Add argument checks to policy <allow>/<deny> rules.
Pekka Pessi
ppessi at gmail.com
Mon Jun 7 07:38:54 PDT 2010
2010/6/4 Luiz Augusto von Dentz <luiz.dentz at gmail.com>:
>> The patches add send_signature*, send_arg*, receive_signature, and
>> receive_arg* attributes to the <allow> and <deny> policy rules. With the
>> additions it is possible to restrict access to certain methods and signals
>> based on the argument values.
>>
>> For example, oFono uses extensively SetProperty methods with signature sv (s
>> for property name, v for value), pretty much like o.f.D.Properties.Set. The
>> argument-based policy can control write access to individual properties.
>
> I like the idea, I suppose it only works for strings as match rules args right?
Any basic type should work (except file descriptors, the check is not
very meaningful for them, I guess). The rule parser gets the type from
the signature attribute.
--
Pekka.Pessi mail at nokia.com
More information about the dbus
mailing list