dbus-policy: apply default deny

Change-Id: Idbad893777fa1bf6d7ea2e21466cab9a91a0f881
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>

diff --git a/scripts/storaged.conf b/scripts/storaged.conf
index ecd3199ebe0bbab49ce4ba0243fc6a7d6fd1fdee..e338d9cc0cb549f13007b49e5b24c7ae3d454182 100644 (file)
--- a/scripts/storaged.conf
+++ b/scripts/storaged.conf
@@ -1,23 +1,66 @@
 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
 <busconfig>
     <policy user="root">
         <allow own="org.tizen.system.storage"/>
         <allow send_destination="org.tizen.system.storage"/>
     </policy>
 
+    <policy user="security_fw">
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Block/Manager"
+                send_member="GetControl"/>
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Block/Manager"
+                send_member="Control"/>
+    </policy>
+
     <policy context="default">
-        <allow send_destination="org.tizen.system.storage"/>
+        <deny own="org.tizen.system.storage"/>
+        <deny send_destination="org.tizen.system.storage"/>
+        <allow send_destination="org.tizen.system.storage" send_type="signal"/>
 
-        <deny send_destination="org.tizen.system.storage"
-                send_interface="org.tizen.system.storage.storage"/>
+        <!-- /Org/Tizen/System/Storage/Storage -->
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Storage"
+                send_member="GetStatus"/>
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Storage"
+                send_member="getstorage"/>
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Storage"
+                send_member="GetStatvfs"/>
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Storage"
+                send_member="GetStorageLevel"/>
 
+        <!-- /Org/Tizen/System/Storage/Block/Manager -->
         <check send_destination="org.tizen.system.storage"
-                send_interface="org.tizen.system.storage.storage"
+                send_path="/Org/Tizen/System/Storage/Block/Manager"
                 privilege="http://tizen.org/privilege/externalstorage"/>
-        <check send_destination="org.tizen.system.storage"
-                send_interface="org.tizen.system.storage.storage"
-                privilege="http://tizen.org/privilege/mediastorage"/>
 
+        <deny send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Block/Manager"
+                send_member="GetControl"/>
+        <deny send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Block/Manager"
+                send_member="Control"/>
+
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Block/Manager"
+                send_member="ShowDeviceList"/>
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Block/Manager"
+                send_member="GetDeviceList"/>
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Block/Manager"
+                send_member="GetDeviceList2"/>
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Block/Manager"
+                send_member="GetDeviceInfo"/>
+        <allow send_destination="org.tizen.system.storage"
+                send_path="/Org/Tizen/System/Storage/Block/Manager"
+                send_member="GetMmcPrimary"/>
     </policy>
 </busconfig>