Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 4f6e8d7a00cbeda1e70cc15be9c4af1018bdad53^! / . / rootdir / etc / dbus.conf
commit4f6e8d7a00cbeda1e70cc15be9c4af1018bdad53[log] [tgz]
authorThe Android Open Source Project <initial-contribution@android.com>Tue Oct 21 07:00:00 2008 -0700
committerThe Android Open Source Project <initial-contribution@android.com>Tue Oct 21 07:00:00 2008 -0700
tree54fd1b2695a591d2306d41264df67c53077b752c
Initial Contribution

diff --git a/rootdir/etc/dbus.conf b/rootdir/etc/dbus.conf
new file mode 100644
index 0000000..8742345
--- /dev/null
+++ b/rootdir/etc/dbus.conf

@@ -0,0 +1,67 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <!-- Our well-known bus type, do not change this -->
+  <type>system</type>
+
+  <!-- Fork into daemon mode -->
+  <fork/>
+
+  <!-- Only allow socket-credentials-based authentication -->
+  <auth>EXTERNAL</auth>
+
+  <!-- Only listen on a local socket. (abstract=/path/to/socket 
+       means use abstract namespace, don't really create filesystem 
+       file; only Linux supports this. Use path=/whatever on other 
+       systems.) -->
+  <listen>unix:path=/dev/socket/dbus</listen>
+
+  <policy context="default">
+    <!-- Deny everything then punch holes -->
+    <deny send_interface="*"/>
+    <deny receive_interface="*"/>
+    <deny own="*"/>
+    <!-- But allow all users to connect -->
+    <allow user="*"/>
+    <!-- Allow anyone to talk to the message bus -->
+    <!-- FIXME I think currently these allow rules are always implicit 
+         even if they aren't in here -->
+    <allow send_destination="org.freedesktop.DBus"/>
+    <allow receive_sender="org.freedesktop.DBus"/>
+    <!-- valid replies are always allowed -->
+    <allow send_requested_reply="true"/>
+    <allow receive_requested_reply="true"/>
+  </policy>
+
+
+  <!-- Now punch holes for bluetooth -->
+
+  <policy context="default">
+    <allow own="*"/>
+    <allow user="*"/>
+    <allow send_destination="org.bluez.PasskeyAgent"/>
+    <allow receive_sender="org.bluez.PasskeyAgent"/>
+    <allow send_path="/org/bluez/PasskeyAgent"/>
+  </policy>
+
+  <policy user="root">
+    <allow own="org.bluez"/>
+  </policy>
+
+  <policy at_console="true">
+    <allow send_destination="org.bluez.Adapter"/>
+    <allow receive_sender="org.bluez.Adapter"/>
+
+    <allow send_path="/org/bluez/Adapter"/>
+
+    <allow send_destination="org.bluez.Manager"/>
+    <allow receive_sender="org.bluez.Manager"/>
+
+    <allow send_path="/org/bluez/Manager"/>
+
+    <allow send_destination="org.bluez.Security"/>
+    <allow receive_sender="org.bluez.Security"/>
+  </policy>
+
+</busconfig>