blob: 8742345eb52259f477184545a29d05b054cc7bbb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- Our well-known bus type, do not change this -->
<type>system</type>
<!-- Fork into daemon mode -->
<fork/>
<!-- Only allow socket-credentials-based authentication -->
<auth>EXTERNAL</auth>
<!-- Only listen on a local socket. (abstract=/path/to/socket
means use abstract namespace, don't really create filesystem
file; only Linux supports this. Use path=/whatever on other
systems.) -->
<listen>unix:path=/dev/socket/dbus</listen>
<policy context="default">
<!-- Deny everything then punch holes -->
<deny send_interface="*"/>
<deny receive_interface="*"/>
<deny own="*"/>
<!-- But allow all users to connect -->
<allow user="*"/>
<!-- Allow anyone to talk to the message bus -->
<!-- FIXME I think currently these allow rules are always implicit
even if they aren't in here -->
<allow send_destination="org.freedesktop.DBus"/>
<allow receive_sender="org.freedesktop.DBus"/>
<!-- valid replies are always allowed -->
<allow send_requested_reply="true"/>
<allow receive_requested_reply="true"/>
</policy>
<!-- Now punch holes for bluetooth -->
<policy context="default">
<allow own="*"/>
<allow user="*"/>
<allow send_destination="org.bluez.PasskeyAgent"/>
<allow receive_sender="org.bluez.PasskeyAgent"/>
<allow send_path="/org/bluez/PasskeyAgent"/>
</policy>
<policy user="root">
<allow own="org.bluez"/>
</policy>
<policy at_console="true">
<allow send_destination="org.bluez.Adapter"/>
<allow receive_sender="org.bluez.Adapter"/>
<allow send_path="/org/bluez/Adapter"/>
<allow send_destination="org.bluez.Manager"/>
<allow receive_sender="org.bluez.Manager"/>
<allow send_path="/org/bluez/Manager"/>
<allow send_destination="org.bluez.Security"/>
<allow receive_sender="org.bluez.Security"/>
</policy>
</busconfig>
|