dbus.conf revision 4f6e8d7a00cbeda1e70cc15be9c4af1018bdad53 
1<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
2 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
3<busconfig>
4
5  <!-- Our well-known bus type, do not change this -->
6  <type>system</type>
7
8  <!-- Fork into daemon mode -->
9  <fork/>
10
11  <!-- Only allow socket-credentials-based authentication -->
12  <auth>EXTERNAL</auth>
13
14  <!-- Only listen on a local socket. (abstract=/path/to/socket 
15       means use abstract namespace, don't really create filesystem 
16       file; only Linux supports this. Use path=/whatever on other 
17       systems.) -->
18  <listen>unix:path=/dev/socket/dbus</listen>
19
20  <policy context="default">
21    <!-- Deny everything then punch holes -->
22    <deny send_interface="*"/>
23    <deny receive_interface="*"/>
24    <deny own="*"/>
25    <!-- But allow all users to connect -->
26    <allow user="*"/>
27    <!-- Allow anyone to talk to the message bus -->
28    <!-- FIXME I think currently these allow rules are always implicit 
29         even if they aren't in here -->
30    <allow send_destination="org.freedesktop.DBus"/>
31    <allow receive_sender="org.freedesktop.DBus"/>
32    <!-- valid replies are always allowed -->
33    <allow send_requested_reply="true"/>
34    <allow receive_requested_reply="true"/>
35  </policy>
36
37
38  <!-- Now punch holes for bluetooth -->
39
40  <policy context="default">
41    <allow own="*"/>
42    <allow user="*"/>
43    <allow send_destination="org.bluez.PasskeyAgent"/>
44    <allow receive_sender="org.bluez.PasskeyAgent"/>
45    <allow send_path="/org/bluez/PasskeyAgent"/>
46  </policy>
47
48  <policy user="root">
49    <allow own="org.bluez"/>
50  </policy>
51
52  <policy at_console="true">
53    <allow send_destination="org.bluez.Adapter"/>
54    <allow receive_sender="org.bluez.Adapter"/>
55
56    <allow send_path="/org/bluez/Adapter"/>
57
58    <allow send_destination="org.bluez.Manager"/>
59    <allow receive_sender="org.bluez.Manager"/>
60
61    <allow send_path="/org/bluez/Manager"/>
62
63    <allow send_destination="org.bluez.Security"/>
64    <allow receive_sender="org.bluez.Security"/>
65  </policy>
66
67</busconfig>
68