Hi Marcel, On Fri, 2019-01-18 at 09:50 +0100, Marcel Holtmann wrote: > Hi Inga, > > This adds new D-Bus policy file btmesh.conf > --- > Makefile.mesh | 6 ++++++ > mesh/btmesh.conf | 24 ++++++++++++++++++++++++ > 2 files changed, 30 insertions(+) > create mode 100644 mesh/btmesh.conf > > diff --git a/Makefile.mesh b/Makefile.mesh > index ea6c5e939..e15718116 100644 > --- a/Makefile.mesh > +++ b/Makefile.mesh > @@ -1,5 +1,9 @@ > if MESH > > +if DATAFILES > +dbus_DATA += mesh/btmesh.conf > +endif > + > > I prefer this is named bluetooth-mesh.conf. > > And for the daemon binary name this might be better as bluetoothd-mesh instead of just meshd. Agreed: makes it easier finding the process by name > > mesh_sources = mesh/mesh.h mesh/mesh.c \ > mesh/net_keys.h mesh/net_keys.c \ > mesh/mesh-io.h mesh/mesh-io.c \ > @@ -27,4 +31,6 @@ libexec_PROGRAMS += mesh/meshd > mesh_meshd_SOURCES = $(mesh_sources) mesh/main.c > mesh_meshd_LDADD = src/libshared-ell.la $(ell_ldadd) -ljson-c > mesh_meshd_DEPENDENCIES = $(ell_dependencies) src/libshared-ell.la > + > +EXTRA_DIST += mesh/btmesh.conf > endif > diff --git a/mesh/btmesh.conf b/mesh/btmesh.conf > new file mode 100644 > index 000000000..f05545065 > --- /dev/null > +++ b/mesh/btmesh.conf > @@ -0,0 +1,24 @@ > +<!-- This configuration file specifies the required security policies > + for Bluetooth Mesh daemon to work. —> > > Lower case “mesh” here. > > + > +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" > + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";> > +<busconfig> > + > + <!-- ../system.conf have denied everything, so we just punch some holes --> > + > + <policy user="root"> > + <allow own="org.bluez.mesh"/> > + <allow send_destination="org.bluez.mesh"/> > + <allow send_interface="org.bluez.mesh.Application1"/> > + <allow send_interface="org.bluez.mesh.Element1"/> > + <allow send_interface="org.bluez.mesh.ProvisionAgent1"/> > + <allow send_interface="org.freedesktop.DBus.ObjectManager"/> > + <allow send_interface="org.freedesktop.DBus.Properties”/> > > Do you need the last two? Not really. Will remove. > > + </policy> > + > + <policy context="default"> > + <allow send_destination="org.bluez.mesh"/> > + </policy> > + > +</busconfig> > > Regards > > Marcel > Thanks, Inga
