From: Inga Stotland <inga.stotland@intel.com>
To: linux-bluetooth@vger.kernel.org
Cc: luiz.von.dentz@intel.com, marcel@holtmann.org,
brian.gix@intel.com, Inga Stotland <inga.stotland@intel.com>
Subject: [PATCH BlueZ v2 2/2] mesh: Add D-Bus policy for Bluetooth mesh daemon
Date: Fri, 18 Jan 2019 19:58:37 -0800 [thread overview]
Message-ID: <20190119035837.6053-3-inga.stotland@intel.com> (raw)
In-Reply-To: <20190119035837.6053-1-inga.stotland@intel.com>
This adds new D-Bus policy file bluetooth-mesh.conf
---
Makefile.mesh | 6 ++++++
mesh/bluetooth-mesh.conf | 22 ++++++++++++++++++++++
2 files changed, 28 insertions(+)
create mode 100644 mesh/bluetooth-mesh.conf
diff --git a/Makefile.mesh b/Makefile.mesh
index 66854e0bf..28c87a061 100644
--- a/Makefile.mesh
+++ b/Makefile.mesh
@@ -1,5 +1,9 @@
if MESH
+if DATAFILES
+dbus_DATA += mesh/bluetooth-mesh.conf
+endif
+
mesh_sources = mesh/mesh.h mesh/mesh.c \
mesh/net_keys.h mesh/net_keys.c \
mesh/mesh-io.h mesh/mesh-io.c \
@@ -27,4 +31,6 @@ libexec_PROGRAMS += mesh/bluetooth-meshd
mesh_bluetooth_meshd_SOURCES = $(mesh_sources) mesh/main.c
mesh_bluetooth_meshd_LDADD = src/libshared-ell.la $(ell_ldadd) -ljson-c
mesh_bluetooth_meshd_DEPENDENCIES = $(ell_dependencies) src/libshared-ell.la
+
+EXTRA_DIST += mesh/bluetooth-mesh.conf
endif
diff --git a/mesh/bluetooth-mesh.conf b/mesh/bluetooth-mesh.conf
new file mode 100644
index 000000000..28be7c649
--- /dev/null
+++ b/mesh/bluetooth-mesh.conf
@@ -0,0 +1,22 @@
+<!-- This configuration file specifies the required security policies
+ for Bluetooth mesh daemon to work. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+ <!-- ../system.conf have denied everything, so we just punch some holes -->
+
+ <policy user="root">
+ <allow own="org.bluez.mesh"/>
+ <allow send_destination="org.bluez.mesh"/>
+ <allow send_interface="org.bluez.mesh.Application1"/>
+ <allow send_interface="org.bluez.mesh.Element1"/>
+ <allow send_interface="org.bluez.mesh.ProvisionAgent1"/>
+ </policy>
+
+ <policy context="default">
+ <allow send_destination="org.bluez.mesh"/>
+ </policy>
+
+</busconfig>
--
2.17.2
next prev parent reply other threads:[~2019-01-19 3:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-19 3:58 [PATCH BlueZ v2 0/2] Updated mesh D-Bus policy patch Inga Stotland
2019-01-19 3:58 ` [PATCH BlueZ v2 1/2] mesh: Rename mesh daemon executable to bluetooth-meshd Inga Stotland
2019-01-19 3:58 ` Inga Stotland [this message]
2019-02-04 20:12 ` [PATCH BlueZ v2 0/2] Updated mesh D-Bus policy patch Gix, Brian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190119035837.6053-3-inga.stotland@intel.com \
--to=inga.stotland@intel.com \
--cc=brian.gix@intel.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=luiz.von.dentz@intel.com \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).