dbus: modify dbus policy configuration

<allow send_type="signal"/> can affect every other process(uid root or network_fw),
This can cause abnormal behavior against other dbus services.

So, remove this rule from dbus conf.

Sending signal to net.connman is allowed by this rule,
'<allow send_destination="net.connman"/>'

After all, there are no behavior changes.

Change-Id: I7668deeaa33ae14181c64d0a85a049fa2387657b
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>

diff --git a/src/connman.conf b/src/connman.conf
index f3bde76..0b6b77f 100644 (file)
--- a/src/connman.conf
+++ b/src/connman.conf
@@ -4,14 +4,16 @@
        <policy user="root">
                <allow own="net.connman"/>
                <allow send_destination="net.connman"/>
-               <allow send_type="signal"/>
        </policy>
        <policy user="network_fw">
                <allow own="net.connman"/>
                <allow send_destination="net.connman"/>
-               <allow send_type="signal"/>
        </policy>
        <policy context="default">
+               <deny own="net.connman"/>
+               <deny send_destination="net.connman"/>
+               <allow send_destination="net.connman" send_type="signal"/>
+
                <check send_destination="net.connman" send_interface="net.connman.Manager" send_member="GetTechnologies" privilege="http://tizen.org/privilege/network.get" />
                <check send_destination="net.connman" send_interface="net.connman.Manager" send_member="GetProperties" privilege="http://tizen.org/privilege/network.get" />
                <check send_destination="net.connman" send_interface="net.connman.Manager" send_member="GetServices" privilege="http://tizen.org/privilege/network.get" />