diff options
| -rw-r--r-- | meta/recipes-connectivity/connman/connman.inc | 6 | ||||
| -rw-r--r-- | meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch | 28 |
2 files changed, 25 insertions, 9 deletions
diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc index 6c062ae7a1..1712af3016 100644 --- a/meta/recipes-connectivity/connman/connman.inc +++ b/meta/recipes-connectivity/connman/connman.inc | |||
| @@ -70,13 +70,7 @@ SYSTEMD_SERVICE_${PN} = "connman.service" | |||
| 70 | SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" | 70 | SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" |
| 71 | SYSTEMD_WIRED_SETUP = "ExecStartPre=-${libdir}/connman/wired-setup" | 71 | SYSTEMD_WIRED_SETUP = "ExecStartPre=-${libdir}/connman/wired-setup" |
| 72 | 72 | ||
| 73 | # This allows *everyone* to access ConnMan over DBus, without any access | ||
| 74 | # control. Really the at_console flag should work, which would mean that | ||
| 75 | # both this and the xuser patch can be dropped. | ||
| 76 | do_compile_append() { | 73 | do_compile_append() { |
| 77 | sed -i -e s:deny:allow:g ${S}/src/connman-dbus.conf | ||
| 78 | sed -i -e s:deny:allow:g ${S}/vpn/vpn-dbus.conf | ||
| 79 | |||
| 80 | sed -i "s#ExecStart=#${SYSTEMD_WIRED_SETUP}\nExecStart=#" ${B}/src/connman.service | 74 | sed -i "s#ExecStart=#${SYSTEMD_WIRED_SETUP}\nExecStart=#" ${B}/src/connman.service |
| 81 | } | 75 | } |
| 82 | 76 | ||
diff --git a/meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch b/meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch index 707b3cafba..15a191da55 100644 --- a/meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch +++ b/meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch | |||
| @@ -1,9 +1,14 @@ | |||
| 1 | Because Poky doesn't support at_console we need to special-case the session | 1 | Because Poky doesn't support at_console we need to |
| 2 | user. | 2 | special-case the session user. |
| 3 | 3 | ||
| 4 | Upstream-Status: Inappropriate [configuration] | 4 | Upstream-Status: Inappropriate [configuration] |
| 5 | 5 | ||
| 6 | Signed-off-by: Ross Burton <ross.burton@intel.com> | 6 | Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> |
| 7 | |||
| 8 | --- | ||
| 9 | src/connman-dbus.conf | 3 +++ | ||
| 10 | vpn/vpn-dbus.conf | 3 +++ | ||
| 11 | 2 files changed, 6 insertions(+) | ||
| 7 | 12 | ||
| 8 | diff --git a/src/connman-dbus.conf b/src/connman-dbus.conf | 13 | diff --git a/src/connman-dbus.conf b/src/connman-dbus.conf |
| 9 | index 98a773e..466809c 100644 | 14 | index 98a773e..466809c 100644 |
| @@ -19,3 +24,20 @@ index 98a773e..466809c 100644 | |||
| 19 | <policy at_console="true"> | 24 | <policy at_console="true"> |
| 20 | <allow send_destination="net.connman"/> | 25 | <allow send_destination="net.connman"/> |
| 21 | </policy> | 26 | </policy> |
| 27 | diff --git a/vpn/vpn-dbus.conf b/vpn/vpn-dbus.conf | ||
| 28 | index 0f0c8da..9ad05b9 100644 | ||
| 29 | --- a/vpn/vpn-dbus.conf | ||
| 30 | +++ b/vpn/vpn-dbus.conf | ||
| 31 | @@ -6,6 +6,9 @@ | ||
| 32 | <allow send_destination="net.connman.vpn"/> | ||
| 33 | <allow send_interface="net.connman.vpn.Agent"/> | ||
| 34 | </policy> | ||
| 35 | + <policy user="xuser"> | ||
| 36 | + <allow send_destination="net.connman.vpn"/> | ||
| 37 | + </policy> | ||
| 38 | <policy at_console="true"> | ||
| 39 | <allow send_destination="net.connman.vpn"/> | ||
| 40 | </policy> | ||
| 41 | -- | ||
| 42 | 2.1.4 | ||
| 43 | |||