diff options
Diffstat (limited to 'rootdir/etc/dbus.conf')
| -rw-r--r-- | rootdir/etc/dbus.conf | 50 |
1 files changed, 5 insertions, 45 deletions
diff --git a/rootdir/etc/dbus.conf b/rootdir/etc/dbus.conf index 8742345..75586b9 100644 --- a/rootdir/etc/dbus.conf +++ b/rootdir/etc/dbus.conf @@ -5,9 +5,6 @@ <!-- Our well-known bus type, do not change this --> <type>system</type> - <!-- Fork into daemon mode --> - <fork/> - <!-- Only allow socket-credentials-based authentication --> <auth>EXTERNAL</auth> @@ -17,51 +14,14 @@ systems.) --> <listen>unix:path=/dev/socket/dbus</listen> + <!-- Allow everything, D-Bus socket is protected by unix filesystem + permissions --> <policy context="default"> - <!-- Deny everything then punch holes --> - <deny send_interface="*"/> - <deny receive_interface="*"/> - <deny own="*"/> - <!-- But allow all users to connect --> + <allow send_interface="*"/> + <allow receive_interface="*"/> + <allow own="*"/> <allow user="*"/> - <!-- Allow anyone to talk to the message bus --> - <!-- FIXME I think currently these allow rules are always implicit - even if they aren't in here --> - <allow send_destination="org.freedesktop.DBus"/> - <allow receive_sender="org.freedesktop.DBus"/> - <!-- valid replies are always allowed --> <allow send_requested_reply="true"/> <allow receive_requested_reply="true"/> </policy> - - - <!-- Now punch holes for bluetooth --> - - <policy context="default"> - <allow own="*"/> - <allow user="*"/> - <allow send_destination="org.bluez.PasskeyAgent"/> - <allow receive_sender="org.bluez.PasskeyAgent"/> - <allow send_path="/org/bluez/PasskeyAgent"/> - </policy> - - <policy user="root"> - <allow own="org.bluez"/> - </policy> - - <policy at_console="true"> - <allow send_destination="org.bluez.Adapter"/> - <allow receive_sender="org.bluez.Adapter"/> - - <allow send_path="/org/bluez/Adapter"/> - - <allow send_destination="org.bluez.Manager"/> - <allow receive_sender="org.bluez.Manager"/> - - <allow send_path="/org/bluez/Manager"/> - - <allow send_destination="org.bluez.Security"/> - <allow receive_sender="org.bluez.Security"/> - </policy> - </busconfig> |