From: Adrian Szyndela Date: Fri, 23 Aug 2019 09:37:51 +0000 (+0200) Subject: policychecker: allow i-dont-need-any-name configs X-Git-Tag: submit/tizen/20190827.025238~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ab5ed7f3d68071e62900e5dc6fe54f4d092ca359;p=platform%2Fcore%2Fsystem%2Fdbus-tools.git policychecker: allow i-dont-need-any-name configs This allows configurations that do not concern any owned names, e.g. configurations for specifying who can receive some specific signals. Without this change, the checking rules ensure that every policy configuration file contains at least one and one policy rule. This was introduced when there was "global default allow" policy in some uses. Nowadays, such policies are probably long gone. Anyway, there are still other checking rules present, which complain for not having proper rules in default context, if rules for a name are present in the configuration file. Change-Id: Ic4eeee3ff5c8524fda58d17874fe6fdb37fb4d1c --- diff --git a/policychecker/rules.xsl b/policychecker/rules.xsl index 0d13fb9..188a572 100644 --- a/policychecker/rules.xsl +++ b/policychecker/rules.xsl @@ -96,16 +96,9 @@ - You must provide a policy context-default section. - - You must define a 'deny own="yourname"' or 'deny own_prefix="yourname"' rule in context-default policy to avoid depending on a global 'deny own="*"'. - You must define a 'deny send_destination="yourname"' or 'deny send_destination_prefix="yourname"' rule in context-default policy to avoid depending on a global deny. - - -