We should offer a dramatically simplified policy language for services to use. Something along the lines of: <service name="org.freedesktop.Hal" user="root"> <allow interface="org.freedesktop.Hal.EraseMyDisks" user=root" /> <allow interface="org.freedesktop.Hal.GetDiskGeometry" /> </service>
See https://bugs.freedesktop.org/show_bug.cgi?id=50264#c1 and subsequent comments for a sketch of a different policy language. As far as I understand it, kdbus has a different plan for access-control, which specifically does not parse message payloads (path, interface, method name): it only looks at the source and destination process, bus names and credentials (mostly uid). The justification for that design appears to be that the destination service will be dispatching messages according to its interpretation of the path, interface and method name (at which point it can apply whatever access-control it wants to, including calling out to PolicyKit), and if it cannot be trusted to do that correctly, then it can't be trusted to receive them at all. My sketch in Bug #50264 is consistent with the kdbus approach, fwiw.
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/13.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.