dbus-daemon(1): Document the wildcard attribute value "*" more clearly

Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Thiago Macieira <thiago@kde.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92853

diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in
index a9a46ee..5f8dddd 100644 (file)
--- a/doc/dbus-daemon.1.xml.in
+++ b/doc/dbus-daemon.1.xml.in
@@ -835,29 +835,29 @@ statements, and works just like &lt;deny&gt; but with the inverse meaning.</para
 
 <para>The possible attributes of these elements are:</para>
 <literallayout remap='.nf'>
-   send_interface="interface_name"
-   send_member="method_or_signal_name"
-   send_error="error_name"
-   send_destination="name"
-   send_type="method_call" | "method_return" | "signal" | "error"
-   send_path="/path/name"
-
-   receive_interface="interface_name"
-   receive_member="method_or_signal_name"
-   receive_error="error_name"
-   receive_sender="name"
-   receive_type="method_call" | "method_return" | "signal" | "error"
-   receive_path="/path/name"
+   send_interface="interface_name" | "*"
+   send_member="method_or_signal_name" | "*"
+   send_error="error_name" | "*"
+   send_destination="name" | "*"
+   send_type="method_call" | "method_return" | "signal" | "error" | "*"
+   send_path="/path/name" | "*"
+
+   receive_interface="interface_name" | "*"
+   receive_member="method_or_signal_name" | "*"
+   receive_error="error_name" | "*"
+   receive_sender="name" | "*"
+   receive_type="method_call" | "method_return" | "signal" | "error" | "*"
+   receive_path="/path/name" | "*"
 
    send_requested_reply="true" | "false"
    receive_requested_reply="true" | "false"
 
    eavesdrop="true" | "false"
 
-   own="name"
+   own="name" | "*"
    own_prefix="name"
-   user="username"
-   group="groupname"
+   user="username" | "*"
+   group="groupname" | "*"
 </literallayout> <!-- .fi -->
 
 
@@ -879,10 +879,21 @@ rules in the config file allow it).</para>
 sent to or received from the *owner* of the given name, not that
 they may not be sent *to that name*. That is, if a connection
 owns services A, B, C, and sending to A is denied, sending to B or C
-will not work either.</para>
+will not work either. As a special case,
+<literal>send_destination="*"</literal> matches any message
+(whether it has a destination specified or not), and
+<literal>receive_sender="*"</literal> similarly matches any message.</para>
 
-<para>The other send_* and receive_* attributes are purely textual/by-value
-matches against the given field in the message header.</para>
+<para>
+  The other <literal>send_</literal>* and <literal>receive_</literal>*
+  attributes are purely textual/by-value matches against the given field in
+  the message header, except that for the attributes where it is allowed,
+  <literal>*</literal> matches any message (whether it has the relevant
+  header field or not). For example, <literal>send_interface="*"</literal>
+  matches any sent message, even if it does not contain an interface header
+  field. More complex glob matching such as <literal>foo.bar.*</literal> is
+  not allowed.
+</para>
 
 <para>"Eavesdropping" occurs when an application receives a message that
 was explicitly addressed to a name the application does not own, or