On Fri, Oct 23, 2015 at 06:03:22PM +0200, Lubomir Rintel wrote: > It does more than intended; apart from denying messages to that particular > interface it also denies all messages non-qualified with an interface globally. > From the dbus-daemon manual: > > Be careful with send_interface/receive_interface, because the > interface field in messages is optional. In particular, do NOT > specify <deny send_interface="org.foo.Bar"/>! This will cause > no-interface messages to be blocked for all services, which is almost > certainly not what you intended. Always use rules of the form: <deny > send_interface="org.foo.Bar" send_destination="org.foo.Service"/> > > We can just safely remove those rules, since we're sufficiently protected > by the send_destination matches and method calls are disallowed by default > anyway. Could you please describe what is the issue that this is fixing? It looks like the policy for context="default" denies everything while the user="root" allows the items. Does the "deny send_interface" cause some harm in the case where every operation is supposed to be disallowed? -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
