This adds new D-Bus policy file bluetooth-mesh.conf --- Makefile.mesh | 6 ++++++ mesh/bluetooth-mesh.conf | 22 ++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 mesh/bluetooth-mesh.conf diff --git a/Makefile.mesh b/Makefile.mesh index 66854e0bf..28c87a061 100644 --- a/Makefile.mesh +++ b/Makefile.mesh @@ -1,5 +1,9 @@ if MESH +if DATAFILES +dbus_DATA += mesh/bluetooth-mesh.conf +endif + mesh_sources = mesh/mesh.h mesh/mesh.c \ mesh/net_keys.h mesh/net_keys.c \ mesh/mesh-io.h mesh/mesh-io.c \ @@ -27,4 +31,6 @@ libexec_PROGRAMS += mesh/bluetooth-meshd mesh_bluetooth_meshd_SOURCES = $(mesh_sources) mesh/main.c mesh_bluetooth_meshd_LDADD = src/libshared-ell.la $(ell_ldadd) -ljson-c mesh_bluetooth_meshd_DEPENDENCIES = $(ell_dependencies) src/libshared-ell.la + +EXTRA_DIST += mesh/bluetooth-mesh.conf endif diff --git a/mesh/bluetooth-mesh.conf b/mesh/bluetooth-mesh.conf new file mode 100644 index 000000000..28be7c649 --- /dev/null +++ b/mesh/bluetooth-mesh.conf @@ -0,0 +1,22 @@ +<!-- This configuration file specifies the required security policies + for Bluetooth mesh daemon to work. --> + +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";> +<busconfig> + + <!-- ../system.conf have denied everything, so we just punch some holes --> + + <policy user="root"> + <allow own="org.bluez.mesh"/> + <allow send_destination="org.bluez.mesh"/> + <allow send_interface="org.bluez.mesh.Application1"/> + <allow send_interface="org.bluez.mesh.Element1"/> + <allow send_interface="org.bluez.mesh.ProvisionAgent1"/> + </policy> + + <policy context="default"> + <allow send_destination="org.bluez.mesh"/> + </policy> + +</busconfig> -- 2.17.2
