[Pkg-bluetooth-commits] r768 - in /packages/bluez-utils/trunk/debian: NEWS bluetooth-dbus.conf bluez-utils.postinst changelog

filippo at users.alioth.debian.org filippo at users.alioth.debian.org
Thu Jan 8 17:45:51 UTC 2009 

Author: filippo
Date: Thu Jan  8 17:45:51 2009
New Revision: 768

URL: http://svn.debian.org/wsvn/pkg-bluetooth/?sc=1&rev=768
Log:
add netdev group in postinst and NEW entry

Modified:
    packages/bluez-utils/trunk/debian/NEWS
    packages/bluez-utils/trunk/debian/bluetooth-dbus.conf
    packages/bluez-utils/trunk/debian/bluez-utils.postinst
    packages/bluez-utils/trunk/debian/changelog

Modified: packages/bluez-utils/trunk/debian/NEWS
URL: http://svn.debian.org/wsvn/pkg-bluetooth/packages/bluez-utils/trunk/debian/NEWS?rev=768&op=diff
==============================================================================
--- packages/bluez-utils/trunk/debian/NEWS (original)
+++ packages/bluez-utils/trunk/debian/NEWS Thu Jan  8 17:45:51 2009
@@ -1,3 +1,12 @@
+bluez-utils (3.36-3) unstable; urgency=low
+
+  This version includes an new d-bus policy with updated access control.
+  As a result of this, only users of netdev group or which are in front of the
+  computer (i.e. match the at_console="true" rule) are able to communicate
+  with hcid via dbus. See also #510644.
+
+ -- Filippo Giunchedi <filippo at debian.org>  Thu, 08 Jan 2009 18:35:38 +0100
+
 bluez-utils (3.30-2) unstable; urgency=low
 
   This upstream version switches the service infrastructure from external

Modified: packages/bluez-utils/trunk/debian/bluetooth-dbus.conf
URL: http://svn.debian.org/wsvn/pkg-bluetooth/packages/bluez-utils/trunk/debian/bluetooth-dbus.conf?rev=768&op=diff
==============================================================================
--- packages/bluez-utils/trunk/debian/bluetooth-dbus.conf (original)
+++ packages/bluez-utils/trunk/debian/bluetooth-dbus.conf Thu Jan  8 17:45:51 2009
@@ -10,14 +10,19 @@
   <policy user="root">
     <allow own="org.bluez"/>
     <allow send_destination="org.bluez"/>
-    <allow send_interface="org.bluez.Agent"/>
+
+    <!-- allow root to send to agents -->
+    <allow send_interface="org.bluez.PasskeyAgent"/>
+    <allow send_interface="org.bluez.AuthorizationAgent"/>
   </policy>
 
+  <!-- allow users at the console, see consolekit or libpam-foreground -->
   <policy at_console="true">
-    <allow receive_sender="org.bluez"/>
+    <allow send_destination="org.bluez"/>
   </policy>
 
-  <policy context="default">
+  <!-- allow users of netdev group to communicate with hcid -->
+  <policy group="netdev">
     <allow send_destination="org.bluez"/>
   </policy>
 

Modified: packages/bluez-utils/trunk/debian/bluez-utils.postinst
URL: http://svn.debian.org/wsvn/pkg-bluetooth/packages/bluez-utils/trunk/debian/bluez-utils.postinst?rev=768&op=diff
==============================================================================
--- packages/bluez-utils/trunk/debian/bluez-utils.postinst (original)
+++ packages/bluez-utils/trunk/debian/bluez-utils.postinst Thu Jan  8 17:45:51 2009
@@ -37,6 +37,12 @@
             echo "Creating device nodes ..."
             cd /dev && ./MAKEDEV bluetooth
         fi
+
+        # Add the netdev group unless it's already there
+        if ! getent group netdev >/dev/null; then
+            addgroup --quiet --system netdev || true
+        fi
+
         # reload dbus config file
         if [ -x /etc/init.d/dbus ]; then
             invoke-rc.d dbus force-reload || true

Modified: packages/bluez-utils/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-bluetooth/packages/bluez-utils/trunk/debian/changelog?rev=768&op=diff
==============================================================================
--- packages/bluez-utils/trunk/debian/changelog (original)
+++ packages/bluez-utils/trunk/debian/changelog Thu Jan  8 17:45:51 2009
@@ -1,8 +1,11 @@
 bluez-utils (3.36-3) unstable; urgency=high
 
   * Ship a new bluetooth.conf fixing dbus permissions RC bug (Closes: #510644)
-
- -- Filippo Giunchedi <filippo at debian.org>  Mon, 05 Jan 2009 21:02:58 +0100
+    - As a result of this, now users of netdev group are able to communicate
+      with hcid via dbus
+    - Add netdev group in postinst if not present
+  
+ -- Filippo Giunchedi <filippo at debian.org>  Thu, 08 Jan 2009 18:42:24 +0100
 
 bluez-utils (3.36-2) unstable; urgency=medium

More information about the Pkg-bluetooth-commits mailing list