bus: when introspecting, turn unprivileged flag into inverse annoation of "privileged"

Internally, it makes sense to have a default of "privileged" for
methods, and a flag to open it up. However, externally in the bus
introspection turn this around since negative options actually suck.

src/libsystemd-bus/bus-introspect.c

@@ -26,10 +26,11 @@
 #include "bus-internal.h"
 #include "bus-protocol.h"
 
-int introspect_begin(struct introspect *i) {
+int introspect_begin(struct introspect *i, bool trusted) {
         assert(i);
 
         zero(*i);
+        i->trusted = trusted;
 
         i->f = open_memstream(&i->introspection, &i->size);
         if (!i->f)
@@ -87,8 +88,10 @@ static void introspect_write_flags(struct introspect *i, int type, int flags) {
                         fputs("   <annotation name=\"org.freedesktop.DBus.Property.EmitsChangedSignal\" value=\"invalidates\"/>\n", i->f);
         }
 
-        if ((type == _SD_BUS_VTABLE_METHOD || type == _SD_BUS_VTABLE_WRITABLE_PROPERTY) && (flags & SD_BUS_VTABLE_UNPRIVILEGED))
-                fputs("   <annotation name=\"org.freedesktop.systemd1.Unprivileged\" value=\"true\"/>\n", i->f);
+        if (!i->trusted &&
+            (type == _SD_BUS_VTABLE_METHOD || type == _SD_BUS_VTABLE_WRITABLE_PROPERTY) &&
+            !(flags & SD_BUS_VTABLE_UNPRIVILEGED))
+                fputs("   <annotation name=\"org.freedesktop.systemd1.Privileged\" value=\"true\"/>\n", i->f);
 }
 
 static int introspect_write_arguments(struct introspect *i, const char *signature, const char *direction) {
@@ -121,6 +124,10 @@ int introspect_write_interface(struct introspect *i, const sd_bus_vtable *v) {
 
         for (; v->type != _SD_BUS_VTABLE_END; v++) {
 
+                /* Ignore methods, signals and properties that are
+                 * marked "hidden", but do show the interface
+                 * itself */
+
                 if (v->type != _SD_BUS_VTABLE_START && (v->flags & SD_BUS_VTABLE_HIDDEN))
                         continue;
 

src/libsystemd-bus/bus-introspect.h

@@ -31,9 +31,10 @@ struct introspect {
         FILE *f;
         char *introspection;
         size_t size;
+        bool trusted;
 };
 
-int introspect_begin(struct introspect *i);
+int introspect_begin(struct introspect *i, bool trusted);
 int introspect_write_default_interfaces(struct introspect *i, bool object_manager);
 int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefix);
 int introspect_write_interface(struct introspect *i, const sd_bus_vtable *v);

src/libsystemd-bus/bus-objects.c

@@ -831,7 +831,7 @@ static int process_introspect(
         if (bus->nodes_modified)
                 return 0;
 
-        r = introspect_begin(&intro);
+        r = introspect_begin(&intro, bus->trusted);
         if (r < 0)
                 return r;
 

src/libsystemd-bus/test-bus-introspect.c

@@ -50,7 +50,7 @@ int main(int argc, char *argv[]) {
 
         log_set_max_level(LOG_DEBUG);
 
-        assert_se(introspect_begin(&intro) >= 0);
+        assert_se(introspect_begin(&intro, false) >= 0);
 
         fprintf(intro.f, " <interface name=\"org.foo\">\n");
         assert_se(introspect_write_interface(&intro, vtable) >= 0);