diff options
| -rwxr-xr-x | src/bluetooth.conf | 57 |
1 files changed, 8 insertions, 49 deletions
diff --git a/src/bluetooth.conf b/src/bluetooth.conf index 5dc191fd..57de1d21 100755 --- a/src/bluetooth.conf +++ b/src/bluetooth.conf @@ -1,95 +1,54 @@ -<!-- This configuration file specifies the required security policies - for Bluetooth core daemon to work. --> - <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> - <!-- ../system.conf have denied everything, so we just punch some holes --> - <policy user="root"> <allow own="org.bluez.frwk_agent"/> - <allow receive_sender="org.bluez.frwk_agent"/> <allow send_destination="org.bluez.frwk_agent"/> <allow own="org.bluez"/> - <allow receive_sender="org.bluez"/> <allow send_destination="org.bluez"/> </policy> - <!-- allow users of bt_use group (Tizen BT group) to communicate with bluetoothd --> <policy group="bt_use"> - <allow receive_sender="org.bluez.frwk_agent"/> <allow send_destination="org.bluez.frwk_agent"/> - <allow receive_sender="org.bluez"/> <allow send_destination="org.bluez"/> </policy> - <!-- allow users of lp group (printing subsystem) to communicate with bluetoothd --> <policy group="lp"> - <allow receive_sender="org.bluez.frwk_agent"/> <allow send_destination="org.bluez.frwk_agent"/> - <allow receive_sender="org.bluez"/> <allow send_destination="org.bluez"/> </policy> - <policy group="network_fw"> <allow own="org.bluez.frwk_agent"/> - <allow receive_sender="org.bluez.frwk_agent"/> <allow send_destination="org.bluez.frwk_agent"/> <allow own="org.bluez"/> - <allow receive_sender="org.bluez"/> <allow send_destination="org.bluez"/> </policy> - <policy context="default"> + <deny own="org.bluez"/> + <deny send_destination="org.bluez"/> <deny own="org.bluez.frwk_agent"/> - <allow receive_sender="org.bluez.frwk_agent"/> - <deny send_destination="org.bluez" send_interface="org.bluez.frwk_agent"/> - <deny own="org.bluez.Agent1"/> - <allow receive_sender="org.bluez.Agent1"/> - <deny send_destination="org.bluez" send_interface="org.bluez.Agent1"/> - <deny own="org.bluez.Manager"/> - <allow receive_sender="org.bluez.Manager"/> - <deny send_destination="org.bluez" send_interface="org.bluez.Manager"/> - <deny own="org.bluez.MediaEndpoint1"/> - <allow receive_sender="org.bluez.MediaEndpoint1"/> - <deny send_destination="org.bluez" send_interface="org.bluez.MediaEndpoint1"/> - <deny own="org.bluez.MediaTransport1"/> - <allow receive_sender="org.bluez.MediaTransport1"/> - <deny send_destination="org.bluez" send_interface="org.bluez.MediaTransport1"/> - <deny own="org.bluez.MediaPlayer1"/> - <allow receive_sender="org.bluez.MediaPlayer1"/> - <deny send_destination="org.bluez" send_interface="org.bluez.MediaPlayer1"/> - <deny own="org.bluez.Profile1"/> - <allow receive_sender="org.bluez.Profile1"/> - <deny send_destination="org.bluez" send_interface="org.bluez.Profile1"/> + <deny send_destination="org.bluez.frwk_agent"/> + <allow send_destination="org.bluez" send_interface="org.freedesktop.DBus.Properties" send_member="Get"/> <allow send_destination="org.bluez" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll"/> <allow send_destination="org.bluez" send_interface="org.freedesktop.DBus.ObjectManager" send_member="DefaultAdapter"/> <allow send_destination="org.bluez" send_interface="org.freedesktop.DBus.ObjectManager" send_member="GetManagedObjects"/> - <deny own="org.bluez.Adapter1"/> - <allow receive_sender="org.bluez.Adapter1"/> - <deny send_destination="org.bluez" send_interface="org.bluez.Adapter1"/> + <check send_destination="org.bluez" send_interface="org.bluez.Adapter1" send_member="CreateDevice" privilege="http://tizen.org/privilege/bluetooth"/> - <deny own="org.bluez.Device1"/> - <allow receive_sender="org.bluez.Device1"/> - <deny send_destination="org.bluez" send_interface="org.bluez.Device1"/> + <allow send_destination="org.bluez" send_interface="org.bluez.Device1" send_member="DiscoverServices"/> <check send_destination="org.bluez" send_interface="org.bluez.Device1" send_member="ConnectProfile" privilege="http://tizen.org/privilege/bluetooth"/> <check send_destination="org.bluez" send_interface="org.bluez.Device1" send_member="DisconnectProfile" privilege="http://tizen.org/privilege/bluetooth"/> <check send_destination="org.bluez" send_interface="org.bluez.Device1" send_member="DisconnectExtProfile" privilege="http://tizen.org/privilege/bluetooth"/> <check send_destination="org.bluez" send_interface="org.bluez.Device1" send_member="CancelDiscovery" privilege="http://tizen.org/privilege/bluetooth"/> - <deny own="org.bluez.GattManager1"/> - <allow receive_sender="org.bluez.GattManager1"/> - <deny send_destination="org.bluez" send_interface="org.bluez.GattManager1"/> + <allow send_destination="org.bluez" send_interface="org.bluez.GattManager1" send_member="GetService"/> <check send_destination="org.bluez" send_interface="org.bluez.GattManager1" send_member="RegisterApplication" privilege="http://tizen.org/privilege/bluetooth"/> <check send_destination="org.bluez" send_interface="org.bluez.GattManager1" send_member="UnregisterApplication" privilege="http://tizen.org/privilege/bluetooth"/> - <deny own="org.bluez.ProfileManager1"/> - <allow receive_sender="org.bluez.ProfileManager1"/> - <deny send_destination="org.bluez" send_interface="org.bluez.ProfileManager1"/> + <check send_destination="org.bluez" send_interface="org.bluez.ProfileManager1" send_member="RegisterProfile" privilege="http://tizen.org/privilege/bluetooth"/> <check send_destination="org.bluez" send_interface="org.bluez.ProfileManager1" send_member="RegisterProfile1" privilege="http://tizen.org/privilege/bluetooth.admin"/> <check send_destination="org.bluez" send_interface="org.bluez.ProfileManager1" send_member="RegisterProfile2" privilege="http://tizen.org/privilege/bluetooth.admin"/> |