z lazy") set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -pie") option (PERF_ON "Use provided math implementation" ON) diff --git a/rpm/deepin-devicemanager.spec b/rpm/deepin-devicemanager.spec index dbb8c9eaf..044294961 100644 --- a/rpm/deepin-devicemanager.spec +++ b/rpm/deepin-devicemanager.spec @@ -66,7 +66,6 @@ systemctl enable deepin-devicemanager-server.service %{_datadir}/applications/%{name}.desktop %{_datadir}/%{name}/translations/*.qm %{_datadir}/icons/hicolor/scalable/apps/%{name}.svg -/usr/share/dbus-1/services/com.deepin.Devicemanager.service /usr/share/polkit-1/actions/com.deepin.deepin-devicemanager.policy /lib/systemd/system/deepin-devicemanager-server.service %{_bindir}/deepin-devicemanager-server