mesh: Add D-Bus policy for Bluetooth mesh daemon

This adds new D-Bus policy file bluetooth-mesh.conf
author: Inga Stotland <inga.stotland@intel.com> 2019-01-18 19:58:37 -0800
committer: Brian Gix <brian.gix@intel.com> 2019-02-04 12:04:42 -0800
commit: 64441a327a64e5f625062ab9e9f2fb362be80308 (patch)
tree: b6667285343c8aa99218d3dc6ea412fa71ebd10a /mesh/bluetooth-mesh.conf
parent: 314f340aaea98167c10bf10ac0873b76d380eb65 (diff)
download: bluez-64441a327a64e5f625062ab9e9f2fb362be80308.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/mesh/bluetooth-mesh.conf b/mesh/bluetooth-mesh.conf
new file mode 100644
index 000000000..28be7c649
--- /dev/null
+++ b/mesh/bluetooth-mesh.conf
@@ -0,0 +1,22 @@
+<!-- This configuration file specifies the required security policies
+     for Bluetooth mesh daemon to work. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <!-- ../system.conf have denied everything, so we just punch some holes -->
+
+  <policy user="root">
+    <allow own="org.bluez.mesh"/>
+    <allow send_destination="org.bluez.mesh"/>
+    <allow send_interface="org.bluez.mesh.Application1"/>
+    <allow send_interface="org.bluez.mesh.Element1"/>
+    <allow send_interface="org.bluez.mesh.ProvisionAgent1"/>
+  </policy>
+
+  <policy context="default">
+    <allow send_destination="org.bluez.mesh"/>
+  </policy>
+
+</busconfig>
author	Inga Stotland <inga.stotland@intel.com>	2019-01-18 19:58:37 -0800
committer	Brian Gix <brian.gix@intel.com>	2019-02-04 12:04:42 -0800
commit	64441a327a64e5f625062ab9e9f2fb362be80308 (patch)
tree	b6667285343c8aa99218d3dc6ea412fa71ebd10a /mesh/bluetooth-mesh.conf
parent	314f340aaea98167c10bf10ac0873b76d380eb65 (diff)
download	bluez-64441a327a64e5f625062ab9e9f2fb362be80308.tar.gz