<standard_session_servicedirs />
<policy context="default">
- <!-- By default clients require internal/dbus privilege to communicate
- with D-Bus services and to claim name ownership. This is internal privilege that
- is only accessible to trusted system services -->
- <check own="*" privilege="http://tizen.org/privilege/internal/dbus" />
- <check send_type="method_call" privilege="http://tizen.org/privilege/internal/dbus" />
- <check send_type="signal" privilege="http://tizen.org/privilege/internal/dbus" />
- <check receive_type="signal" privilege="http://tizen.org/privilege/internal/dbus" />
-
- <!-- Reply messages (method returns, errors) are allowed
- by default -->
- <allow send_requested_reply="true" send_type="method_return"/>
- <allow send_requested_reply="true" send_type="error"/>
-
- <!-- All messages but signals may be received by default -->
- <allow receive_type="method_call"/>
- <allow receive_type="method_return"/>
- <allow receive_type="error"/>
-
- <!-- Allow anyone to talk to the message bus -->
- <allow send_destination="org.freedesktop.DBus"/>
- <allow receive_sender="org.freedesktop.DBus"/>
-
- <!-- But disallow some specific bus services -->
- <deny send_destination="org.freedesktop.DBus"
- send_interface="org.freedesktop.DBus"
- send_member="UpdateActivationEnvironment"/>
+ <!-- Allow everything to be sent -->
+ <allow send_destination="*" eavesdrop="true"/>
+ <!-- Allow everything to be received -->
+ <allow eavesdrop="true"/>
+ <!-- Allow anyone to own anything -->
+ <allow own="*"/>
</policy>
<!-- Config files are placed here that among other things,
<deny own="*"/>
<deny send_type="method_call"/>
- <!-- By default clients require internal/dbus privilege to send and receive signaks.
- This is internal privilege that is only accessible to trusted system services -->
- <check send_type="signal" privilege="http://tizen.org/privilege/internal/dbus" />
- <check receive_type="signal" privilege="http://tizen.org/privilege/internal/dbus" />
-
- <!-- Reply messages (method returns, errors) are allowed
+ <!-- Signals and reply messages (method returns, errors) are allowed
by default -->
+ <allow send_type="signal"/>
<allow send_requested_reply="true" send_type="method_return"/>
<allow send_requested_reply="true" send_type="error"/>
- <!-- All messages but signals may be received by default -->
+ <!-- All messages may be received by default -->
<allow receive_type="method_call"/>
<allow receive_type="method_return"/>
<allow receive_type="error"/>
+ <allow receive_type="signal"/>
- <!-- If there is a need specific bus services could be protected by Cynara as well.
- However, this can lead to deadlock during the boot process when such check is made and
- Cynara is not yet activated (systemd calls protected method synchronously,
- dbus daemon tries to consult Cynara, Cynara waits for systemd activation).
- Therefore it is advised to allow root processes to use bus services.
- Currently anyone is allowed to talk to the message bus -->
+ <!-- Allow anyone to talk to the message bus -->
<allow send_destination="org.freedesktop.DBus"/>
- <allow receive_sender="org.freedesktop.DBus"/>
-
- <!-- Disallow some specific bus services -->
+ <!-- But disallow some specific bus services -->
<deny send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.DBus"
send_member="UpdateActivationEnvironment"/>