Add default deny policy in conf files

author Wootak Jung <wootak.jung@samsung.com>

Tue, 17 Apr 2018 07:24:22 +0000 (16:24 +0900)

committer Wootak Jung <wootak.jung@samsung.com>

Wed, 18 Apr 2018 06:03:55 +0000 (15:03 +0900)
author Wootak Jung <wootak.jung@samsung.com>
Tue, 17 Apr 2018 07:24:22 +0000 (16:24 +0900)
committer Wootak Jung <wootak.jung@samsung.com>
Wed, 18 Apr 2018 06:03:55 +0000 (15:03 +0900)
diff --git a/ag-agent/bluetooth-ag-agent.conf.in b/ag-agent/bluetooth-ag-agent.conf.in

index 63d0b7f..661c743 100644 (file)
--- a/ag-agent/bluetooth-ag-agent.conf.in
+++ b/ag-agent/bluetooth-ag-agent.conf.in
@@ -1,26 +1,28 @@
  <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
   "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
  <busconfig>
-    <policy group="network_fw">
-    </policy>
-    <policy group="root">
+    <policy context="default">
+        <deny own="org.bluez.ag_agent"/>
+        <deny receive_sender="org.bluez.ag_agent"/>
+        <deny send_destination="org.bluez.ag_agent"/>
+        <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="CheckPrivilege" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="Play" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="Stop" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="ChangeCallStatus" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="OutgoingCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="IncomingCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SendVendorAtCmd" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SetVoiceDial" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SetSpeakerGain" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SwapHeadset" privilege="http://tizen.org/privilege/bluetooth.admin" />
      </policy>
      <policy group="pulse">
-           <allow own="Org.Hfp.App.Interface"/>
-           <allow send_interface="Org.Hfp.App.Interface"/>
-           <allow send_destination="Org.Hfp.App.Interface"/>
+           <allow receive_interface="Org.Hfp.App.Interface"/>
+        <allow send_interface="Org.Hfp.App.Interface"/>
      </policy>
-    <policy context="default">
-            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="CheckPrivilege" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="Play" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="Stop" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="ChangeCallStatus" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="OutgoingCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="IncomingCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SendVendorAtCmd" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SetVoiceDial" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SetSpeakerGain" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="SwapHeadset" privilege="http://tizen.org/privilege/bluetooth.admin" />
+    <policy group="network_fw">
+        <allow own="org.bluez.ag_agent"/>
+        <allow receive_sender="org.bluez.ag_agent"/>
+        <allow send_destination="org.bluez.ag_agent"/>
      </policy>
  </busconfig>
-
diff --git a/bt-ipsp/bluetooth-frwk-ipsp.conf b/bt-ipsp/bluetooth-frwk-ipsp.conf

index 40b9f11..7bd3ef5 100644 (file)
--- a/bt-ipsp/bluetooth-frwk-ipsp.conf
+++ b/bt-ipsp/bluetooth-frwk-ipsp.conf
@@ -1,13 +1,14 @@
  <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
   "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
  <busconfig>
-    <policy user="root">
-        <allow own="org.projectx.bt_ipsp"/>
-    </policy>
-    <policy at_console="true">
-        <allow send_destination="org.projectx.bt_ipsp" />
-    </policy>
      <policy context="default">
-        <allow send_destination="org.projectx.bt_ipsp" />
+        <deny own="org.projectx.bt_ipsp"/>
+        <deny receive_sender="org.projectx.bt_ipsp"/>
+        <deny send_destination="org.projectx.bt_ipsp"/>
+    </policy>
+    <policy group="network_fw">
+        <allow own="org.projectx.bt_ipsp"/>
+        <allow receive_sender="org.projectx.bt_ipsp"/>
+        <allow send_destination="org.projectx.bt_ipsp"/>
      </policy>
  </busconfig>
diff --git a/hf-agent/bluetooth-hf-agent.conf.in b/hf-agent/bluetooth-hf-agent.conf.in

index 80b3ff2..bd46bd2 100644 (file)
--- a/hf-agent/bluetooth-hf-agent.conf.in
+++ b/hf-agent/bluetooth-hf-agent.conf.in
@@ -1,27 +1,29 @@
  <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
   "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
  <busconfig>
-    <policy group="network_fw">
-    </policy>
-    <policy group="root">
+    <policy context="default">
+        <deny own="org.bluez.hf_agent"/>
+        <deny receive_sender="org.bluez.hf_agent"/>
+        <deny send_destination="org.bluez.hf_agent"/>
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="AnswerCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="TerminateCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="InitiateCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="ReleaseAndAccept" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="CallSwap" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="ReleaseAllCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="JoinCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="VoiceRecognition" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="ScoDisconnect" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="SpeakerGain" privilege="http://tizen.org/privilege/bluetooth.admin" />
+        <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="SendDtmf" privilege="http://tizen.org/privilege/bluetooth.admin" />
      </policy>
      <policy group="pulse">
-           <allow own="org.tizen.HfApp"/>
+           <allow receive_interface="org.tizen.HfApp"/>
             <allow send_interface="org.tizen.HfApp"/>
-           <allow send_destination="org.tizen.HfApp"/>
      </policy>
-    <policy context="default">
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="AnswerCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="TerminateCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="InitiateCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="ReleaseAndAccept" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="CallSwap" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="ReleaseAllCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="JoinCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="VoiceRecognition" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="ScoDisconnect" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="SpeakerGain" privilege="http://tizen.org/privilege/bluetooth.admin" />
-            <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="SendDtmf" privilege="http://tizen.org/privilege/bluetooth.admin" />
+    <policy group="network_fw">
+           <allow own="org.bluez.hf_agent"/>
+           <allow receive_sender="org.bluez.hf_agent"/>
+           <allow send_destination="org.bluez.hf_agent"/>
      </policy>
  </busconfig>
-
author	Wootak Jung <wootak.jung@samsung.com>
	Tue, 17 Apr 2018 07:24:22 +0000 (16:24 +0900)
committer	Wootak Jung <wootak.jung@samsung.com>
	Wed, 18 Apr 2018 06:03:55 +0000 (15:03 +0900)
ag-agent/bluetooth-ag-agent.conf.in		patch \| blob \| history
bt-ipsp/bluetooth-frwk-ipsp.conf		patch \| blob \| history
hf-agent/bluetooth-hf-agent.conf.in		patch \| blob \| history