dbus: remove at_console policy sectionremove-at-console

Remove restrictions on most D-Bus methods for remote sessions. This turns out to be a NOP for any PolicyKit-protected methods because PK automatically denies non-local users unless the <allow_any> directive is used, which NM does not use anywhwere. (If a build disables PolicyKit, then clearly these methods are no longer protected restricted to local sessions, but the cases where PK is disabled are likely the same cases where session tracking, and thus local/remote determination, are also disabled.) There's no particular reason to deny remote sessions the ability to inspect network state and read connections visible to that session. But those sessions are still denied the ability to register agents for password handling as there seems to be no good reason to allow it for now.
author: Dan Williams <dcbw@redhat.com> 2012-05-15 09:12:43 -0500
committer: Dan Williams <dcbw@redhat.com> 2012-05-15 09:19:59 -0500
commit: 31bd88f42b3245460e2ebd6f446767415974a778 (patch)
tree: d4c86e84fb720d80ef075e72e68b9cccdf800087
parent: e41bd08bf139bddca5d7d4606317381d4bc23b56 (diff)
download: NetworkManager-remove-at-console.tar.gz
1 files changed, 3 insertions, 67 deletions
diff --git a/src/org.freedesktop.NetworkManager.conf b/src/org.freedesktop.NetworkManager.conf
index 501b68bddc..853e854522 100644
--- a/src/org.freedesktop.NetworkManager.conf
+++ b/src/org.freedesktop.NetworkManager.conf
@@ -24,77 +24,13 @@
                 <allow send_destination="org.freedesktop.NetworkManager.pptp"/>
                 <allow send_destination="org.freedesktop.NetworkManager.vpnc"/>
         </policy>
-        <policy at_console="true">
+        <policy context="default">
                 <allow send_destination="org.freedesktop.NetworkManager"/>
 
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.DBus.Introspectable"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.DBus.Properties"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.AccessPoint"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.Connection.Active"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.Device.Modem"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.Device.Wired"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.Device.Serial"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.Device"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.IP4Config"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.AgentManager"/>
-
-                <deny send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager"
-                       send_member="SetLogging"/>
+                <deny send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
 
                 <deny send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager"
-                       send_member="Sleep"/>
-
-                <deny send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager"
-                       send_member="sleep"/>
-
-                <deny send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager"
-                       send_member="wake"/>
-        </policy>
-        <policy context="default">
-                <deny own="org.freedesktop.NetworkManager"/>
-
-                <deny send_destination="org.freedesktop.NetworkManager"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.Settings"/>
-
-                <allow send_destination="org.freedesktop.NetworkManager"
-                       send_interface="org.freedesktop.NetworkManager.AgentManager"/>
+                       send_interface="org.freedesktop.NetworkManager.PPP"/>
 
                 <deny send_destination="org.freedesktop.NetworkManager"
                        send_interface="org.freedesktop.NetworkManager"
author	Dan Williams <dcbw@redhat.com>	2012-05-15 09:12:43 -0500
committer	Dan Williams <dcbw@redhat.com>	2012-05-15 09:19:59 -0500
commit	31bd88f42b3245460e2ebd6f446767415974a778 (patch)
tree	d4c86e84fb720d80ef075e72e68b9cccdf800087
parent	e41bd08bf139bddca5d7d4606317381d4bc23b56 (diff)
download	NetworkManager-remove-at-console.tar.gz