[SailfishDevel] Setting/escalating app privileges ?

Jonni Rainisto jonni.rainisto at jolla.com
Sat May 31 13:56:37 UTC 2014 

Yes, iwlist currently requires root, and Harbour rules doesnt allow root-bit to be set currently. But if your ok with application just beeing in OpenRepos, then you can give your application or helper binary a root suid-bit in rpm .spec file like this:

%attr(4755,root,root) /usr/bin/yourapplication-root-helper

That would give your application a root suid bitted application that can call iwlist without problems.
Please notice that invoker drops suid bits by default, so you need to have it as seperate helper binary, or have special desktop-file flags for not using invoker to launch your app.

re, Jonni

________________________________
From: devel-bounces at lists.sailfishos.org [devel-bounces at lists.sailfishos.org] on behalf of Niels Christian Ørgaard [ncothang at gmail.com]
Sent: Saturday, May 31, 2014 4:15 PM
To: devel at lists.sailfishos.org
Subject: [SailfishDevel] Setting/escalating app privileges ?

Hi all,

Is there a way to either set, or escalate, a SailfishOS app's privileges, at first runtime or at installation?

Am looking to use 2 shell commands, iwlist and iwpriv, in my apps, but they require root (or similar) access-rights.
(cannot quite figure out why iwlist should require root access ...)

Have googled around, looked at QML and QT5 documentation, and best results have been discussions about an absence of configurable permissions; there may be a way via QT, but my brief search didn't reveal anything.

I could write a quick root-password requester for my apps, asking for permission every time they need to run either command, but I think that is a pretty ugly and scary solution.

Am hoping to eventually introduce at least 1 app to Harbour, so I need to locate a solution that is in line with Jolla's intents.


The 2 apps:

LightFish - app to control LIFX bulbs.
Needs to run "iwpriv wlan0 setMCBCFilter 1" upon startup, to ensure it can catch broadcast messages from LIFX bulbs on the local network, and preferably "iwpriv wlan0 setMCBCFilter 3" when closing down.
Have talked to LIFX about changing their network protocol, but this is (naturally) a non-trivial thing to do.
Having a pop-up requesting root-password (or similar) every time this apps runs would make it too annoying to use, just to set your lighting level; Even more so, if having a pop-up asking for permissions when just triggering a colour-change on a lightbulb to indicate an SMS have been received.

unnamed app - app to do basic wifi scans
Would run iwlist wlan0 scan at regular intervals, present results in a table.
Is simply to help me review local networks, without using my computer.


Any-and-all help are welcome, as I'm at a bit of dead end here.

Regards,
Niels Chr. Ø.
Belgium
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sailfishos.org/pipermail/devel/attachments/20140531/63396d8e/attachment.html>

More information about the Devel mailing list