Require some way to set cgroup for apps (currently systemd --user)

When the portal looks up the peer app id it needs to know whether it
can trust that the cgroup path would be set, so that it can tell
whether the app is sandboxed or trusted. We used to check if the
cgroup was session-$uid.slice, and if so it was trusted, but this
failed in the case of per-user dbus (not per-session) where
e.g. gnome-terminal would be outside the session.

Now we just fail if we can't set up a cgroup, thus whenever the cgroup
path is not right we know that the app is trusted.

common/xdg-app-run.c

@@ -1681,15 +1681,14 @@ job_removed_cb (SystemdManager *manager,
     g_main_loop_quit (data->main_loop);
 }
 
-void
-xdg_app_run_in_transient_unit (const char *appid)
+gboolean
+xdg_app_run_in_transient_unit (const char *appid, GError **error)
 {
-  GDBusConnection *conn = NULL;
-  GError *error = NULL;
-  char *path = NULL;
-  char *address = NULL;
-  char *name = NULL;
-  char *job = NULL;
+  g_autoptr(GDBusConnection) conn = NULL;
+  g_autofree char *path = NULL;
+  g_autofree char *address = NULL;
+  g_autofree char *name = NULL;
+  g_autofree char *job = NULL;
   SystemdManager *manager = NULL;
   GVariantBuilder builder;
   GVariant *properties = NULL;
@@ -1698,40 +1697,35 @@ xdg_app_run_in_transient_unit (const char *appid)
   GMainContext *main_context = NULL;
   GMainLoop *main_loop = NULL;
   struct JobData data;
+  gboolean res = FALSE;
 
   path = g_strdup_printf ("/run/user/%d/systemd/private", getuid());
 
   if (!g_file_test (path, G_FILE_TEST_EXISTS))
-    goto out;
+    return xdg_app_fail (error,
+                         "No systemd user session available, sandboxing not available");
 
   main_context = g_main_context_new ();
   main_loop = g_main_loop_new (main_context, FALSE);
 
   g_main_context_push_thread_default (main_context);
 
-
   address = g_strconcat ("unix:path=", path, NULL);
 
   conn = g_dbus_connection_new_for_address_sync (address,
                                                  G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT,
                                                  NULL,
-                                                 NULL, &error);
+                                                 NULL, error);
   if (!conn)
-    {
-      g_warning ("Can't connect to systemd: %s\n", error->message);
-      goto out;
-    }
+    goto out;
 
   manager = systemd_manager_proxy_new_sync (conn,
                                             G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES,
                                             NULL,
                                             "/org/freedesktop/systemd1",
-                                            NULL, &error);
+                                            NULL, error);
   if (!manager)
-    {
-      g_warning ("Can't create manager proxy: %s\n", error->message);
-      goto out;
-    }
+    goto out;
 
   name = g_strdup_printf ("xdg-app-%s-%d.scope", appid, getpid());
 
@@ -1755,11 +1749,8 @@ xdg_app_run_in_transient_unit (const char *appid)
                                                        aux,
                                                        &job,
                                                        NULL,
-                                                       &error))
-    {
-      g_warning ("Can't start transient unit: %s\n", error->message);
-      goto out;
-    }
+                                                       error))
+    goto out;
 
   data.job = job;
   data.main_loop = main_loop;
@@ -1767,6 +1758,8 @@ xdg_app_run_in_transient_unit (const char *appid)
 
   g_main_loop_run (main_loop);
 
+  res = TRUE;
+
  out:
   if (main_context)
     {
@@ -1775,16 +1768,10 @@ xdg_app_run_in_transient_unit (const char *appid)
     }
   if (main_loop)
     g_main_loop_unref (main_loop);
-  if (error)
-    g_error_free (error);
   if (manager)
     g_object_unref (manager);
-  if (conn)
-    g_object_unref (conn);
-  g_free (path);
-  g_free (address);
-  g_free (job);
-  g_free (name);
+
+  return res;
 }
 
 static void
@@ -2153,7 +2140,8 @@ xdg_app_run_app (const char *app_ref,
 
   /* Must run this before spawning the dbus proxy, to ensure it
      ends up in the app cgroup */
-  xdg_app_run_in_transient_unit (app_ref_parts[1]);
+  if (!xdg_app_run_in_transient_unit (app_ref_parts[1], error))
+    return FALSE;
 
   if (!add_dbus_proxy_args (argv_array, dbus_proxy_argv, error))
     return FALSE;

common/xdg-app-run.h

@@ -25,7 +25,8 @@
 #include "dbus-proxy/xdg-app-proxy.h"
 #include "xdg-app-common-types.h"
 
-void xdg_app_run_in_transient_unit (const char *app_id);
+gboolean xdg_app_run_in_transient_unit (const char *app_id,
+                                        GError **error);
 
 #define XDG_APP_METADATA_GROUP_CONTEXT "Context"
 #define XDG_APP_METADATA_GROUP_SESSION_BUS_POLICY "Session Bus Policy"

common/xdg-app-utils.c

@@ -970,8 +970,7 @@ got_credentials_cb (GObject *source_object,
                           info->app_id = g_strdup (name);
                         }
                     }
-                  else if (g_str_has_prefix (scope, "session-") &&
-                           g_str_has_suffix (scope, ".scope"))
+                  else
                     info->app_id = g_strdup ("");
                 }
             }