Add D-Bus access configuration file

diff --git a/src/Makefile.am b/src/Makefile.am
index 2b1f677..9394aa9 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,4 +1,10 @@
 
+if DATAFILES
+dbusdir = @DBUS_DATADIR@
+
+dbus_DATA = ofono.conf
+endif
+
 sbin_PROGRAMS = ofonod
 
 ofonod_SOURCES = main.c ofono.h log.c plugin.c
@@ -22,6 +28,8 @@ AM_CFLAGS = @GTHREAD_CFLAGS@ @GLIB_CFLAGS@ @GDBUS_CFLAGS@ \
 
 INCLUDES = -I$(top_builddir)/include
 
+EXTRA_DIST = ofono.conf
+
 MAINTAINERCLEANFILES = Makefile.in
 
 ofono.exp: $(ofonod_OBJECTS)

diff --git a/src/ofono.conf b/src/ofono.conf
new file mode 100644 (file)
index 0000000..610f601
--- /dev/null
+++ b/src/ofono.conf
@@ -0,0 +1,23 @@
+<!-- This configuration file specifies the required security policies
+     for oFono core daemon to work. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <!-- ../system.conf have denied everything, so we just punch some holes -->
+
+  <policy user="root">
+    <allow own="org.ofono"/>
+    <allow send_destination="org.ofono"/>
+  </policy>
+
+  <policy at_console="true">
+    <allow send_destination="org.ofono"/>
+  </policy>
+
+  <policy context="default">
+    <deny send_destination="org.ofono"/>
+  </policy>
+
+</busconfig>