This adds new D-Bus policy file btmesh.conf --- Makefile.mesh | 6 ++++++ mesh/btmesh.conf | 24 ++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 mesh/btmesh.conf diff --git a/Makefile.mesh b/Makefile.mesh index ea6c5e939..e15718116 100644 --- a/Makefile.mesh +++ b/Makefile.mesh @@ -1,5 +1,9 @@ if MESH +if DATAFILES +dbus_DATA += mesh/btmesh.conf +endif + mesh_sources = mesh/mesh.h mesh/mesh.c \ mesh/net_keys.h mesh/net_keys.c \ mesh/mesh-io.h mesh/mesh-io.c \ @@ -27,4 +31,6 @@ libexec_PROGRAMS += mesh/meshd mesh_meshd_SOURCES = $(mesh_sources) mesh/main.c mesh_meshd_LDADD = src/libshared-ell.la $(ell_ldadd) -ljson-c mesh_meshd_DEPENDENCIES = $(ell_dependencies) src/libshared-ell.la + +EXTRA_DIST += mesh/btmesh.conf endif diff --git a/mesh/btmesh.conf b/mesh/btmesh.conf new file mode 100644 index 000000000..f05545065 --- /dev/null +++ b/mesh/btmesh.conf @@ -0,0 +1,24 @@ +<!-- This configuration file specifies the required security policies + for Bluetooth Mesh daemon to work. --> + +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";> +<busconfig> + + <!-- ../system.conf have denied everything, so we just punch some holes --> + + <policy user="root"> + <allow own="org.bluez.mesh"/> + <allow send_destination="org.bluez.mesh"/> + <allow send_interface="org.bluez.mesh.Application1"/> + <allow send_interface="org.bluez.mesh.Element1"/> + <allow send_interface="org.bluez.mesh.ProvisionAgent1"/> + <allow send_interface="org.freedesktop.DBus.ObjectManager"/> + <allow send_interface="org.freedesktop.DBus.Properties"/> + </policy> + + <policy context="default"> + <allow send_destination="org.bluez.mesh"/> + </policy> + +</busconfig> -- 2.17.2
