summaryrefslogtreecommitdiffstats
path: root/rootdir/etc/dbus.conf
blob: 8742345eb52259f477184545a29d05b054cc7bbb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>

  <!-- Our well-known bus type, do not change this -->
  <type>system</type>

  <!-- Fork into daemon mode -->
  <fork/>

  <!-- Only allow socket-credentials-based authentication -->
  <auth>EXTERNAL</auth>

  <!-- Only listen on a local socket. (abstract=/path/to/socket 
       means use abstract namespace, don't really create filesystem 
       file; only Linux supports this. Use path=/whatever on other 
       systems.) -->
  <listen>unix:path=/dev/socket/dbus</listen>

  <policy context="default">
    <!-- Deny everything then punch holes -->
    <deny send_interface="*"/>
    <deny receive_interface="*"/>
    <deny own="*"/>
    <!-- But allow all users to connect -->
    <allow user="*"/>
    <!-- Allow anyone to talk to the message bus -->
    <!-- FIXME I think currently these allow rules are always implicit 
         even if they aren't in here -->
    <allow send_destination="org.freedesktop.DBus"/>
    <allow receive_sender="org.freedesktop.DBus"/>
    <!-- valid replies are always allowed -->
    <allow send_requested_reply="true"/>
    <allow receive_requested_reply="true"/>
  </policy>


  <!-- Now punch holes for bluetooth -->

  <policy context="default">
    <allow own="*"/>
    <allow user="*"/>
    <allow send_destination="org.bluez.PasskeyAgent"/>
    <allow receive_sender="org.bluez.PasskeyAgent"/>
    <allow send_path="/org/bluez/PasskeyAgent"/>
  </policy>

  <policy user="root">
    <allow own="org.bluez"/>
  </policy>

  <policy at_console="true">
    <allow send_destination="org.bluez.Adapter"/>
    <allow receive_sender="org.bluez.Adapter"/>

    <allow send_path="/org/bluez/Adapter"/>

    <allow send_destination="org.bluez.Manager"/>
    <allow receive_sender="org.bluez.Manager"/>

    <allow send_path="/org/bluez/Manager"/>

    <allow send_destination="org.bluez.Security"/>
    <allow receive_sender="org.bluez.Security"/>
  </policy>

</busconfig>