Merge commit '3d6abf64d0abb2718e082e120f14f8f923a4af59' into dbus-1.2

2026-05-02 04:58:01 +02:00 · 2008-12-16 12:29:04 -05:00 · 2008-12-16 12:29:04 -05:00 · c224ba1861
commit c224ba1861
parent 427ff01f9d 3d6abf64d0
2 changed files with 46 additions and 47 deletions
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@ -42,33 +42,29 @@
  <listen>@DBUS_SYSTEM_BUS_DEFAULT_ADDRESS@</listen>

  <policy context="default">
-    <!-- Deny everything then punch holes -->
-    <deny send_interface="*"/>
-    <deny receive_interface="*"/>
-    <deny own="*"/>
-    <!-- But allow all users to connect -->
+    <!-- All users can connect to system bus -->
    <allow user="*"/>
-    <!-- Allow anyone to talk to the message bus -->
-    <!-- FIXME I think currently these allow rules are always implicit 
-         even if they aren't in here -->
-    <allow send_destination="org.freedesktop.DBus"/>
-    <allow receive_sender="org.freedesktop.DBus"/>
-    <!-- Allow all signals to be sent by default -->
+
+    <!-- Holes must be punched in service configuration files for
+         name ownership and sending method calls -->
+    <deny own="*"/>
+    <deny send_type="method_call"/>
+
+    <!-- Signals and reply messages (method returns, errors) are allowed
+         by default -->
    <allow send_type="signal"/>
-    <!-- allow sending valid replies -->
    <allow send_requested_reply="true" send_type="method_return"/>
    <allow send_requested_reply="true" send_type="error"/>
-    <!-- allow receiving valid replies -->
-    <allow receive_requested_reply="true"/>
-    <!-- Note: the rule above also allows receiving of all non-reply messages
-         that are not denied later.  See:
-         https://bugs.freedesktop.org/show_bug.cgi?id=18229
-         Potentially this will be replaced in the future by the
-         following two rules:
-    <allow receive_requested_reply="true" receive_type="method_return"/>
-    <allow receive_requested_reply="true" receive_type="error"/>
-    -->
-    <!-- disallow changing the activation environment of system services -->
+
+    <!-- All messages may be received by default -->
+    <allow receive_type="method_call"/>
+    <allow receive_type="method_return"/>
+    <allow receive_type="error"/>
+    <allow receive_type="signal"/>
+
+    <!-- Allow anyone to talk to the message bus -->
+    <allow send_destination="org.freedesktop.DBus"/>
+    <!-- But disallow some specific bus services -->
    <deny send_destination="org.freedesktop.DBus"
          send_interface="org.freedesktop.DBus"
          send_member="UpdateActivationEnvironment"/>
--- a/test/name-test/tmp-session-like-system.conf
+++ b/test/name-test/tmp-session-like-system.conf
@ -16,27 +16,40 @@

  <!-- intended to match system bus -->
  <policy context="default">
-    <!-- Deny everything then punch holes -->
-    <deny send_interface="*"/>
-    <deny receive_interface="*"/>
-    <deny own="*"/>
-    <!-- But allow all users to connect -->
+    <!-- All users can connect to system bus -->
    <allow user="*"/>
-    <!-- Allow anyone to talk to the message bus -->
-    <!-- FIXME I think currently these eallow rules are always implicit 
-         even if they aren't in here -->
-    <allow send_destination="org.freedesktop.DBus"/>
-    <allow receive_sender="org.freedesktop.DBus"/>
-    <!-- Allow all signals to be sent by default -->
+
+    <!-- Holes must be punched in service configuration files for
+         name ownership and sending method calls -->
+    <deny own="*"/>
+    <deny send_type="method_call"/>
+
+    <!-- Signals and reply messages (method returns, errors) are allowed
+         by default -->
    <allow send_type="signal"/>
-    <!-- valid replies are always allowed -->
    <allow send_requested_reply="true" send_type="method_return"/>
    <allow send_requested_reply="true" send_type="error"/>
-    <allow receive_requested_reply="true"/>
-    <!-- disallow changing the activation environment of system services -->
+
+    <!-- All messages may be received by default -->
+    <allow receive_type="method_call"/>
+    <allow receive_type="method_return"/>
+    <allow receive_type="error"/>
+    <allow receive_type="signal"/>
+
+    <!-- Allow anyone to talk to the message bus -->
+    <allow send_destination="org.freedesktop.DBus"/>
+    <!-- But disallow some specific bus services -->
    <deny send_destination="org.freedesktop.DBus"
          send_interface="org.freedesktop.DBus"
          send_member="UpdateActivationEnvironment"/>
+
+    <!-- Specific to the test suite -->
+    <allow own="org.freedesktop.DBus.TestSuiteEchoService"/>
+    <allow send_destination="org.freedesktop.DBus.TestSuiteEchoService"
+           send_interface="org.freedesktop.DBus.Introspectable"/>
+    <allow send_destination="org.freedesktop.DBus.TestSuiteEchoService"
+           send_interface="org.freedesktop.TestSuite"
+           send_member="EmitFoo"/>
  </policy>

  <policy context="default">
@ -48,16 +61,6 @@
            send_member="EmitFoo"/>
  </policy>

-  <!-- Config files are placed here that among other things, 
-       further restrict the above policy for specific services. -->
-  <includedir>session.d</includedir>
-
-  <!-- This is included last so local configuration can override what's 
-       in this standard file -->
-  <include ignore_missing="yes">session-local.conf</include>
-
-  <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
-
  <!-- For the session bus, override the default relatively-low limits 
       with essentially infinite limits, since the bus is just running 
       as the user anyway, using up bus resources is not something we need