[PATCH] More lenient D-Bus policy

Zeeshan Ali Khattak zeeshanak
Sun May 25 04:04:24 PDT 2014

On Sun, May 25, 2014 at 11:10 AM, Zeeshan Ali (Khattak)
<zeeshanak at gnome.org> wrote:
> On Sun, May 25, 2014 at 7:46 AM, Johannes Berg
> <johannes at sipsolutions.net> wrote:
>> On Sat, 2014-05-24 at 17:11 +0100, Zeeshan Ali (Khattak) wrote:
>>> It doesn't make sense to deny all non-root users access to all D-Bus API.
>>> Lets at least give everyone the ability to receive signals, read
>>> properties and introspect.
>> Introspect seems fine, but signals and properties might contain private
>> data like wifi keys?
> Thats a fair point. I see that the following interfaces don't have any
> private data so I'll provide a v2 of this patch with only granting
> access to them:
> fi.w1.wpa_supplicant1
> fi.w1.wpa_supplicant1.Interface
> fi.w1.wpa_supplicant1.BSS

Oh, actually that is not possible for properties as the interface for
them is org.freedesktop.DBus.Properties.

I'm afraid you'll have to do all properties access control from the
code instead. I can still provide a patch that only gives access to
signals on the above objects and I can even make it more specific if
we want that?


Zeeshan Ali (Khattak)
Befriend GNOME: http://www.gnome.org/friends/

More information about the Hostap mailing list