summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsanghyeok.oh <sanghyeok.oh@samsung.com>2017-08-08 17:47:37 +0900
committersanghyeok oh <sanghyeok.oh@samsung.com>2017-08-08 09:02:58 +0000
commit384e79144c6a37a58025819b95c48853d41e9681 (patch)
tree0a9f8cb60124aa2ebd0b39f3b8f2d1b26b885e03
parentfd3573b27dcecd10afaaabada6892a0e65974e44 (diff)
downloadconnman-384e79144c6a37a58025819b95c48853d41e9681.tar.gz
connman-384e79144c6a37a58025819b95c48853d41e9681.tar.bz2
connman-384e79144c6a37a58025819b95c48853d41e9681.zip
dbus: modify dbus policy configuration
<allow send_type="signal"/> can affect every other process(uid root or network_fw), This can cause abnormal behavior against other dbus services. So, remove this rule from dbus conf. Sending signal to net.connman is allowed by this rule, '<allow send_destination="net.connman"/>' After all, there are no behavior changes. Change-Id: I7668deeaa33ae14181c64d0a85a049fa2387657b Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
-rw-r--r--src/connman.conf6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/connman.conf b/src/connman.conf
index f3bde768..0b6b77f9 100644
--- a/src/connman.conf
+++ b/src/connman.conf
@@ -4,14 +4,16 @@
<policy user="root">
<allow own="net.connman"/>
<allow send_destination="net.connman"/>
- <allow send_type="signal"/>
</policy>
<policy user="network_fw">
<allow own="net.connman"/>
<allow send_destination="net.connman"/>
- <allow send_type="signal"/>
</policy>
<policy context="default">
+ <deny own="net.connman"/>
+ <deny send_destination="net.connman"/>
+ <allow send_destination="net.connman" send_type="signal"/>
+
<check send_destination="net.connman" send_interface="net.connman.Manager" send_member="GetTechnologies" privilege="http://tizen.org/privilege/network.get" />
<check send_destination="net.connman" send_interface="net.connman.Manager" send_member="GetProperties" privilege="http://tizen.org/privilege/network.get" />
<check send_destination="net.connman" send_interface="net.connman.Manager" send_member="GetServices" privilege="http://tizen.org/privilege/network.get" />