diff options
| author | DoHyun Pyun <dh79.pyun@samsung.com> | 2020-06-05 13:53:20 +0900 |
|---|---|---|
| committer | DoHyun Pyun <dh79.pyun@samsung.com> | 2020-06-05 13:53:20 +0900 |
| commit | 57a240cb14631c2cde69a1c74a813451ee661872 (patch) | |
| tree | 0fa4c8cba1d74e6146e3a99565ee62b79fbfa7a5 | |
| parent | 94327e22e2a4d4f47159b541df600084b61e6159 (diff) | |
| download | bluez-57a240cb14631c2cde69a1c74a813451ee661872.tar.gz bluez-57a240cb14631c2cde69a1c74a813451ee661872.tar.bz2 bluez-57a240cb14631c2cde69a1c74a813451ee661872.zip | |
Modify the security option for bluetooth-meshdsubmit/tizen/20200608.075218accepted/tizen/unified/20200610.015556
Change-Id: I8452eb5b07daa57c60f6bdbdb251781a6855058a
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
| -rw-r--r-- | mesh/bluetooth-mesh.conf | 14 | ||||
| -rw-r--r-- | mesh/bluetooth-mesh.service.in | 15 | ||||
| -rwxr-xr-x | packaging/bluez.spec | 5 |
3 files changed, 24 insertions, 10 deletions
diff --git a/mesh/bluetooth-mesh.conf b/mesh/bluetooth-mesh.conf index 678ce756..a37b207b 100644 --- a/mesh/bluetooth-mesh.conf +++ b/mesh/bluetooth-mesh.conf @@ -18,8 +18,20 @@ <allow send_interface="org.freedesktop.DBus.ObjectManager"/> </policy> - <policy context="default"> + <policy user="network_fw"> + <allow own="org.bluez.mesh"/> <allow send_destination="org.bluez.mesh"/> + <allow send_interface="org.bluez.mesh.Application1"/> + <allow send_interface="org.bluez.mesh.Element1"/> + <allow send_interface="org.bluez.mesh.ProvisionAgent1"/> + <allow send_interface="org.bluez.mesh.Provisioner1"/> + <allow send_interface="org.freedesktop.DBus.Properties"/> + <allow send_interface="org.freedesktop.DBus.ObjectManager"/> + </policy> + + <policy context="default"> + <deny own="org.bluez.mesh"/> + <deny send_destination="org.bluez.mesh"/> </policy> </busconfig> diff --git a/mesh/bluetooth-mesh.service.in b/mesh/bluetooth-mesh.service.in index c8afbf53..c2585efc 100644 --- a/mesh/bluetooth-mesh.service.in +++ b/mesh/bluetooth-mesh.service.in @@ -1,18 +1,17 @@ [Unit] Description=Bluetooth mesh service -ConditionPathIsDirectory=/sys/class/bluetooth [Service] +User=network_fw +Group=network_fw Type=dbus BusName=org.bluez.mesh -ExecStart=@pkglibexecdir@/bluetooth-meshd +ExecStart=@pkglibexecdir@/bluetooth-meshd --nodetach --debug +Capabilities=cap_net_admin,cap_net_bind_service,cap_dac_override=eip +SecureBits=keep-caps +SmackProcessLabel=System +KillMode=process NotifyAccess=main -LimitNPROC=1 -ProtectHome=true -ProtectSystem=full -Restart=on-failure -RestartSec=5s [Install] -WantedBy=bluetooth.target Alias=dbus-org.bluez.mesh.service diff --git a/packaging/bluez.spec b/packaging/bluez.spec index c031948c..cae99558 100755 --- a/packaging/bluez.spec +++ b/packaging/bluez.spec @@ -417,6 +417,8 @@ install -D -m 0755 attrib/gatttool $RPM_BUILD_ROOT/%{_bindir}/ install -D -m 0755 tools/meshctl $RPM_BUILD_ROOT/%{_bindir}/ install -D -m 0755 tools/mesh-cfgclient $RPM_BUILD_ROOT/%{_bindir}/ +# mesh conf +install -D -m 0644 mesh/mesh-main.conf %{buildroot}%{_sysconfdir}/bluetooth/mesh-main.conf install -D -m 0755 tools/obexctl %{buildroot}%{_bindir}/obexctl @@ -502,8 +504,9 @@ popd %{_sysconfdir}/dbus-1/system.d/bluetooth-mesh.conf %attr(755, network_fw, network_fw)%{_libexecdir}/bluetooth/bluetooth-meshd %{_libpath}/systemd/system/bluetooth-mesh.service -%{_datadir}/dbus-1/system-services/org.bluez.mesh.service +%exclude %{_datadir}/dbus-1/system-services/org.bluez.mesh.service %exclude /usr/lib/debug/* +%{_sysconfdir}/bluetooth/mesh-main.conf %files devel %manifest %{name}.manifest |