mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 05:29:32 +00:00
Code Issues Projects Releases Wiki Activity

connman: Don't use a blanket "allow" D-Bus policy

Browse Source 
There are already "allow" rules for root and conditionally xuser to
send messages to connman: there should be no reason for a default
allow policy.

Also, conditionally add a policy to allow xuser to send to the
connman vpn service (similar to main service).

(From OE-Core rev: 7c75981944e92b5534b054058407d19de2a8a78c)

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Jussi Kukkonen
2015-09-25 14:14:01 +03:00
committed by Richard Purdie
parent 907c8a7068
commit adeba9a4cb
2 changed files with 25 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-connectivity/connman/connman.inc
-6
View File
@@ -70,13 +70,7 @@ SYSTEMD_SERVICE_${PN} = "connman.service"
SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service"
SYSTEMD_WIRED_SETUP = "ExecStartPre=-${libdir}/connman/wired-setup" SYSTEMD_WIRED_SETUP = "ExecStartPre=-${libdir}/connman/wired-setup"
# This allows *everyone* to access ConnMan over DBus, without any access
# control. Really the at_console flag should work, which would mean that
# both this and the xuser patch can be dropped.
do_compile_append() { do_compile_append() {
sed -i -e s:deny:allow:g ${S}/src/connman-dbus.conf
sed -i -e s:deny:allow:g ${S}/vpn/vpn-dbus.conf
sed -i "s#ExecStart=#${SYSTEMD_WIRED_SETUP}\nExecStart=#" ${B}/src/connman.service sed -i "s#ExecStart=#${SYSTEMD_WIRED_SETUP}\nExecStart=#" ${B}/src/connman.service
} }
meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch
+25 -3
View File
@@ -1,9 +1,14 @@
Because Poky doesn't support at_console we need to special-case the session Because Poky doesn't support at_console we need to
user. special-case the session user.
Upstream-Status: Inappropriate [configuration] Upstream-Status: Inappropriate [configuration]
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
---
src/connman-dbus.conf | 3 +++
vpn/vpn-dbus.conf | 3 +++
2 files changed, 6 insertions(+)
diff --git a/src/connman-dbus.conf b/src/connman-dbus.conf diff --git a/src/connman-dbus.conf b/src/connman-dbus.conf
index 98a773e..466809c 100644 index 98a773e..466809c 100644
@@ -19,3 +24,20 @@ index 98a773e..466809c 100644
<policy at_console="true"> <policy at_console="true">
<allow send_destination="net.connman"/> <allow send_destination="net.connman"/>
</policy> </policy>
diff --git a/vpn/vpn-dbus.conf b/vpn/vpn-dbus.conf
index 0f0c8da..9ad05b9 100644
--- a/vpn/vpn-dbus.conf
+++ b/vpn/vpn-dbus.conf
@@ -6,6 +6,9 @@
<allow send_destination="net.connman.vpn"/>
<allow send_interface="net.connman.vpn.Agent"/>
</policy>
+ <policy user="xuser">
+ <allow send_destination="net.connman.vpn"/>
+ </policy>
<policy at_console="true">
<allow send_destination="net.connman.vpn"/>
</policy>
--
2.1.4