diff options
| author | The Android Open Source Project <initial-contribution@android.com> | 2008-10-21 07:00:00 -0700 |
|---|---|---|
| committer | The Android Open Source Project <initial-contribution@android.com> | 2008-10-21 07:00:00 -0700 |
| commit | 4f6e8d7a00cbeda1e70cc15be9c4af1018bdad53 (patch) | |
| tree | 54fd1b2695a591d2306d41264df67c53077b752c /rootdir/etc/dbus.conf | |
| download | system_core-4f6e8d7a00cbeda1e70cc15be9c4af1018bdad53.zip system_core-4f6e8d7a00cbeda1e70cc15be9c4af1018bdad53.tar.gz system_core-4f6e8d7a00cbeda1e70cc15be9c4af1018bdad53.tar.bz2 | |
Initial Contribution
Diffstat (limited to 'rootdir/etc/dbus.conf')
| -rw-r--r-- | rootdir/etc/dbus.conf | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/rootdir/etc/dbus.conf b/rootdir/etc/dbus.conf new file mode 100644 index 0000000..8742345 --- /dev/null +++ b/rootdir/etc/dbus.conf @@ -0,0 +1,67 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + + <!-- Our well-known bus type, do not change this --> + <type>system</type> + + <!-- Fork into daemon mode --> + <fork/> + + <!-- Only allow socket-credentials-based authentication --> + <auth>EXTERNAL</auth> + + <!-- Only listen on a local socket. (abstract=/path/to/socket + means use abstract namespace, don't really create filesystem + file; only Linux supports this. Use path=/whatever on other + systems.) --> + <listen>unix:path=/dev/socket/dbus</listen> + + <policy context="default"> + <!-- Deny everything then punch holes --> + <deny send_interface="*"/> + <deny receive_interface="*"/> + <deny own="*"/> + <!-- But allow all users to connect --> + <allow user="*"/> + <!-- Allow anyone to talk to the message bus --> + <!-- FIXME I think currently these allow rules are always implicit + even if they aren't in here --> + <allow send_destination="org.freedesktop.DBus"/> + <allow receive_sender="org.freedesktop.DBus"/> + <!-- valid replies are always allowed --> + <allow send_requested_reply="true"/> + <allow receive_requested_reply="true"/> + </policy> + + + <!-- Now punch holes for bluetooth --> + + <policy context="default"> + <allow own="*"/> + <allow user="*"/> + <allow send_destination="org.bluez.PasskeyAgent"/> + <allow receive_sender="org.bluez.PasskeyAgent"/> + <allow send_path="/org/bluez/PasskeyAgent"/> + </policy> + + <policy user="root"> + <allow own="org.bluez"/> + </policy> + + <policy at_console="true"> + <allow send_destination="org.bluez.Adapter"/> + <allow receive_sender="org.bluez.Adapter"/> + + <allow send_path="/org/bluez/Adapter"/> + + <allow send_destination="org.bluez.Manager"/> + <allow receive_sender="org.bluez.Manager"/> + + <allow send_path="/org/bluez/Manager"/> + + <allow send_destination="org.bluez.Security"/> + <allow receive_sender="org.bluez.Security"/> + </policy> + +</busconfig> |