Add default deny policy in conf files

Remove at_console policy

Change-Id: I31a6089386e9bf9d095fa9390215a746aac4e263

diff --git a/bt-core/bluetooth-frwk-core.conf b/bt-core/bluetooth-frwk-core.conf
index 815a54a..b0a45e0 100755 (executable)
--- a/bt-core/bluetooth-frwk-core.conf
+++ b/bt-core/bluetooth-frwk-core.conf
@@ -4,11 +4,15 @@
     <policy user="root">
         <allow own="org.projectx.bt_core"/>
     </policy>
-    <policy at_console="true">
-        <allow send_destination="org.projectx.bt_core" />
-    </policy>
     <policy context="default">
-        <allow send_destination="org.projectx.bt_core" />
+        <deny own="org.projectx.bt_core"/>
+        <deny receive_sender="org.projectx.bt_core"/>
+        <deny send_destination="org.projectx.bt_core"/>
+    </policy>
+    <policy group="network_fw">
+        <deny own="org.projectx.bt_core"/>
+        <deny receive_sender="org.projectx.bt_core"/>
+        <deny send_destination="org.projectx.bt_core"/>
     </policy>
 </busconfig>
 

diff --git a/bt-service-adaptation/bluetooth-frwk-service.conf.in b/bt-service-adaptation/bluetooth-frwk-service.conf.in
index 8fc61f5..6c82cd2 100644 (file)
--- a/bt-service-adaptation/bluetooth-frwk-service.conf.in
+++ b/bt-service-adaptation/bluetooth-frwk-service.conf.in
@@ -1,25 +1,49 @@
 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <busconfig>
-    <policy group="system">
+    <policy group="root">
         <allow own="org.projectx.bt"/>
         <allow own="org.projectx.bt_event"/>
         <allow own="org.projectx.bluetooth.share"/>
-        <allow own="org.bluez.ag_agent"/>
-        <allow own="org.tizen.csd.Call.Instance"/>
+        <allow own="org.tizen.csd.Call.Instance"/>
     </policy>
-    <policy group="root">
+    <policy context="default">
+        <deny own="org.projectx.bt"/>
+        <deny receive_sender="org.projectx.bt"/>
+        <deny send_destination="org.projectx.bt"/>
+        <deny own="org.projectx.bt_event"/>
+        <deny receive_sender="org.projectx.bt_event"/>
+        <deny send_destination="org.projectx.bt_event"/>
+        <deny own="org.projectx.bluetooth.share"/>
+        <deny receive_sender="org.projectx.bluetooth.share"/>
+        <deny send_destination="org.projectx.bluetooth.share"/>
+        <deny own="org.tizen.csd.Call.Instance"/>
+        <deny receive_sender="org.tizen.csd.Call.Instance"/>
+        <deny send_destination="org.tizen.csd.Call.Instance"/>
+    </policy>
+    <policy group="network_fw">
         <allow own="org.projectx.bt"/>
+        <allow receive_sender="org.projectx.bt"/>
+        <allow send_destination="org.projectx.bt"/>
         <allow own="org.projectx.bt_event"/>
+        <allow receive_sender="org.projectx.bt_event"/>
+        <allow send_destination="org.projectx.bt_event"/>
         <allow own="org.projectx.bluetooth.share"/>
-        <allow own="org.bluez.ag_agent"/>
-        <allow own="org.tizen.csd.Call.Instance"/>
-    </policy>
-    <policy at_console="true">
-        <allow send_destination="org.projectx.bt"/>
+        <allow receive_sender="org.projectx.bluetooth.share"/>
+        <allow send_destination="org.projectx.bluetooth.share"/>
+        <allow own="org.tizen.csd.Call.Instance"/>
+        <allow receive_sender="org.tizen.csd.Call.Instance"/>
+        <allow send_destination="org.tizen.csd.Call.Instance"/>
     </policy>
-    <policy context="default">
+    <policy user="owner">
+        <allow receive_sender="org.projectx.bt"/>
         <allow send_destination="org.projectx.bt"/>
+        <allow receive_sender="org.projectx.bt_event"/>
+        <allow send_destination="org.projectx.bt_event"/>
+        <allow receive_sender="org.projectx.bluetooth.share"/>
+        <allow send_destination="org.projectx.bluetooth.share"/>
+        <allow receive_sender="org.tizen.csd.Call.Instance"/>
+        <allow send_destination="org.tizen.csd.Call.Instance"/>
     </policy>
 </busconfig>