Fix privilege violation

Need default deny policy for internal interface

Change-Id: If7ecc83424efb736f6d30a0ac43a0a510bf51437

diff --git a/bt-oal/bluez_hal/CMakeLists.txt b/bt-oal/bluez_hal/CMakeLists.txt
index b06effc..fd706b8 100644 (file)
--- a/bt-oal/bluez_hal/CMakeLists.txt
+++ b/bt-oal/bluez_hal/CMakeLists.txt
@@ -93,3 +93,4 @@ SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${VERSION})
 TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${bluez_hal_pkgs_LDFLAGS} "-ldl")
 
 INSTALL(TARGETS ${PROJECT_NAME} DESTINATION ${LIBDIR} COMPONENT RuntimeLibraries)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/bluetooth-frwk-gap-agent.conf DESTINATION /etc/dbus-1/system.d)

diff --git a/bt-oal/bluez_hal/bluetooth-frwk-gap-agent.conf b/bt-oal/bluez_hal/bluetooth-frwk-gap-agent.conf
new file mode 100644 (file)
index 0000000..9d1e018
--- /dev/null
+++ b/bt-oal/bluez_hal/bluetooth-frwk-gap-agent.conf
@@ -0,0 +1,13 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+    <policy user="root">
+        <allow send_destination="org.projectx.bt" send_interface="org.bluez.Agent1"/>
+    </policy>
+    <policy group="network_fw">
+        <allow send_destination="org.projectx.bt" send_interface="org.bluez.Agent1"/>
+    </policy>
+    <policy context="default">
+        <deny send_destination="org.projectx.bt" send_interface="org.bluez.Agent1"/>
+    </policy>
+</busconfig>

diff --git a/packaging/bluetooth-frwk.spec b/packaging/bluetooth-frwk.spec
index 4e350d5..0593cf1 100644 (file)
--- a/packaging/bluetooth-frwk.spec
+++ b/packaging/bluetooth-frwk.spec
@@ -578,6 +578,7 @@ popd
 %files oal
 %manifest %{name}.manifest
 %{_libdir}/libbt-oal.so*
+%{_sysconfdir}/dbus-1/system.d/bluetooth-frwk-gap-agent.conf
 
 %if %{bt_bluez_hal} == ENABLED
 %manifest %{name}.manifest