[PATCH BlueZ] mesh: Add D-Bus policy for Bluetooth mesh daemon

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH BlueZ] mesh: Add D-Bus policy for Bluetooth mesh daemon
@ 2019-01-18  3:46 Inga Stotland
  2019-01-18  8:04 ` Von Dentz, Luiz
  2019-01-18  8:50 ` Marcel Holtmann
  0 siblings, 2 replies; 5+ messages in thread
From: Inga Stotland @ 2019-01-18  3:46 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: luiz.von.dentz, brian.gix, Inga Stotland

This adds new D-Bus policy file btmesh.conf
---
 Makefile.mesh    |  6 ++++++
 mesh/btmesh.conf | 24 ++++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 mesh/btmesh.conf

diff --git a/Makefile.mesh b/Makefile.mesh
index ea6c5e939..e15718116 100644
--- a/Makefile.mesh
+++ b/Makefile.mesh
@@ -1,5 +1,9 @@
 if MESH
 
+if DATAFILES
+dbus_DATA += mesh/btmesh.conf
+endif
+
 mesh_sources = mesh/mesh.h mesh/mesh.c \
 				mesh/net_keys.h mesh/net_keys.c \
 				mesh/mesh-io.h mesh/mesh-io.c \
@@ -27,4 +31,6 @@ libexec_PROGRAMS += mesh/meshd
 mesh_meshd_SOURCES = $(mesh_sources) mesh/main.c
 mesh_meshd_LDADD = src/libshared-ell.la $(ell_ldadd) -ljson-c
 mesh_meshd_DEPENDENCIES = $(ell_dependencies) src/libshared-ell.la
+
+EXTRA_DIST += mesh/btmesh.conf
 endif
diff --git a/mesh/btmesh.conf b/mesh/btmesh.conf
new file mode 100644
index 000000000..f05545065
--- /dev/null
+++ b/mesh/btmesh.conf
@@ -0,0 +1,24 @@
+<!-- This configuration file specifies the required security policies
+     for Bluetooth Mesh daemon to work. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <!-- ../system.conf have denied everything, so we just punch some holes -->
+
+  <policy user="root">
+    <allow own="org.bluez.mesh"/>
+    <allow send_destination="org.bluez.mesh"/>
+    <allow send_interface="org.bluez.mesh.Application1"/>
+    <allow send_interface="org.bluez.mesh.Element1"/>
+    <allow send_interface="org.bluez.mesh.ProvisionAgent1"/>
+    <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
+    <allow send_interface="org.freedesktop.DBus.Properties"/>
+  </policy>
+
+  <policy context="default">
+    <allow send_destination="org.bluez.mesh"/>
+  </policy>
+
+</busconfig>
-- 
2.17.2


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH BlueZ] mesh: Add D-Bus policy for Bluetooth mesh daemon
  2019-01-18  3:46 [PATCH BlueZ] mesh: Add D-Bus policy for Bluetooth mesh daemon Inga Stotland
@ 2019-01-18  8:04 ` Von Dentz, Luiz
  2019-01-19  3:54   ` Stotland, Inga
  2019-01-18  8:50 ` Marcel Holtmann
  1 sibling, 1 reply; 5+ messages in thread
From: Von Dentz, Luiz @ 2019-01-18  8:04 UTC (permalink / raw)
  To: Inga Stotland; +Cc: linux-bluetooth, Gix, Brian

Hi Inga,

On Fri, Jan 18, 2019 at 12:47 AM Inga Stotland <inga.stotland@intel.com> wrote:
>
> This adds new D-Bus policy file btmesh.conf
> ---
>  Makefile.mesh    |  6 ++++++
>  mesh/btmesh.conf | 24 ++++++++++++++++++++++++
>  2 files changed, 30 insertions(+)
>  create mode 100644 mesh/btmesh.conf
>
> diff --git a/Makefile.mesh b/Makefile.mesh
> index ea6c5e939..e15718116 100644
> --- a/Makefile.mesh
> +++ b/Makefile.mesh
> @@ -1,5 +1,9 @@
>  if MESH
>
> +if DATAFILES
> +dbus_DATA += mesh/btmesh.conf
> +endif
> +
>  mesh_sources = mesh/mesh.h mesh/mesh.c \
>                                 mesh/net_keys.h mesh/net_keys.c \
>                                 mesh/mesh-io.h mesh/mesh-io.c \
> @@ -27,4 +31,6 @@ libexec_PROGRAMS += mesh/meshd
>  mesh_meshd_SOURCES = $(mesh_sources) mesh/main.c
>  mesh_meshd_LDADD = src/libshared-ell.la $(ell_ldadd) -ljson-c
>  mesh_meshd_DEPENDENCIES = $(ell_dependencies) src/libshared-ell.la
> +
> +EXTRA_DIST += mesh/btmesh.conf
>  endif
> diff --git a/mesh/btmesh.conf b/mesh/btmesh.conf
> new file mode 100644
> index 000000000..f05545065
> --- /dev/null
> +++ b/mesh/btmesh.conf
> @@ -0,0 +1,24 @@
> +<!-- This configuration file specifies the required security policies
> +     for Bluetooth Mesh daemon to work. -->
> +
> +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
> + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> +<busconfig>
> +
> +  <!-- ../system.conf have denied everything, so we just punch some holes -->
> +
> +  <policy user="root">
> +    <allow own="org.bluez.mesh"/>
> +    <allow send_destination="org.bluez.mesh"/>
> +    <allow send_interface="org.bluez.mesh.Application1"/>
> +    <allow send_interface="org.bluez.mesh.Element1"/>
> +    <allow send_interface="org.bluez.mesh.ProvisionAgent1"/>
> +    <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
> +    <allow send_interface="org.freedesktop.DBus.Properties"/>
> +  </policy>
> +
> +  <policy context="default">
> +    <allow send_destination="org.bluez.mesh"/>
> +  </policy>
> +
> +</busconfig>
> --
> 2.17.2

Any plans to put together a btmesh.service file for systemd as well?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH BlueZ] mesh: Add D-Bus policy for Bluetooth mesh daemon
  2019-01-18  3:46 [PATCH BlueZ] mesh: Add D-Bus policy for Bluetooth mesh daemon Inga Stotland
  2019-01-18  8:04 ` Von Dentz, Luiz
@ 2019-01-18  8:50 ` Marcel Holtmann
  2019-01-19  3:49   ` Stotland, Inga
  1 sibling, 1 reply; 5+ messages in thread
From: Marcel Holtmann @ 2019-01-18  8:50 UTC (permalink / raw)
  To: Inga Stotland; +Cc: linux-bluetooth, Luiz Augusto von Dentz, Brian Gix

Hi Inga,

> This adds new D-Bus policy file btmesh.conf
> ---
> Makefile.mesh    |  6 ++++++
> mesh/btmesh.conf | 24 ++++++++++++++++++++++++
> 2 files changed, 30 insertions(+)
> create mode 100644 mesh/btmesh.conf
> 
> diff --git a/Makefile.mesh b/Makefile.mesh
> index ea6c5e939..e15718116 100644
> --- a/Makefile.mesh
> +++ b/Makefile.mesh
> @@ -1,5 +1,9 @@
> if MESH
> 
> +if DATAFILES
> +dbus_DATA += mesh/btmesh.conf
> +endif
> +

I prefer this is named bluetooth-mesh.conf.

And for the daemon binary name this might be better as bluetoothd-mesh instead of just meshd.

> mesh_sources = mesh/mesh.h mesh/mesh.c \
> 				mesh/net_keys.h mesh/net_keys.c \
> 				mesh/mesh-io.h mesh/mesh-io.c \
> @@ -27,4 +31,6 @@ libexec_PROGRAMS += mesh/meshd
> mesh_meshd_SOURCES = $(mesh_sources) mesh/main.c
> mesh_meshd_LDADD = src/libshared-ell.la $(ell_ldadd) -ljson-c
> mesh_meshd_DEPENDENCIES = $(ell_dependencies) src/libshared-ell.la
> +
> +EXTRA_DIST += mesh/btmesh.conf
> endif
> diff --git a/mesh/btmesh.conf b/mesh/btmesh.conf
> new file mode 100644
> index 000000000..f05545065
> --- /dev/null
> +++ b/mesh/btmesh.conf
> @@ -0,0 +1,24 @@
> +<!-- This configuration file specifies the required security policies
> +     for Bluetooth Mesh daemon to work. —>

Lower case “mesh” here.

> +
> +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
> + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> +<busconfig>
> +
> +  <!-- ../system.conf have denied everything, so we just punch some holes -->
> +
> +  <policy user="root">
> +    <allow own="org.bluez.mesh"/>
> +    <allow send_destination="org.bluez.mesh"/>
> +    <allow send_interface="org.bluez.mesh.Application1"/>
> +    <allow send_interface="org.bluez.mesh.Element1"/>
> +    <allow send_interface="org.bluez.mesh.ProvisionAgent1"/>
> +    <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
> +    <allow send_interface="org.freedesktop.DBus.Properties”/>

Do you need the last two?

> +  </policy>
> +
> +  <policy context="default">
> +    <allow send_destination="org.bluez.mesh"/>
> +  </policy>
> +
> +</busconfig>

Regards

Marcel


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH BlueZ] mesh: Add D-Bus policy for Bluetooth mesh daemon
  2019-01-18  8:50 ` Marcel Holtmann
@ 2019-01-19  3:49   ` Stotland, Inga
  0 siblings, 0 replies; 5+ messages in thread
From: Stotland, Inga @ 2019-01-19  3:49 UTC (permalink / raw)
  To: marcel; +Cc: Von Dentz, Luiz, linux-bluetooth, Gix, Brian

Hi Marcel,

On Fri, 2019-01-18 at 09:50 +0100, Marcel Holtmann wrote:
> Hi Inga,
> 
> This adds new D-Bus policy file btmesh.conf
> ---
> Makefile.mesh    |  6 ++++++
> mesh/btmesh.conf | 24 ++++++++++++++++++++++++
> 2 files changed, 30 insertions(+)
> create mode 100644 mesh/btmesh.conf
> 
> diff --git a/Makefile.mesh b/Makefile.mesh
> index ea6c5e939..e15718116 100644
> --- a/Makefile.mesh
> +++ b/Makefile.mesh
> @@ -1,5 +1,9 @@
> if MESH
> 
> +if DATAFILES
> +dbus_DATA += mesh/btmesh.conf
> +endif
> +
> 
> I prefer this is named bluetooth-mesh.conf.
> 
> And for the daemon binary name this might be better as bluetoothd-mesh instead of just meshd.

Agreed: makes it easier finding the process by name

> 
> mesh_sources = mesh/mesh.h mesh/mesh.c \
> 				mesh/net_keys.h mesh/net_keys.c \
> 				mesh/mesh-io.h mesh/mesh-io.c \
> @@ -27,4 +31,6 @@ libexec_PROGRAMS += mesh/meshd
> mesh_meshd_SOURCES = $(mesh_sources) mesh/main.c
> mesh_meshd_LDADD = src/libshared-ell.la $(ell_ldadd) -ljson-c
> mesh_meshd_DEPENDENCIES = $(ell_dependencies) src/libshared-ell.la
> +
> +EXTRA_DIST += mesh/btmesh.conf
> endif
> diff --git a/mesh/btmesh.conf b/mesh/btmesh.conf
> new file mode 100644
> index 000000000..f05545065
> --- /dev/null
> +++ b/mesh/btmesh.conf
> @@ -0,0 +1,24 @@
> +<!-- This configuration file specifies the required security policies
> +     for Bluetooth Mesh daemon to work. —>
> 
> Lower case “mesh” here.
> 
> +
> +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
> + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> +<busconfig>
> +
> +  <!-- ../system.conf have denied everything, so we just punch some holes -->
> +
> +  <policy user="root">
> +    <allow own="org.bluez.mesh"/>
> +    <allow send_destination="org.bluez.mesh"/>
> +    <allow send_interface="org.bluez.mesh.Application1"/>
> +    <allow send_interface="org.bluez.mesh.Element1"/>
> +    <allow send_interface="org.bluez.mesh.ProvisionAgent1"/>
> +    <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
> +    <allow send_interface="org.freedesktop.DBus.Properties”/>
> 
> Do you need the last two?

Not really. Will remove.

> 
> +  </policy>
> +
> +  <policy context="default">
> +    <allow send_destination="org.bluez.mesh"/>
> +  </policy>
> +
> +</busconfig>
> 
> Regards
> 
> Marcel
> 

Thanks,
Inga

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH BlueZ] mesh: Add D-Bus policy for Bluetooth mesh daemon
  2019-01-18  8:04 ` Von Dentz, Luiz
@ 2019-01-19  3:54   ` Stotland, Inga
  0 siblings, 0 replies; 5+ messages in thread
From: Stotland, Inga @ 2019-01-19  3:54 UTC (permalink / raw)
  To: Von Dentz, Luiz; +Cc: linux-bluetooth, Gix, Brian

Hi Luiz,
On Fri, 2019-01-18 at 05:04 -0300, Von Dentz, Luiz wrote:
> Hi Inga,
> 
> On Fri, Jan 18, 2019 at 12:47 AM Inga Stotland <
> inga.stotland@intel.com> wrote:
> 
> This adds new D-Bus policy file btmesh.conf
> ---
>  Makefile.mesh    |  6 ++++++
>  mesh/btmesh.conf | 24 ++++++++++++++++++++++++
>  2 files changed, 30 insertions(+)
>  create mode 100644 mesh/btmesh.conf
> 
> diff --git a/Makefile.mesh b/Makefile.mesh
> index ea6c5e939..e15718116 100644
> --- a/Makefile.mesh
> +++ b/Makefile.mesh
> @@ -1,5 +1,9 @@
>  if MESH
> 
> +if DATAFILES
> +dbus_DATA += mesh/btmesh.conf
> +endif
> +
>  mesh_sources = mesh/mesh.h mesh/mesh.c \
>                                 mesh/net_keys.h mesh/net_keys.c \
>                                 mesh/mesh-io.h mesh/mesh-io.c \
> @@ -27,4 +31,6 @@ libexec_PROGRAMS += mesh/meshd
>  mesh_meshd_SOURCES = $(mesh_sources) mesh/main.c
>  mesh_meshd_LDADD = src/libshared-ell.la $(ell_ldadd) -ljson-c
>  mesh_meshd_DEPENDENCIES = $(ell_dependencies) src/libshared-ell.la
> +
> +EXTRA_DIST += mesh/btmesh.conf
>  endif
> diff --git a/mesh/btmesh.conf b/mesh/btmesh.conf
> new file mode 100644
> index 000000000..f05545065
> --- /dev/null
> +++ b/mesh/btmesh.conf
> @@ -0,0 +1,24 @@
> +<!-- This configuration file specifies the required security
> policies
> +     for Bluetooth Mesh daemon to work. -->
> +
> +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus
> Configuration 1.0//EN"
> + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">;
> +<busconfig>
> +
> +  <!-- ../system.conf have denied everything, so we just punch some
> holes -->
> +
> +  <policy user="root">
> +    <allow own="org.bluez.mesh"/>
> +    <allow send_destination="org.bluez.mesh"/>
> +    <allow send_interface="org.bluez.mesh.Application1"/>
> +    <allow send_interface="org.bluez.mesh.Element1"/>
> +    <allow send_interface="org.bluez.mesh.ProvisionAgent1"/>
> +    <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
> +    <allow send_interface="org.freedesktop.DBus.Properties"/>
> +  </policy>
> +
> +  <policy context="default">
> +    <allow send_destination="org.bluez.mesh"/>
> +  </policy>
> +
> +</busconfig>
> --
> 2.17.2
> 
> Any plans to put together a btmesh.service file for systemd as well?
> 
> 

Yes, but for now I would like to hold off until mesh daemon and
bluetoothd can co-exist on one controller. Currently, mesh daemon
requires a sole ownership of an hci device.

Regards,
Inga

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2019-01-19  3:54 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-18  3:46 [PATCH BlueZ] mesh: Add D-Bus policy for Bluetooth mesh daemon Inga Stotland
2019-01-18  8:04 ` Von Dentz, Luiz
2019-01-19  3:54   ` Stotland, Inga
2019-01-18  8:50 ` Marcel Holtmann
2019-01-19  3:49   ` Stotland, Inga

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.