dbus: rauc: only install bundles from the primary channel

This restricts the sources that the `/v1/tac/update/install` will accept
update requests from to only the primary channel.
The web interface has not exposed the feature to install arbitrary URLs
for some time now and users that want to do so are better served by using
the command line interface instead.

Signed-off-by: Leonard Göhrs <[email protected]>

Author: hnez

src/dbus/rauc.rs

@@ -394,33 +394,50 @@ impl Rauc {
         })?;
 
         let conn_task = conn.clone();
+        let channels = inst.channels.clone();
         let (mut install_stream, _) = inst.install.clone().subscribe_unbounded();
 
         // Forward the "install" topic from the broker framework to RAUC
         wtb.spawn_task("rauc-forward-install", async move {
             let proxy = InstallerProxy::new(&conn_task).await.unwrap();
 
             while let Some(update_request) = install_stream.next().await {
-                let url = match update_request.url {
-                    Some(url) => url,
-                    None => continue,
+                let channels = match channels.try_get() {
+                    Some(chs) => chs,
+                    None => {
+                        warn!("Got install request with no channels available yet");
+                        continue;
+                    }
                 };
 
-                // Poor-mans validation. It feels wrong to let someone point to any
-                // file on the TAC from the web interface.
-                if url.starts_with("http://") || url.starts_with("https://") {
-                    let manifest_hash: Option<zbus::zvariant::Value> =
-                        update_request.manifest_hash.map(|mh| mh.into());
-
-                    let mut args = HashMap::new();
-
-                    if let Some(manifest_hash) = &manifest_hash {
-                        args.insert("require-manifest-hash", manifest_hash);
+                let primary = match channels.primary() {
+                    Some(primary) => primary,
+                    None => {
+                        warn!("Got install request with no primary channel configured");
+                        continue;
                     }
+                };
 
-                    if let Err(e) = proxy.install_bundle(&url, args).await {
-                        error!("Failed to install bundle: {}", e);
+                let url = match &update_request.url {
+                    None => &primary.url,
+                    Some(url) if url == &primary.url => &primary.url,
+                    Some(_) => {
+                        warn!("Got install request with URL not matching primary channel URL");
+                        continue;
                     }
+                };
+
+                let manifest_hash: Option<zbus::zvariant::Value> =
+                    update_request.manifest_hash.map(|mh| mh.into());
+
+                let mut args = HashMap::new();
+
+                if let Some(manifest_hash) = &manifest_hash {
+                    args.insert("require-manifest-hash", manifest_hash);
+                }
+
+                if let Err(e) = proxy.install_bundle(url, args).await {
+                    error!("Failed to install bundle: {}", e);
                 }
             }
 

src/dbus/rauc/update_channels.rs

@@ -173,4 +173,9 @@ impl Channels {
     pub fn into_vec(self) -> Vec<Channel> {
         self.0
     }
+
+    #[cfg(not(feature = "demo_mode"))]
+    pub(super) fn primary(&self) -> Option<&Channel> {
+        self.0.iter().find(|ch| ch.primary)
+    }
 }