[PATCH] More lenient D-Bus policy
Zeeshan Ali Khattak
zeeshanak
Sat May 24 09:11:26 PDT 2014
It doesn't make sense to deny all non-root users access to all D-Bus API.
Lets at least give everyone the ability to receive signals, read
properties and introspect.
Signed-off-by: Zeeshan Ali (Khattak) <zeeshanak at gnome.org>
---
wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
index c091234..06c9515 100644
--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
@@ -23,5 +23,22 @@
<deny send_destination="fi.w1.wpa_supplicant1"/>
<deny send_interface="fi.w1.wpa_supplicant1"/>
<deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+
+ <!-- Allow receiving signals -->
+ <allow receive_sender="fi.w1.wpa_supplicant1"
+ receive_type="signal"/>
+
+ <!-- Allow reading properties -->
+ <allow send_destination="fi.w1.wpa_supplicant1"
+ send_interface="org.freedesktop.DBus.Properties"
+ send_member="Get"/>
+
+ <allow send_destination="fi.w1.wpa_supplicant1"
+ send_interface="org.freedesktop.DBus.Properties"
+ send_member="GetAll"/>
+
+ <!-- Allow full access to introspection -->
+ <allow send_destination="fi.w1.wpa_supplicant1"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
</policy>
</busconfig>
--
1.9.0
More information about the Hostap
mailing list