Apply D-bus service policy

author Hurnjoo Lee <hurnjoo.lee@samsung.com>

Wed, 29 Apr 2015 12:03:59 +0000 (21:03 +0900)

committer Hurnjoo Lee <hurnjoo.lee@samsung.com>

Thu, 7 May 2015 01:53:34 +0000 (10:53 +0900)
author Hurnjoo Lee <hurnjoo.lee@samsung.com>
Wed, 29 Apr 2015 12:03:59 +0000 (21:03 +0900)
committer Hurnjoo Lee <hurnjoo.lee@samsung.com>
Thu, 7 May 2015 01:53:34 +0000 (10:53 +0900)
diff --git a/src/daemon/dbus/gumd-dbus.conf.in b/src/daemon/dbus/gumd-dbus.conf.in

index a7266a2..c49824a 100644 (file)
--- a/src/daemon/dbus/gumd-dbus.conf.in
+++ b/src/daemon/dbus/gumd-dbus.conf.in
@@ -10,9 +10,68 @@
          <allow own="org.O1.SecurityAccounts.gUserManagement"/>
          <allow send_destination="org.O1.SecurityAccounts.gUserManagement"/>
      </policy>
-    
+
      <policy context="default">
          <deny send_destination="org.O1.SecurityAccounts.gUserManagement"/>
-    </policy>
+        <allow receive_sender="org.O1.SecurityAccounts.gUserManagement" receive_type="signal"/>
+
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.freedesktop.DBus.Properties" send_member="Get"
+         privilege="http://tizen.org/privilege/usermanagement.get"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.freedesktop.DBus.Properties" send_member="GetAll"
+         privilege="http://tizen.org/privilege/usermanagement.get"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.freedesktop.DBus.Properties" send_member="Set"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
+
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.User" send_member="addUser"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.User" send_member="deleteUser"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.User" send_member="updateUser"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
  
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.UserService" send_member="createNewUser"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.UserService" send_member="getUser"
+         privilege="http://tizen.org/privilege/usermanagement.get"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.UserService" send_member="getUserByName"
+         privilege="http://tizen.org/privilege/usermanagement.get"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.UserService" send_member="getUserList"
+         privilege="http://tizen.org/privilege/usermanagement.get"/>
+
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.Group" send_member="addGroup"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.Group" send_member="deleteGroup"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.Group" send_member="updateGroup"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.Group" send_member="addMember"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.Group" send_member="deleteMember"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
+
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.GroupService" send_member="createNewGroup"
+         privilege="http://tizen.org/privilege/usermanagement.set"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.GroupService" send_member="getGroup"
+         privilege="http://tizen.org/privilege/usermanagement.get"/>
+        <check send_destination="org.O1.SecurityAccounts.gUserManagement"
+         send_interface="org.O1.SecurityAccounts.gUserManagement.GroupService" send_member="getGroupByName"
+         privilege="http://tizen.org/privilege/usermanagement.get"/>
+    </policy>
  </busconfig>
author	Hurnjoo Lee <hurnjoo.lee@samsung.com>
	Wed, 29 Apr 2015 12:03:59 +0000 (21:03 +0900)
committer	Hurnjoo Lee <hurnjoo.lee@samsung.com>
	Thu, 7 May 2015 01:53:34 +0000 (10:53 +0900)