[PATCH] More lenient D-Bus policy
dcbw at redhat.com
Thu May 29 18:44:22 EDT 2014
On Mon, 2014-05-26 at 10:56 +0100, Zeeshan Ali (Khattak) wrote:
> On Mon, May 26, 2014 at 9:28 AM, Johannes Berg
> <johannes at sipsolutions.net> wrote:
> > On Sun, 2014-05-25 at 12:04 +0100, Zeeshan Ali (Khattak) wrote:
> >> I'm afraid you'll have to do all properties access control from the
> >> code instead. I can still provide a patch that only gives access to
> >> signals on the above objects and I can even make it more specific if
> >> we want that?
> > Well, the signals have the same problem really - there's a "new blob"
> > signal I believe which probably has all the blob properties.
> As I said:
> 1. You can define a refined policy for signals so thats fixable.
> 2. For properties, you can deny access from code.
That seems like the right way forward... I guess we have to audit the
signals and properties to make sure what the permissions should be. But
we really should do that anyway :) I can try to look at that this week,
but can't guarantee when exactly I'd get to it.
More information about the HostAP