diff options
| author | dh79pyun <dh79.pyun@samsung.com> | 2021-11-11 08:04:00 +0900 |
|---|---|---|
| committer | dh79pyun <dh79.pyun@samsung.com> | 2021-11-11 11:00:30 +0900 |
| commit | d5fa0e96285914e4621ac6fe902f4e56e8693f74 (patch) | |
| tree | 3dd1f6bfed6eed8be68d1df5ad36c471fa813582 | |
| parent | 97aac4467504486f88981b583f445ececf121027 (diff) | |
| download | bluez-d5fa0e96285914e4621ac6fe902f4e56e8693f74.tar.gz bluez-d5fa0e96285914e4621ac6fe902f4e56e8693f74.tar.bz2 bluez-d5fa0e96285914e4621ac6fe902f4e56e8693f74.zip | |
Modify the dbus policy for robot profilesubmit/tizen_6.5/20211111.022315submit/tizen/20211114.231048accepted/tizen/6.5/unified/20211111.224620
Change-Id: I16389887221197cd24b1e84445090077d4e4cee6
Signed-off-by: dh79pyun <dh79.pyun@samsung.com>
| -rwxr-xr-x | packaging/bluez.spec | 8 | ||||
| -rwxr-xr-x | src/bluetooth_robot.conf | 59 |
2 files changed, 66 insertions, 1 deletions
diff --git a/packaging/bluez.spec b/packaging/bluez.spec index 69e589f0..e2cc767f 100755 --- a/packaging/bluez.spec +++ b/packaging/bluez.spec @@ -384,6 +384,7 @@ install -D -m 0644 src/main_robot.conf %{buildroot}%{_sysconfdir}/bluetooth/main #install -D -m 0644 src/org.bluez.service %{buildroot}%{_datadir}/dbus-1/system-services/org.bluez.service install -D -m 0644 src/bluetooth.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/bluetooth.conf +install -D -m 0644 src/bluetooth_robot.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/bluetooth_robot.conf #install -D -m 0644 profiles/audio/audio.conf %{buildroot}%{_sysconfdir}/bluetooth/audio.conf #install -D -m 0644 profiles/network/network.conf %{buildroot}%{_sysconfdir}/bluetooth/network.conf @@ -432,7 +433,6 @@ popd #%{_sysconfdir}/bluetooth/audio.conf #%{_sysconfdir}/bluetooth/network.conf #%{_sysconfdir}/bluetooth/rfcomm.conf -%{_sysconfdir}/dbus-1/system.d/bluetooth.conf #%{_datadir}/man/*/* %attr(750, network_fw, network_fw)%{_bindir}/hcitool %{_bindir}/l2ping @@ -527,15 +527,18 @@ rm %{_sysconfdir}/bluetooth/main.conf %files profile_wearable %manifest %{name}.manifest %{_sysconfdir}/bluetooth/main.conf.wearable +%{_sysconfdir}/dbus-1/system.d/bluetooth.conf %files profile_tv %manifest %{name}.manifest %{_sysconfdir}/bluetooth/main.conf %exclude %{_datadir}/dbus-1/system-services/org.bluez.service +%{_sysconfdir}/dbus-1/system.d/bluetooth.conf %files profile_common %manifest %{name}.manifest %{_sysconfdir}/bluetooth/main.conf +%{_sysconfdir}/dbus-1/system.d/bluetooth.conf %post plugin-headless ln -sf main.conf.headless %{_sysconfdir}/bluetooth/main.conf @@ -555,10 +558,13 @@ rm %{_sysconfdir}/bluetooth/main.conf %post plugin-robot ln -sf main.conf.robot %{_sysconfdir}/bluetooth/main.conf +mv %{_sysconfdir}/dbus-1/system.d/bluetooth_robot.conf %{_sysconfdir}/dbus-1/system.d/bluetooth.conf %preun plugin-robot rm %{_sysconfdir}/bluetooth/main.conf %files plugin-robot %manifest %{name}.manifest %{_sysconfdir}/bluetooth/main.conf.robot +%{_sysconfdir}/dbus-1/system.d/bluetooth_robot.conf + %changelog diff --git a/src/bluetooth_robot.conf b/src/bluetooth_robot.conf new file mode 100755 index 00000000..7e8cf21b --- /dev/null +++ b/src/bluetooth_robot.conf @@ -0,0 +1,59 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <!-- ../system.conf have denied everything, so we just punch some holes --> + <policy user="root"> + <allow own="org.bluez.frwk_agent"/> + <allow send_destination="org.bluez.frwk_agent"/> + <allow own="org.bluez"/> + <allow send_destination="org.bluez"/> + </policy> + <!-- allow users of bt_use group (Tizen BT group) to + communicate with bluetoothd --> + <policy group="bt_use"> + <allow send_destination="org.bluez.frwk_agent"/> + <allow send_destination="org.bluez"/> + </policy> + <!-- allow users of lp group (printing subsystem) to + communicate with bluetoothd --> + <policy group="lp"> + <allow send_destination="org.bluez.frwk_agent"/> + <allow send_destination="org.bluez"/> + </policy> + <policy group="network_fw"> + <allow own="org.bluez.frwk_agent"/> + <allow send_destination="org.bluez.frwk_agent"/> + <allow own="org.bluez"/> + <allow send_destination="org.bluez"/> + </policy> + <policy context="default"> + <deny own="org.bluez"/> + <deny send_destination="org.bluez"/> + <deny own="org.bluez.frwk_agent"/> + <deny send_destination="org.bluez.frwk_agent"/> + + <allow send_destination="org.bluez" send_interface="org.freedesktop.DBus.Properties" send_member="Get"/> + <allow send_destination="org.bluez" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll"/> + <allow send_destination="org.bluez" send_interface="org.freedesktop.DBus.ObjectManager" send_member="DefaultAdapter"/> + <allow send_destination="org.bluez" send_interface="org.freedesktop.DBus.ObjectManager" send_member="GetManagedObjects"/> + + <check send_destination="org.bluez" send_interface="org.bluez.Adapter1" send_member="CreateDevice" privilege="http://tizen.org/privilege/bluetooth"/> + + <allow send_destination="org.bluez" send_interface="org.bluez.Device1" send_member="DiscoverServices"/> + <check send_destination="org.bluez" send_interface="org.bluez.Device1" send_member="ConnectProfile" privilege="http://tizen.org/privilege/bluetooth"/> + <check send_destination="org.bluez" send_interface="org.bluez.Device1" send_member="DisconnectProfile" privilege="http://tizen.org/privilege/bluetooth"/> + <check send_destination="org.bluez" send_interface="org.bluez.Device1" send_member="DisconnectExtProfile" privilege="http://tizen.org/privilege/bluetooth"/> + <check send_destination="org.bluez" send_interface="org.bluez.Device1" send_member="CancelDiscovery" privilege="http://tizen.org/privilege/bluetooth"/> + + <allow send_destination="org.bluez" send_interface="org.bluez.GattManager1" send_member="GetService"/> + <check send_destination="org.bluez" send_interface="org.bluez.GattManager1" send_member="RegisterApplication" privilege="http://tizen.org/privilege/bluetooth"/> + <check send_destination="org.bluez" send_interface="org.bluez.GattManager1" send_member="UnregisterApplication" privilege="http://tizen.org/privilege/bluetooth"/> + + <allow send_destination="org.bluez" send_interface="org.bluez.ProfileManager1" send_member="RegisterProfile"/> + <allow send_destination="org.bluez" send_interface="org.bluez.ProfileManager1" send_member="RegisterProfile1"/> + <allow send_destination="org.bluez" send_interface="org.bluez.ProfileManager1" send_member="RegisterProfile2"/> + <allow send_destination="org.bluez" send_interface="org.bluez.ProfileManager1" send_member="UnregisterProfile"/> + + <check send_destination="org.bluez" send_interface="org.bluez.Input1" send_member="GetFD" privilege="http://tizen.org/privilege/bluetooth"/> + </policy> +</busconfig> |