diff options
| author | William Jon McCann <jmccann@redhat.com> | 2008-02-12 15:00:46 -0500 |
|---|---|---|
| committer | William Jon McCann <jmccann@redhat.com> | 2008-02-12 15:00:46 -0500 |
| commit | 40dff5a03c7b085e34a7052efd23651d5be7674f (patch) | |
| tree | 429e4ebc47f4dd027067891684172bc427b92975 /data | |
| parent | 685f2cbf9d69da556907ba6c935fe6ab1d2eeda3 (diff) | |
| download | ConsoleKit2-40dff5a03c7b085e34a7052efd23651d5be7674f.tar.gz | |
reverse the sense of the dbus policy
Deny first and then allow. Add a simple test
script to check method access policy.
Diffstat (limited to 'data')
| -rw-r--r-- | data/ConsoleKit.conf | 94 |
1 files changed, 74 insertions, 20 deletions
diff --git a/data/ConsoleKit.conf b/data/ConsoleKit.conf index d1a6335..70a0423 100644 --- a/data/ConsoleKit.conf +++ b/data/ConsoleKit.conf @@ -7,34 +7,88 @@ <policy user="root"> <allow own="org.freedesktop.ConsoleKit"/> + <!-- Allow all methods on interfaces --> <allow send_interface="org.freedesktop.ConsoleKit.Manager"/> <allow send_interface="org.freedesktop.ConsoleKit.Seat"/> <allow send_interface="org.freedesktop.ConsoleKit.Session"/> - - <allow send_interface="org.freedesktop.ConsoleKit.Manager" - send_member="OpenSessionWithParameters"/> - <allow send_interface="org.freedesktop.ConsoleKit.Session" - send_member="Lock"/> - <allow send_interface="org.freedesktop.ConsoleKit.Session" - send_member="Unlock"/> - <allow send_destination="org.freedesktop.ConsoleKit" - send_interface="org.freedesktop.DBus.Properties" /> </policy> - <!-- Allow anyone to invoke methods on the interfaces --> + <!-- Deny all and then allow some methods on interfaces --> <policy context="default"> - <allow send_interface="org.freedesktop.ConsoleKit.Manager"/> - <allow send_interface="org.freedesktop.ConsoleKit.Seat"/> - <allow send_interface="org.freedesktop.ConsoleKit.Session"/> - - <deny send_interface="org.freedesktop.ConsoleKit.Manager" - send_member="OpenSessionWithParameters"/> - <deny send_interface="org.freedesktop.ConsoleKit.Session" - send_member="Lock"/> - <deny send_interface="org.freedesktop.ConsoleKit.Session" - send_member="Unlock"/> + <deny send_interface="org.freedesktop.ConsoleKit.Manager"/> + <deny send_interface="org.freedesktop.ConsoleKit.Seat"/> + <deny send_interface="org.freedesktop.ConsoleKit.Session"/> <deny send_destination="org.freedesktop.ConsoleKit" send_interface="org.freedesktop.DBus.Properties" /> + + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="Restart"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="Stop"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="OpenSession"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="CloseSession"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="GetSeats"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="GetSessionForCookie"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="GetSessionForUnixProcess"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="GetCurrentSession"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="GetSessionsForUnixUser"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="GetSessionsForUser"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="GetSystemIdleHint"/> + <allow send_interface="org.freedesktop.ConsoleKit.Manager" + send_member="GetSystemIdleSinceHint"/> + + <allow send_interface="org.freedesktop.ConsoleKit.Seat" + send_member="GetId"/> + <allow send_interface="org.freedesktop.ConsoleKit.Seat" + send_member="GetSessions"/> + <allow send_interface="org.freedesktop.ConsoleKit.Seat" + send_member="GetDevices"/> + <allow send_interface="org.freedesktop.ConsoleKit.Seat" + send_member="GetActiveSession"/> + <allow send_interface="org.freedesktop.ConsoleKit.Seat" + send_member="CanActivateSessions"/> + <allow send_interface="org.freedesktop.ConsoleKit.Seat" + send_member="ActivateSession"/> + + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetId"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetSeatId"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetSessionType"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetUser"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetUnixUser"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetX11Display"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetX11DisplayDevice"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetDisplayDevice"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetRemoteHostName"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="IsActive"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="IsLocal"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetCreationTime"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="Activate"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetIdleHint"/> + <allow send_interface="org.freedesktop.ConsoleKit.Session" + send_member="GetIdleSinceHint"/> </policy> </busconfig> |