D-Bus: Don't do <deny send_interface="..." /> in dbus service file

It does more than intended; apart from denying messages to that
particular interface it also denies all messages non-qualified with an
interface globally. This blocks messages completely unrelated to
wpa_supplicant, such as NetworkManager communication with the VPN
plugins.

From the dbus-daemon manual:

  Be careful with send_interface/receive_interface, because the
  interface field in messages is optional. In particular, do NOT
  specify <deny send_interface="org.foo.Bar"/>! This will cause
  no-interface messages to be blocked for all services, which is almost
  certainly not what you intended. Always use rules of the form: <deny
  send_interface="org.foo.Bar" send_destination="org.foo.Service"/>

We can just safely remove those rules, since we're sufficiently
protected by the send_destination matches and method calls are
disallowed by default anyway.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
This commit is contained in:
Lubomir Rintel 2016-01-27 17:02:07 +01:00 committed by Jouni Malinen
parent fe28ed3f29
commit df9e2c2a55

View file

@ -17,11 +17,9 @@
<policy context="default"> <policy context="default">
<deny own="fi.epitest.hostap.WPASupplicant"/> <deny own="fi.epitest.hostap.WPASupplicant"/>
<deny send_destination="fi.epitest.hostap.WPASupplicant"/> <deny send_destination="fi.epitest.hostap.WPASupplicant"/>
<deny send_interface="fi.epitest.hostap.WPASupplicant"/>
<deny own="fi.w1.wpa_supplicant1"/> <deny own="fi.w1.wpa_supplicant1"/>
<deny send_destination="fi.w1.wpa_supplicant1"/> <deny send_destination="fi.w1.wpa_supplicant1"/>
<deny send_interface="fi.w1.wpa_supplicant1"/>
<deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/> <deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
</policy> </policy>
</busconfig> </busconfig>