Introduce dbus config of services

The files conf/dbus/afm-permissions-*.conf are introduced to grant the permission to access specific services. At the moment the same permission is used: http://tizen.org/privilege/internal/dbus But the idea is to replace it by a set of different permissions. Bug-AGL: SPEC-1016 Change-Id: Ide54e7fd9ae328ff17a877e4ec04b18ad32fb899 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
author: José Bollo <jose.bollo@iot.bzh> 2019-06-04 13:20:34 +0200
committer: José Bollo <jose.bollo@iot.bzh> 2019-06-14 11:17:52 +0200
commit: 3284913fccd1a8b6e9993eb9676d8d28f02c2151 (patch)
tree: 919b9c6b44135875f1ada854362674d54565c293
parent: ce5c20d2fa7e9c3e08c97643c77c7647bef79cd5 (diff)
4 files changed, 118 insertions, 0 deletions
diff --git a/conf/CMakeLists.txt b/conf/CMakeLists.txt
index 47fe4ec..11b2beb 100644
--- a/conf/CMakeLists.txt
+++ b/conf/CMakeLists.txt
@@ -19,4 +19,5 @@
 add_subdirectory(unit)
 add_subdirectory(system)
 add_subdirectory(user)
+add_subdirectory(dbus)
 
diff --git a/conf/dbus/CMakeLists.txt b/conf/dbus/CMakeLists.txt
new file mode 100644
index 0000000..9946595
--- /dev/null
+++ b/conf/dbus/CMakeLists.txt
@@ -0,0 +1,28 @@
+###########################################################################
+# Copyright (C) 2015-2019 IoT.bzh
+#
+# author: José Bollo <jose.bollo@iot.bzh>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###########################################################################
+
+cmake_minimum_required(VERSION 2.8)
+
+if(NOT USE_SDK)
+	set(SYSCONFDIR_DBUS_SYSTEM ${CMAKE_INSTALL_SYSCONFDIR}/dbus-1/system.d CACHE STRING "Path to dbus system configuration files")
+	set(SYSCONFDIR_DBUS_SESSION ${CMAKE_INSTALL_SYSCONFDIR}/dbus-1/session.d CACHE STRING "Path to dbus system configuration files")
+
+	install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/afm-permissions-system.conf    DESTINATION ${SYSCONFDIR_DBUS_SYSTEM})
+	install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/afm-permissions-session.conf   DESTINATION ${SYSCONFDIR_DBUS_SESSION})
+endif()
+
diff --git a/conf/dbus/afm-permissions-session.conf b/conf/dbus/afm-permissions-session.conf
new file mode 100644
index 0000000..5dbfe2d
--- /dev/null
+++ b/conf/dbus/afm-permissions-session.conf
@@ -0,0 +1,31 @@
+<?xml version="1.0"?>
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<!--
+ This file is part of afm-main
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<busconfig>
+  <policy at_console="false">
+
+    <!-- any -->
+    <check send_destination="*" privilege="http://tizen.org/privilege/internal/dbus"/>
+    <check receive_sender="*" privilege="http://tizen.org/privilege/internal/dbus"/>
+
+  </policy>
+</busconfig>
+
+
diff --git a/conf/dbus/afm-permissions-system.conf b/conf/dbus/afm-permissions-system.conf
new file mode 100644
index 0000000..30f9a8f
--- /dev/null
+++ b/conf/dbus/afm-permissions-system.conf
@@ -0,0 +1,58 @@
+<?xml version="1.0"?>
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<!--
+ This file is part of afm-main
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<busconfig>
+  <policy at_console="false">
+
+    <!-- any -->
+    <check send_destination="*" privilege="http://tizen.org/privilege/internal/dbus"/>
+    <check receive_sender="*" privilege="http://tizen.org/privilege/internal/dbus"/>
+
+    <!-- org.bluez -->
+    <check send_destination="org.bluez" privilege="http://tizen.org/privilege/internal/dbus"/>
+    <check receive_sender="org.bluez"   privilege="http://tizen.org/privilege/internal/dbus"/>
+
+    <!-- fi.w1.wpa_supplicant1 -->
+    <check send_destination="fi.w1.wpa_supplicant1" privilege="http://tizen.org/privilege/internal/dbus"/>
+    <check receive_sender="fi.w1.wpa_supplicant1"   privilege="http://tizen.org/privilege/internal/dbus"/>
+
+    <!-- org.ofono -->
+    <check send_destination="org.ofono" privilege="http://tizen.org/privilege/internal/dbus"/>
+    <check receive_sender="org.ofono"   privilege="http://tizen.org/privilege/internal/dbus"/>
+
+    <!-- org.freedesktop.GeoClue2 -->
+    <check send_destination="org.freedesktop.GeoClue2" privilege="http://tizen.org/privilege/internal/dbus"/>
+    <check receive_sender="org.freedesktop.GeoClue2"   privilege="http://tizen.org/privilege/internal/dbus"/>
+
+    <!-- org.neard -->
+    <check send_destination="org.neard" privilege="http://tizen.org/privilege/internal/dbus"/>
+    <check receive_sender="org.neard"   privilege="http://tizen.org/privilege/internal/dbus"/>
+
+    <!-- org.neardal -->
+    <check send_destination="org.neardal" privilege="http://tizen.org/privilege/internal/dbus"/>
+    <check receive_sender="org.neardal"   privilege="http://tizen.org/privilege/internal/dbus"/>
+
+    <!-- net.connman -->
+    <check send_destination="net.connman" privilege="http://tizen.org/privilege/internal/dbus"/>
+    <check receive_sender="net.connman" privilege="http://tizen.org/privilege/internal/dbus"/>
+  </policy>
+</busconfig>
+
+
author	José Bollo <jose.bollo@iot.bzh>	2019-06-04 13:20:34 +0200
committer	José Bollo <jose.bollo@iot.bzh>	2019-06-14 11:17:52 +0200
commit	3284913fccd1a8b6e9993eb9676d8d28f02c2151 (patch)
tree	919b9c6b44135875f1ada854362674d54565c293
parent	ce5c20d2fa7e9c3e08c97643c77c7647bef79cd5 (diff)