<allow send_interface="org.freedesktop.DBus.ObjectManager"/>
</policy>
- <policy context="default">
+ <policy user="network_fw">
+ <allow own="org.bluez.mesh"/>
<allow send_destination="org.bluez.mesh"/>
+ <allow send_interface="org.bluez.mesh.Application1"/>
+ <allow send_interface="org.bluez.mesh.Element1"/>
+ <allow send_interface="org.bluez.mesh.ProvisionAgent1"/>
+ <allow send_interface="org.bluez.mesh.Provisioner1"/>
+ <allow send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
+ </policy>
+
+ <policy context="default">
+ <deny own="org.bluez.mesh"/>
+ <deny send_destination="org.bluez.mesh"/>
</policy>
</busconfig>
[Unit]
Description=Bluetooth mesh service
-ConditionPathIsDirectory=/sys/class/bluetooth
[Service]
+User=network_fw
+Group=network_fw
Type=dbus
BusName=org.bluez.mesh
-ExecStart=@pkglibexecdir@/bluetooth-meshd
+ExecStart=@pkglibexecdir@/bluetooth-meshd --nodetach --debug
+Capabilities=cap_net_admin,cap_net_bind_service,cap_dac_override=eip
+SecureBits=keep-caps
+SmackProcessLabel=System
+KillMode=process
NotifyAccess=main
-LimitNPROC=1
-ProtectHome=true
-ProtectSystem=full
-Restart=on-failure
-RestartSec=5s
[Install]
-WantedBy=bluetooth.target
Alias=dbus-org.bluez.mesh.service
install -D -m 0755 tools/meshctl $RPM_BUILD_ROOT/%{_bindir}/
install -D -m 0755 tools/mesh-cfgclient $RPM_BUILD_ROOT/%{_bindir}/
+# mesh conf
+install -D -m 0644 mesh/mesh-main.conf %{buildroot}%{_sysconfdir}/bluetooth/mesh-main.conf
install -D -m 0755 tools/obexctl %{buildroot}%{_bindir}/obexctl
%{_sysconfdir}/dbus-1/system.d/bluetooth-mesh.conf
%attr(755, network_fw, network_fw)%{_libexecdir}/bluetooth/bluetooth-meshd
%{_libpath}/systemd/system/bluetooth-mesh.service
-%{_datadir}/dbus-1/system-services/org.bluez.mesh.service
+%exclude %{_datadir}/dbus-1/system-services/org.bluez.mesh.service
%exclude /usr/lib/debug/*
+%{_sysconfdir}/bluetooth/mesh-main.conf
%files devel
%manifest %{name}.manifest
projects / platform / upstream / bluez.git / commitdiff