Add the dbus privilege check logic for platform APIs

Change-Id: Idc881c48fa63e154e7d9abe83a57fe7bde2d7413
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>

diff --git a/ag-agent/bluetooth-ag-agent.conf.in b/ag-agent/bluetooth-ag-agent.conf.in
index eaa7ee8..63d0b7f 100644 (file)
--- a/ag-agent/bluetooth-ag-agent.conf.in
+++ b/ag-agent/bluetooth-ag-agent.conf.in
@@ -10,5 +10,17 @@
            <allow send_interface="Org.Hfp.App.Interface"/>
            <allow send_destination="Org.Hfp.App.Interface"/>
     </policy>
+    <policy context="default">
+            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="CheckPrivilege" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="Play" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="Stop" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="ChangeCallStatus" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="OutgoingCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="IncomingCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SendVendorAtCmd" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SetVoiceDial" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SetSpeakerGain" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SwapHeadset" privilege="http://tizen.org/privilege/bluetooth.admin" />
+    </policy>
 </busconfig>
 

diff --git a/hf-agent/CMakeLists.txt b/hf-agent/CMakeLists.txt
index da878f5..1ee2094 100644 (file)
--- a/hf-agent/CMakeLists.txt
+++ b/hf-agent/CMakeLists.txt
@@ -25,3 +25,6 @@ TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${pkgs_hf_agent_LDFLAGS})
 INSTALL(TARGETS ${PROJECT_NAME} DESTINATION bin)
 INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/org.bluez.hf_agent.service
                DESTINATION share/dbus-1/system-services)
+
+CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/bluetooth-hf-agent.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/bluetooth-hf-agent.conf)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/bluetooth-hf-agent.conf DESTINATION /etc/dbus-1/system.d)

diff --git a/hf-agent/bluetooth-hf-agent.conf.in b/hf-agent/bluetooth-hf-agent.conf.in
new file mode 100644 (file)
index 0000000..80b3ff2
--- /dev/null
+++ b/hf-agent/bluetooth-hf-agent.conf.in
@@ -0,0 +1,27 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+    <policy group="network_fw">
+    </policy>
+    <policy group="root">
+    </policy>
+    <policy group="pulse">
+           <allow own="org.tizen.HfApp"/>
+           <allow send_interface="org.tizen.HfApp"/>
+           <allow send_destination="org.tizen.HfApp"/>
+    </policy>
+    <policy context="default">
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="AnswerCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="TerminateCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="InitiateCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="ReleaseAndAccept" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="CallSwap" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="ReleaseAllCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="JoinCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="VoiceRecognition" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="ScoDisconnect" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="SpeakerGain" privilege="http://tizen.org/privilege/bluetooth.admin" />
+            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="SendDtmf" privilege="http://tizen.org/privilege/bluetooth.admin" />
+    </policy>
+</busconfig>
+

diff --git a/packaging/bluetooth-agent.spec b/packaging/bluetooth-agent.spec
index 9df8a2c..73efaff 100644 (file)
--- a/packaging/bluetooth-agent.spec
+++ b/packaging/bluetooth-agent.spec
@@ -160,6 +160,7 @@ ln -sf %{_libdir}/systemd/system/bluetooth-pbap-agent.service %{_sysconfdir}/sys
 %{_datadir}/dbus-1/system-services/org.bluez.hf_agent.service
 %{_datadir}/dbus-1/system-services/org.bluez.ag_agent.service
 %{_sysconfdir}/dbus-1/system.d/bluetooth-ag-agent.conf
+%{_sysconfdir}/dbus-1/system.d/bluetooth-hf-agent.conf
 %exclude %{_libdir}/systemd/system/bluetooth-map-agent.service
 %exclude %{_libdir}/systemd/system/bluetooth-pbap-agent.service
 %endif