Bug 19060 - system policy cleanup
Summary: system policy cleanup
Alias: None
Product: dbus
Classification: Unclassified
Component: core (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Havoc Pennington
QA Contact: John (J5) Palmieri
Depends on:
Reported: 2008-12-12 14:29 UTC by Colin Walters
Modified: 2008-12-18 12:44 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:


Description Colin Walters 2008-12-12 14:29:03 UTC
The current system.conf default policy is too confusing and ill specified.  

Here's a pass at a rewrite which attempts to spell out exactly what we want in more explicit terms.  Please review carefully line by line.

  <policy context="default">
    <!-- All users can connect to system bus -->
    <allow user="*"/>

    <!-- Holes must be punched in service configuration files for
         name ownership and sending method calls -->
    <deny own="*"/>
    <deny send_type="method_call"/>

    <!-- Signals and reply messages (method returns, errors) are allowed
         by default -->
    <allow send_type="signal"/>
    <allow send_requested_reply="true" send_type="method_return"/>
    <allow send_requested_reply="true" send_type="error"/>

    <!-- All messages may be received by default -->
    <allow receive_type="method_call"/>
    <allow receive_type="method_return"/>
    <allow receive_type="error"/>
    <allow receive_type="signal"/>

    <!-- Allow anyone to talk to the message bus -->
    <allow send_destination="org.freedesktop.DBus"/>
    <!-- But disallow some specific bus services -->
    <deny send_destination="org.freedesktop.DBus"
Comment 1 Ray Strode [halfline] 2008-12-18 11:12:30 UTC
I think doing it this way makes a lot of sense.  It's very clear what's going on this way.

My only concern would be if new message types got added that this would need to be updated.  But that's not really an issue because it's unlikely that would happen since we're post-1.0 (and if it did, the patch would just need to remember to update the configuration)

Seems reasonable to me.
Comment 2 Colin Walters 2008-12-18 12:44:17 UTC
Pushed to 1.3 and 1.2:
commit dc77c213742d2a373e3ed134168e4377e7c99a61
Author: Colin Walters <walters@verbum.org>
Date:   Fri Dec 12 14:50:21 2008 -0500

    Clean up and clarify default system policy
    The former was too reliant on old bugs and was generally unclear.
    This one makes explicit exactly what is allowed and not.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.