mirror of
https://github.com/systemd/systemd.git
synced 2024-10-31 16:21:26 +03:00
core: update dbus policy file
This patch does four things: 1. Adds more comments that clarify the order in which things appear in the file 2. All entries are placed in the order in which their SD_BUS_METHOD() macros appear in the C vtables. 3. A couple of missing entries are added that should be open to all or do polkit 4. Corrects the interface name for the GetProcesses() calls. They belong to the per-unit interface, not to Unit
This commit is contained in:
parent
cedf508886
commit
a6011d1887
@ -30,7 +30,7 @@
|
||||
<policy context="default">
|
||||
<deny send_destination="org.freedesktop.systemd1"/>
|
||||
|
||||
<!-- Completely open to anyone -->
|
||||
<!-- Completely open to anyone: org.freedesktop.DBus.* interfaces -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.DBus.Introspectable"/>
|
||||
@ -46,6 +46,8 @@
|
||||
send_interface="org.freedesktop.DBus.Properties"
|
||||
send_member="GetAll"/>
|
||||
|
||||
<!-- Completely open to anyone: org.freedesktop.systemd1.Manager interface -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="GetUnit"/>
|
||||
@ -62,6 +64,10 @@
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="LoadUnit"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="GetUnitProcesses"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="GetJob"/>
|
||||
@ -88,23 +94,7 @@
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="ListUnitFiles"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="ListUnitFilesByPatterns"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="GetUnitFileState"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="GetUnitProcesses"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="GetUnitFileLinks"/>
|
||||
send_member="ListUnitsByNames"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
@ -122,10 +112,26 @@
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="Dump"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="ListUnitFiles"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="ListUnitFilesByPatterns"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="GetUnitFileState"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="GetDefaultTarget"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="GetUnitFileLinks"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="LookupDynamicUserByName"/>
|
||||
@ -134,7 +140,43 @@
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="LookupDynamicUserByUID"/>
|
||||
|
||||
<!-- Managed via polkit or other criteria -->
|
||||
<!-- Completely open to anyone: org.freedesktop.systemd1.Unit interface -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Service"
|
||||
send_member="GetProcesses"/>
|
||||
|
||||
<!-- Completely open to anyone: org.freedesktop.systemd1.Slice interface -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Slice"
|
||||
send_member="GetProcesses"/>
|
||||
|
||||
<!-- Completely open to anyone: org.freedesktop.systemd1.Scope interface -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Scope"
|
||||
send_member="GetProcesses"/>
|
||||
|
||||
<!-- Completely open to anyone: org.freedesktop.systemd1.Socket interface -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Socket"
|
||||
send_member="GetProcesses"/>
|
||||
|
||||
<!-- Completely open to anyone: org.freedesktop.systemd1.Mount interface -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Mount"
|
||||
send_member="GetProcesses"/>
|
||||
|
||||
<!-- Completely open to anyone: org.freedesktop.systemd1.Swap interface -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Swap"
|
||||
send_member="GetProcesses"/>
|
||||
|
||||
<!-- Managed via polkit or other criteria: org.freedesktop.systemd1.Manager interface -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
@ -182,7 +224,11 @@
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="ListUnitsByNames"/>
|
||||
send_member="RefUnit"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="UnrefUnit"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
@ -192,6 +238,14 @@
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="CancelJob"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="ClearJobs"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="ResetFailed"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="Reload"/>
|
||||
@ -200,14 +254,6 @@
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="Reexecute"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="RefUnit"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="UnrefUnit"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="EnableUnitFiles"/>
|
||||
@ -224,10 +270,6 @@
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="LinkUnitFiles"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="RevertUnitFiles"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="PresetUnitFiles"/>
|
||||
@ -244,6 +286,10 @@
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="UnmaskUnitFiles"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="RevertUnitFiles"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="SetDefaultTarget"/>
|
||||
@ -256,6 +302,8 @@
|
||||
send_interface="org.freedesktop.systemd1.Manager"
|
||||
send_member="AddDependencyUnitFiles"/>
|
||||
|
||||
<!-- Managed via polkit or other criteria: org.freedesktop.systemd1.Job interface -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Job"
|
||||
send_member="Cancel"/>
|
||||
@ -268,6 +316,56 @@
|
||||
send_interface="org.freedesktop.systemd1.Job"
|
||||
send_member="GetBefore"/>
|
||||
|
||||
<!-- Managed via polkit or other criteria: org.freedesktop.systemd1.Unit interface -->
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="Start"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="Stop"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="Reload"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="Restart"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="TryRestart"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="ReloadOrRestart"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="ReloadOrTryRestart"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="Kill"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="ResetFailed"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="SetProperties"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="Ref"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.systemd1"
|
||||
send_interface="org.freedesktop.systemd1.Unit"
|
||||
send_member="Unref"/>
|
||||
|
||||
<allow receive_sender="org.freedesktop.systemd1"/>
|
||||
</policy>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user