diff options
| author | Colin Walters <walters@verbum.org> | 2008-12-16 12:29:04 -0500 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2008-12-16 12:29:04 -0500 |
| commit | c224ba1861b1492db7e1f7f8c9f183acd2076c79 (patch) | |
| tree | d4355bc2d3e5ebe703e4488522400270b6d1c701 /test | |
| parent | 427ff01f9d656700b370bb905fe738e76602a842 (diff) | |
| parent | 3d6abf64d0abb2718e082e120f14f8f923a4af59 (diff) | |
Merge commit '3d6abf64d0abb2718e082e120f14f8f923a4af59' into dbus-1.2
Diffstat (limited to 'test')
| -rw-r--r-- | test/name-test/tmp-session-like-system.conf | 51 |
1 files changed, 27 insertions, 24 deletions
diff --git a/test/name-test/tmp-session-like-system.conf b/test/name-test/tmp-session-like-system.conf index 1cb640a2..0818109a 100644 --- a/test/name-test/tmp-session-like-system.conf +++ b/test/name-test/tmp-session-like-system.conf @@ -16,27 +16,40 @@ <!-- intended to match system bus --> <policy context="default"> - <!-- Deny everything then punch holes --> - <deny send_interface="*"/> - <deny receive_interface="*"/> - <deny own="*"/> - <!-- But allow all users to connect --> + <!-- All users can connect to system bus --> <allow user="*"/> - <!-- Allow anyone to talk to the message bus --> - <!-- FIXME I think currently these eallow rules are always implicit - even if they aren't in here --> - <allow send_destination="org.freedesktop.DBus"/> - <allow receive_sender="org.freedesktop.DBus"/> - <!-- Allow all signals to be sent by default --> + + <!-- Holes must be punched in service configuration files for + name ownership and sending method calls --> + <deny own="*"/> + <deny send_type="method_call"/> + + <!-- Signals and reply messages (method returns, errors) are allowed + by default --> <allow send_type="signal"/> - <!-- valid replies are always allowed --> <allow send_requested_reply="true" send_type="method_return"/> <allow send_requested_reply="true" send_type="error"/> - <allow receive_requested_reply="true"/> - <!-- disallow changing the activation environment of system services --> + + <!-- All messages may be received by default --> + <allow receive_type="method_call"/> + <allow receive_type="method_return"/> + <allow receive_type="error"/> + <allow receive_type="signal"/> + + <!-- Allow anyone to talk to the message bus --> + <allow send_destination="org.freedesktop.DBus"/> + <!-- But disallow some specific bus services --> <deny send_destination="org.freedesktop.DBus" send_interface="org.freedesktop.DBus" send_member="UpdateActivationEnvironment"/> + + <!-- Specific to the test suite --> + <allow own="org.freedesktop.DBus.TestSuiteEchoService"/> + <allow send_destination="org.freedesktop.DBus.TestSuiteEchoService" + send_interface="org.freedesktop.DBus.Introspectable"/> + <allow send_destination="org.freedesktop.DBus.TestSuiteEchoService" + send_interface="org.freedesktop.TestSuite" + send_member="EmitFoo"/> </policy> <policy context="default"> @@ -48,16 +61,6 @@ send_member="EmitFoo"/> </policy> - <!-- Config files are placed here that among other things, - further restrict the above policy for specific services. --> - <includedir>session.d</includedir> - - <!-- This is included last so local configuration can override what's - in this standard file --> - <include ignore_missing="yes">session-local.conf</include> - - <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include> - <!-- For the session bus, override the default relatively-low limits with essentially infinite limits, since the bus is just running as the user anyway, using up bus resources is not something we need |