Initial commit
This commit is contained in:
ariane
root
32
dbus-1/system.d/avahi-dbus.conf
Normal file
32
dbus-1/system.d/avahi-dbus.conf
Normal file
@@ -0,0 +1,32 @@
|
||||
<!DOCTYPE busconfig PUBLIC
|
||||
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
<busconfig>
|
||||
|
||||
<!-- Only root or user avahi can own the Avahi service -->
|
||||
<policy user="avahi">
|
||||
<allow own="org.freedesktop.Avahi"/>
|
||||
</policy>
|
||||
<policy user="root">
|
||||
<allow own="org.freedesktop.Avahi"/>
|
||||
</policy>
|
||||
|
||||
<!-- Allow anyone to invoke methods on Avahi server, except SetHostName -->
|
||||
<policy context="default">
|
||||
<allow send_destination="org.freedesktop.Avahi"/>
|
||||
<allow receive_sender="org.freedesktop.Avahi"/>
|
||||
|
||||
<deny send_destination="org.freedesktop.Avahi"
|
||||
send_interface="org.freedesktop.Avahi.Server" send_member="SetHostName"/>
|
||||
</policy>
|
||||
|
||||
<!-- Allow everything, including access to SetHostName to users of the group "netdev" -->
|
||||
<policy group="netdev">
|
||||
<allow send_destination="org.freedesktop.Avahi"/>
|
||||
<allow receive_sender="org.freedesktop.Avahi"/>
|
||||
</policy>
|
||||
<policy user="root">
|
||||
<allow send_destination="org.freedesktop.Avahi"/>
|
||||
<allow receive_sender="org.freedesktop.Avahi"/>
|
||||
</policy>
|
||||
</busconfig>
|
||||
43
dbus-1/system.d/bluetooth.conf
Normal file
43
dbus-1/system.d/bluetooth.conf
Normal file
@@ -0,0 +1,43 @@
|
||||
<!-- This configuration file specifies the required security policies
|
||||
for Bluetooth core daemon to work. -->
|
||||
|
||||
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
<busconfig>
|
||||
|
||||
<!-- ../system.conf have denied everything, so we just punch some holes -->
|
||||
|
||||
<policy user="root">
|
||||
<allow own="org.bluez"/>
|
||||
<allow send_destination="org.bluez"/>
|
||||
<allow send_interface="org.bluez.Agent1"/>
|
||||
<allow send_interface="org.bluez.MediaEndpoint1"/>
|
||||
<allow send_interface="org.bluez.MediaPlayer1"/>
|
||||
<allow send_interface="org.bluez.Profile1"/>
|
||||
<allow send_interface="org.bluez.GattCharacteristic1"/>
|
||||
<allow send_interface="org.bluez.GattDescriptor1"/>
|
||||
<allow send_interface="org.bluez.LEAdvertisement1"/>
|
||||
<allow send_interface="org.freedesktop.DBus.ObjectManager"/>
|
||||
<allow send_interface="org.freedesktop.DBus.Properties"/>
|
||||
</policy>
|
||||
|
||||
<!-- allow users of bluetooth group to communicate -->
|
||||
<policy group="bluetooth">
|
||||
<allow send_destination="org.bluez"/>
|
||||
</policy>
|
||||
|
||||
<policy at_console="true">
|
||||
<allow send_destination="org.bluez"/>
|
||||
</policy>
|
||||
|
||||
<!-- allow users of lp group (printing subsystem) to
|
||||
communicate with bluetoothd -->
|
||||
<policy group="lp">
|
||||
<allow send_destination="org.bluez"/>
|
||||
</policy>
|
||||
|
||||
<policy context="default">
|
||||
<deny send_destination="org.bluez"/>
|
||||
</policy>
|
||||
|
||||
</busconfig>
|
||||
33
dbus-1/system.d/wpa_supplicant.conf
Normal file
33
dbus-1/system.d/wpa_supplicant.conf
Normal file
@@ -0,0 +1,33 @@
|
||||
<!DOCTYPE busconfig PUBLIC
|
||||
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
<busconfig>
|
||||
<policy user="root">
|
||||
<allow own="fi.epitest.hostap.WPASupplicant"/>
|
||||
|
||||
<allow send_destination="fi.epitest.hostap.WPASupplicant"/>
|
||||
<allow send_interface="fi.epitest.hostap.WPASupplicant"/>
|
||||
|
||||
<allow own="fi.w1.wpa_supplicant1"/>
|
||||
|
||||
<allow send_destination="fi.w1.wpa_supplicant1"/>
|
||||
<allow send_interface="fi.w1.wpa_supplicant1"/>
|
||||
<allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
|
||||
</policy>
|
||||
<policy group="netdev">
|
||||
<allow send_destination="fi.epitest.hostap.WPASupplicant"/>
|
||||
<allow send_interface="fi.epitest.hostap.WPASupplicant"/>
|
||||
|
||||
<allow send_destination="fi.w1.wpa_supplicant1"/>
|
||||
<allow send_interface="fi.w1.wpa_supplicant1"/>
|
||||
<allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
|
||||
</policy>
|
||||
<policy context="default">
|
||||
<deny own="fi.epitest.hostap.WPASupplicant"/>
|
||||
<deny send_destination="fi.epitest.hostap.WPASupplicant"/>
|
||||
|
||||
<deny own="fi.w1.wpa_supplicant1"/>
|
||||
<deny send_destination="fi.w1.wpa_supplicant1"/>
|
||||
<deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
|
||||
</policy>
|
||||
</busconfig>
|
||||
Reference in New Issue
Block a user