build: Add D-Bus policy for Ethernet authentication daemon

2018-09-14 15:07:30 +02:00 · 2018-09-14 15:07:30 +02:00 · c9b460f5cc
parent 0c5b6e4da3
commit c9b460f5cc
2 changed files with 34 additions and 0 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -197,6 +197,10 @@ wired_ead_SOURCES = wired/main.c
 wired_ead_LDADD = ell/libell-internal.la
 wired_ead_DEPENDENCIES = ell/libell-internal.la

+if DBUS_POLICY
+dist_dbus_data_DATA += wired/ead-dbus.conf
+endif
+
 if SYSTEMD_SERVICE
 wired_ead_DEPENDENCIES += wired/ead.service

--- a/wired/ead-dbus.conf
+++ b/wired/ead-dbus.conf
@ -0,0 +1,30 @@
+<!-- This configuration file specifies the required security policies
+     for Ethernet daemon to work. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <!-- ../system.conf have denied everything, so we just punch some holes -->
+
+  <policy user="root">
+    <allow own="net.connman.ead"/>
+    <allow send_destination="net.connman.ead"/>
+    <allow send_interface="net.connman.ead.Agent"/>
+  </policy>
+
+  <policy group="wheel">
+    <allow send_destination="net.connman.ead"/>
+    <allow send_interface="net.connman.ead.Agent"/>
+  </policy>
+
+  <policy at_console="true">
+    <allow send_destination="net.connman.ead"/>
+    <allow send_interface="net.connman.ead.Agent"/>
+  </policy>
+
+  <policy context="default">
+    <deny send_destination="net.connman.ead"/>
+  </policy>
+
+</busconfig>