From b4c49f273127e9bbe6f5a3fe39b1648c451c743d Mon Sep 17 00:00:00 2001
From: Aleksander Morgado <aleksander@aleksander.es>
Date: Fri, 8 Dec 2017 16:25:23 +0100
Subject: NIO: run ModemManager only with explicitly whitelisted devices

---
 data/ModemManager.service.in | 2 +-
 src/78-mm-nio.rules          | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/ModemManager.service.in b/data/ModemManager.service.in
index 0f65e425d..bbc406fc3 100644
--- a/data/ModemManager.service.in
+++ b/data/ModemManager.service.in
@@ -4,7 +4,7 @@ Description=Modem Manager
 [Service]
 Type=dbus
 BusName=org.freedesktop.ModemManager1
-ExecStart=@sbindir@/ModemManager
+ExecStart=@sbindir@/ModemManager --filter-policy=WHITELIST-ONLY
 StandardError=null
 Restart=on-abort
 CapabilityBoundingSet=CAP_SYS_ADMIN
diff --git a/src/78-mm-nio.rules b/src/78-mm-nio.rules
index 9b64e8db6..ce448788f 100644
--- a/src/78-mm-nio.rules
+++ b/src/78-mm-nio.rules
@@ -4,4 +4,7 @@ ACTION!="add|change|move", GOTO="mm_nio_rules_end"
 # Modem is named 'toby'
 DEVPATH=="/devices/soc0/soc/2100000.aips-bus/2184200.usb/ci_hdrc.1/usb2/2-1", ENV{ID_MM_PHYSDEV_UID}="toby"
 
+# Modem is explicitly whitelisted in ModemManager
+DEVPATH=="/devices/soc0/soc/2100000.aips-bus/2184200.usb/ci_hdrc.1/usb2/2-1", ENV{ID_MM_DEVICE_PROCESS}="1"
+
 LABEL="mm_nio_rules_end"
-- 
cgit v1.2.1