On 2015-04-28 12:42, Lukasz Wojciechowski wrote: > Hi > > I'm studying connman's code and I'm interested in limiting access to > some API. > I found that there is a mechanism for defining security plugins, that > set GDBusSecurityTable by calling g_dbus_register_security(). > There is only one such plugin implemented - polkit plugin. > > However IMO it seems to be dead. > It registers polkit checks for privileges: CONNMAN_PRIVILEGE_MODIFY and > CONNMAN_PRIVILEGE_SECRET, > but all gdbus methods registered with GDBUS_*_METHOD macros do not set > privilege field in GDBusMethodTable structure. > Because of that security checks are never run, because method->privilege > never equals security->privilege (check_privilege() function in > gdbus/object.c). > > So I have few questions: > * What am I missing? How this security works ? > * Are there any plans for defining privileges for methods ?
Connman uses DBus' bus policies to limit access, cf. > http://git.kernel.org/cgit/network/connman/connman.git/tree/src/connman-dbus.conf and the respective file for connman-vpn. Distributions seem to tweak those to limit/grant access. No idea what the other code is for. -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167 http://software.tao.at
signature.asc
Description: OpenPGP digital signature
_______________________________________________ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman