The Bluez D-Bus policy is much too open and affects not just bluez but
all system services: Use upstream policy configuration instead.
This change has a chance of affecting other D-Bus services: the bug
that is fixed here may have hidden problems in other policies.
[YOCTO #8414]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
SRC_URI = "\
${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
- file://bluetooth.conf \
"
S = "${WORKDIR}/bluez-${PV}"
if [ -f ${S}/profiles/input/input.conf ]; then
install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
fi
- # at_console doesn't really work with the current state of OE, so punch some more holes so people can actually use BT
- install -m 0644 ${WORKDIR}/bluetooth.conf ${D}/${sysconfdir}/dbus-1/system.d/
+
+ install -m 0644 ${S}/src/bluetooth.conf ${D}/${sysconfdir}/dbus-1/system.d/
# Install desired tools that upstream leaves in build area
for f in ${NOINST_TOOLS} ; do
+++ /dev/null
-<!-- This configuration file specifies the required security policies
- for Bluetooth core daemon to work. -->
-
-<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-
- <!-- ../system.conf have denied everything, so we just punch some holes -->
-
- <policy context="default">
- <allow own="org.bluez"/>
- <allow send_destination="org.bluez"/>
- <allow send_interface="org.bluez.Agent1"/>
- <allow send_type="method_call"/>
- </policy>
-
-</busconfig>
