dbus.conf revision 4f6e8d7a00cbeda1e70cc15be9c4af1018bdad53
1<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" 2 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> 3<busconfig> 4 5 <!-- Our well-known bus type, do not change this --> 6 <type>system</type> 7 8 <!-- Fork into daemon mode --> 9 <fork/> 10 11 <!-- Only allow socket-credentials-based authentication --> 12 <auth>EXTERNAL</auth> 13 14 <!-- Only listen on a local socket. (abstract=/path/to/socket 15 means use abstract namespace, don't really create filesystem 16 file; only Linux supports this. Use path=/whatever on other 17 systems.) --> 18 <listen>unix:path=/dev/socket/dbus</listen> 19 20 <policy context="default"> 21 <!-- Deny everything then punch holes --> 22 <deny send_interface="*"/> 23 <deny receive_interface="*"/> 24 <deny own="*"/> 25 <!-- But allow all users to connect --> 26 <allow user="*"/> 27 <!-- Allow anyone to talk to the message bus --> 28 <!-- FIXME I think currently these allow rules are always implicit 29 even if they aren't in here --> 30 <allow send_destination="org.freedesktop.DBus"/> 31 <allow receive_sender="org.freedesktop.DBus"/> 32 <!-- valid replies are always allowed --> 33 <allow send_requested_reply="true"/> 34 <allow receive_requested_reply="true"/> 35 </policy> 36 37 38 <!-- Now punch holes for bluetooth --> 39 40 <policy context="default"> 41 <allow own="*"/> 42 <allow user="*"/> 43 <allow send_destination="org.bluez.PasskeyAgent"/> 44 <allow receive_sender="org.bluez.PasskeyAgent"/> 45 <allow send_path="/org/bluez/PasskeyAgent"/> 46 </policy> 47 48 <policy user="root"> 49 <allow own="org.bluez"/> 50 </policy> 51 52 <policy at_console="true"> 53 <allow send_destination="org.bluez.Adapter"/> 54 <allow receive_sender="org.bluez.Adapter"/> 55 56 <allow send_path="/org/bluez/Adapter"/> 57 58 <allow send_destination="org.bluez.Manager"/> 59 <allow receive_sender="org.bluez.Manager"/> 60 61 <allow send_path="/org/bluez/Manager"/> 62 63 <allow send_destination="org.bluez.Security"/> 64 <allow receive_sender="org.bluez.Security"/> 65 </policy> 66 67</busconfig> 68