Add default deny policy in conf files

author Wootak Jung <wootak.jung@samsung.com>

Tue, 17 Apr 2018 08:23:06 +0000 (17:23 +0900)

committer Wootak Jung <wootak.jung@samsung.com>

Fri, 20 Apr 2018 01:11:17 +0000 (10:11 +0900)
author Wootak Jung <wootak.jung@samsung.com>
Tue, 17 Apr 2018 08:23:06 +0000 (17:23 +0900)
committer Wootak Jung <wootak.jung@samsung.com>
Fri, 20 Apr 2018 01:11:17 +0000 (10:11 +0900)
diff --git a/src/bluetooth.conf b/src/bluetooth.conf

index 037f8ba..c1bac97 100755 (executable)
--- a/src/bluetooth.conf
+++ b/src/bluetooth.conf
@@ -8,140 +8,174 @@
    <!-- ../system.conf have denied everything, so we just punch some holes -->
  
    <policy user="root">
-    <allow own="org.bluez"/>
-    <allow send_destination="org.bluez"/>
      <allow own="org.projectx.bluetooth"/>
-    <allow send_interface="org.projectx.bluetooth"/>
+    <allow receive_sender="org.projectx.bluetooth"/>
      <allow send_destination="org.projectx.bluetooth"/>
-    <allow send_interface="org.projectx.bt_event"/>
-    <allow send_destination="org.projectx.bt_event"/>
      <allow own="org.bluez.frwk_agent"/>
-    <allow send_interface="org.bluez.frwk_agent"/>
+    <allow receive_sender="org.bluez.frwk_agent"/>
      <allow send_destination="org.bluez.frwk_agent"/>
      <allow own="org.bluez.Agent1"/>
-    <allow send_interface="org.bluez.Agent1"/>
+    <allow receive_sender="org.bluez.Agent1"/>
      <allow send_destination="org.bluez.Agent1"/>
      <allow own="org.bluez.Adapter1"/>
-    <allow send_interface="org.bluez.Adapter1"/>
+    <allow receive_sender="org.bluez.Adapter1"/>
      <allow send_destination="org.bluez.Adapter1"/>
      <allow own="org.bluez.Manager"/>
-    <allow send_interface="org.bluez.Manager"/>
+    <allow receive_sender="org.bluez.Manager"/>
      <allow send_destination="org.bluez.Manager"/>
      <allow own="org.bluez.Device1"/>
-    <allow send_interface="org.bluez.Device1"/>
+    <allow receive_sender="org.bluez.Device1"/>
      <allow send_destination="org.bluez.Device1"/>
      <allow own="org.bluez.MediaEndpoint1"/>
-    <allow send_interface="org.bluez.MediaEndpoint1"/>
+    <allow receive_sender="org.bluez.MediaEndpoint1"/>
      <allow send_destination="org.bluez.MediaEndpoint1"/>
-    <allow own="org.bluez.MediaPlayer1"/>
-    <allow send_interface="org.bluez.MediaPlayer1"/>
-    <allow send_interface="org.bluez.ThermometerWatcher1"/>
-    <allow send_interface="org.bluez.AlertAgent1"/>
-    <allow send_destination="org.bluez.MediaPlayer1"/>
      <allow own="org.bluez.MediaTransport1"/>
-    <allow send_interface="org.bluez.MediaTransport1"/>
+    <allow receive_sender="org.bluez.MediaTransport1"/>
      <allow send_destination="org.bluez.MediaTransport1"/>
+    <allow own="org.bluez.MediaPlayer1"/>
+    <allow receive_sender="org.bluez.MediaPlayer1"/>
+    <allow send_destination="org.bluez.MediaPlayer1"/>
      <allow own="org.bluez.Profile1"/>
-    <allow send_interface="org.bluez.Profile1"/>
+    <allow receive_sender="org.bluez.Profile1"/>
      <allow send_destination="org.bluez.Profile1"/>
-    <allow send_interface="org.bluez.HeartRateWatcher1"/>
-    <allow send_interface="org.bluez.CyclingSpeedWatcher1"/>
-    <allow send_interface="org.bluez.GattCharacteristic1"/>
-    <allow send_interface="org.bluez.GattDescriptor1"/>
-       <allow send_interface="org.bluez.LEAdvertisement1"/>
-    <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
-    <allow send_interface="org.freedesktop.DBus.Properties"/>
-  </policy>
-
-  <policy at_console="true">
-    <allow send_destination="org.bluez"/>
    </policy>
  
    <!-- allow users of bt_use group (Tizen BT group) to
         communicate with bluetoothd -->
    <policy group="bt_use">
-    <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
-    <allow send_destination="org.bluez"/>
-    <allow send_interface="org.projectx.bluetooth"/>
+    <allow receive_sender="org.projectx.bluetooth"/>
      <allow send_destination="org.projectx.bluetooth"/>
-    <allow send_interface="org.projectx.bt_event"/>
-    <allow send_destination="org.projectx.bt_event"/>
-    <allow send_interface="org.bluez.frwk_agent"/>
+    <allow receive_sender="org.bluez.frwk_agent"/>
      <allow send_destination="org.bluez.frwk_agent"/>
-    <allow send_interface="org.bluez.Agent1"/>
+    <allow receive_sender="org.bluez.Agent1"/>
      <allow send_destination="org.bluez.Agent1"/>
-    <allow send_interface="org.bluez.Adapter1"/>
+    <allow receive_sender="org.bluez.Adapter1"/>
      <allow send_destination="org.bluez.Adapter1"/>
-    <allow send_interface="org.bluez.Manager"/>
+    <allow receive_sender="org.bluez.Manager"/>
      <allow send_destination="org.bluez.Manager"/>
-    <allow send_interface="org.bluez.Device1"/>
+    <allow receive_sender="org.bluez.Device1"/>
      <allow send_destination="org.bluez.Device1"/>
-    <allow send_interface="org.bluez.MediaEndpoint1"/>
+    <allow receive_sender="org.bluez.MediaEndpoint1"/>
      <allow send_destination="org.bluez.MediaEndpoint1"/>
-    <allow send_interface="org.bluez.MediaTransport1"/>
+    <allow receive_sender="org.bluez.MediaTransport1"/>
      <allow send_destination="org.bluez.MediaTransport1"/>
-    <allow send_interface="org.bluez.MediaPlayer1"/>
+    <allow receive_sender="org.bluez.MediaPlayer1"/>
      <allow send_destination="org.bluez.MediaPlayer1"/>
-    <allow send_interface="org.bluez.Profile1"/>
+    <allow receive_sender="org.bluez.Profile1"/>
      <allow send_destination="org.bluez.Profile1"/>
    </policy>
  
-  <!-- allow users of system group (Tizen BT group) to
-       communicate with bluetoothd -->
-  <policy group="users">
-    <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
-    <allow send_destination="org.bluez"/>
-    <allow send_interface="org.projectx.bluetooth"/>
+  <policy users="owner">
+    <allow receive_sender="org.projectx.bluetooth"/>
      <allow send_destination="org.projectx.bluetooth"/>
-    <allow send_interface="org.projectx.bt_event"/>
-    <allow send_destination="org.projectx.bt_event"/>
-    <allow send_interface="org.bluez.frwk_agent"/>
+    <allow receive_sender="org.bluez.frwk_agent"/>
      <allow send_destination="org.bluez.frwk_agent"/>
-    <allow send_interface="org.bluez.Agent1"/>
+    <allow receive_sender="org.bluez.Agent1"/>
      <allow send_destination="org.bluez.Agent1"/>
-    <allow send_interface="org.bluez.Adapter1"/>
+    <allow receive_sender="org.bluez.Adapter1"/>
      <allow send_destination="org.bluez.Adapter1"/>
-    <allow send_interface="org.bluez.Manager"/>
+    <allow receive_sender="org.bluez.Manager"/>
      <allow send_destination="org.bluez.Manager"/>
-    <allow send_interface="org.bluez.Device1"/>
+    <allow receive_sender="org.bluez.Device1"/>
      <allow send_destination="org.bluez.Device1"/>
-    <allow send_interface="org.bluez.MediaEndpoint1"/>
+    <allow receive_sender="org.bluez.MediaEndpoint1"/>
      <allow send_destination="org.bluez.MediaEndpoint1"/>
-    <allow send_interface="org.bluez.MediaTransport1"/>
+    <allow receive_sender="org.bluez.MediaTransport1"/>
      <allow send_destination="org.bluez.MediaTransport1"/>
-    <allow send_interface="org.bluez.MediaPlayer1"/>
+    <allow receive_sender="org.bluez.MediaPlayer1"/>
      <allow send_destination="org.bluez.MediaPlayer1"/>
-    <allow send_interface="org.bluez.Profile1"/>
+    <allow receive_sender="org.bluez.Profile1"/>
      <allow send_destination="org.bluez.Profile1"/>
    </policy>
  
    <!-- allow users of lp group (printing subsystem) to
         communicate with bluetoothd -->
    <policy group="lp">
-    <allow send_destination="org.bluez"/>
+    <allow receive_sender="org.projectx.bluetooth"/>
+    <allow send_destination="org.projectx.bluetooth"/>
+    <allow receive_sender="org.bluez.frwk_agent"/>
+    <allow send_destination="org.bluez.frwk_agent"/>
+    <allow receive_sender="org.bluez.Agent1"/>
+    <allow send_destination="org.bluez.Agent1"/>
+    <allow receive_sender="org.bluez.Adapter1"/>
+    <allow send_destination="org.bluez.Adapter1"/>
+    <allow receive_sender="org.bluez.Manager"/>
+    <allow send_destination="org.bluez.Manager"/>
+    <allow receive_sender="org.bluez.Device1"/>
+    <allow send_destination="org.bluez.Device1"/>
+    <allow receive_sender="org.bluez.MediaEndpoint1"/>
+    <allow send_destination="org.bluez.MediaEndpoint1"/>
+    <allow receive_sender="org.bluez.MediaTransport1"/>
+    <allow send_destination="org.bluez.MediaTransport1"/>
+    <allow receive_sender="org.bluez.MediaPlayer1"/>
+    <allow send_destination="org.bluez.MediaPlayer1"/>
+    <allow receive_sender="org.bluez.Profile1"/>
+    <allow send_destination="org.bluez.Profile1"/>
+  </policy>
+
+  <policy group="network_fw">
+    <allow own="org.projectx.bluetooth"/>
+    <allow receive_sender="org.projectx.bluetooth"/>
+    <allow send_destination="org.projectx.bluetooth"/>
+    <allow own="org.bluez.frwk_agent"/>
+    <allow receive_sender="org.bluez.frwk_agent"/>
+    <allow send_destination="org.bluez.frwk_agent"/>
+    <allow own="org.bluez.Agent1"/>
+    <allow receive_sender="org.bluez.Agent1"/>
+    <allow send_destination="org.bluez.Agent1"/>
+    <allow own="org.bluez.Adapter1"/>
+    <allow receive_sender="org.bluez.Adapter1"/>
+    <allow send_destination="org.bluez.Adapter1"/>
+    <allow own="org.bluez.Manager"/>
+    <allow receive_sender="org.bluez.Manager"/>
+    <allow send_destination="org.bluez.Manager"/>
+    <allow own="org.bluez.Device1"/>
+    <allow receive_sender="org.bluez.Device1"/>
+    <allow send_destination="org.bluez.Device1"/>
+    <allow own="org.bluez.MediaEndpoint1"/>
+    <allow receive_sender="org.bluez.MediaEndpoint1"/>
+    <allow send_destination="org.bluez.MediaEndpoint1"/>
+    <allow own="org.bluez.MediaTransport1"/>
+    <allow receive_sender="org.bluez.MediaTransport1"/>
+    <allow send_destination="org.bluez.MediaTransport1"/>
+    <allow own="org.bluez.MediaPlayer1"/>
+    <allow receive_sender="org.bluez.MediaPlayer1"/>
+    <allow send_destination="org.bluez.MediaPlayer1"/>
+    <allow own="org.bluez.Profile1"/>
+    <allow receive_sender="org.bluez.Profile1"/>
+    <allow send_destination="org.bluez.Profile1"/>
    </policy>
  
    <policy context="default">
-    <deny send_interface="org.projectx.bluetooth"/>
+    <deny own="org.projectx.bluetooth"/>
+    <deny receive_sender="org.projectx.bluetooth"/>
      <deny send_destination="org.projectx.bluetooth"/>
-    <deny send_interface="org.bluez.frwk_agent"/>
+    <deny own="org.bluez.frwk_agent"/>
+    <deny receive_sender="org.bluez.frwk_agent"/>
      <deny send_destination="org.bluez.frwk_agent"/>
-    <deny send_interface="org.bluez.Agent1"/>
+    <deny own="org.bluez.Agent1"/>
+    <deny receive_sender="org.bluez.Agent1"/>
      <deny send_destination="org.bluez.Agent1"/>
-    <deny send_interface="org.bluez.Adapter1"/>
+    <deny own="org.bluez.Adapter1"/>
+    <deny receive_sender="org.bluez.Adapter1"/>
      <deny send_destination="org.bluez.Adapter1"/>
-    <deny send_interface="org.bluez.Manager"/>
+    <deny own="org.bluez.Manager"/>
+    <deny receive_sender="org.bluez.Manager"/>
      <deny send_destination="org.bluez.Manager"/>
-    <deny send_interface="org.bluez.Device1"/>
+    <deny own="org.bluez.Device1"/>
+    <deny receive_sender="org.bluez.Device1"/>
      <deny send_destination="org.bluez.Device1"/>
-    <deny send_interface="org.bluez.MediaEndpoint1"/>
+    <deny own="org.bluez.MediaEndpoint1"/>
+    <deny receive_sender="org.bluez.MediaEndpoint1"/>
      <deny send_destination="org.bluez.MediaEndpoint1"/>
-    <deny send_interface="org.bluez.MediaTransport1"/>
+    <deny own="org.bluez.MediaTransport1"/>
+    <deny receive_sender="org.bluez.MediaTransport1"/>
      <deny send_destination="org.bluez.MediaTransport1"/>
-    <deny send_interface="org.bluez.MediaPlayer1"/>
+    <deny own="org.bluez.MediaPlayer1"/>
+    <deny receive_sender="org.bluez.MediaPlayer1"/>
      <deny send_destination="org.bluez.MediaPlayer1"/>
-    <deny send_interface="org.bluez.Profile1"/>
+    <deny own="org.bluez.Profile1"/>
+    <deny receive_sender="org.bluez.Profile1"/>
      <deny send_destination="org.bluez.Profile1"/>
    </policy>
-
  </busconfig>
author	Wootak Jung <wootak.jung@samsung.com>
	Tue, 17 Apr 2018 08:23:06 +0000 (17:23 +0900)
committer	Wootak Jung <wootak.jung@samsung.com>
	Fri, 20 Apr 2018 01:11:17 +0000 (10:11 +0900)