From adeba9a4cbe5c2fbcdbbcd59d559b6c3432ef4e4 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jussi.kukkonen@intel.com>
Date: Fri, 25 Sep 2015 14:14:01 +0300
Subject: connman: Don't use a blanket "allow" D-Bus policy

There are already "allow" rules for root and conditionally xuser to
send messages to connman: there should be no reason for a default
allow policy.

Also, conditionally add a policy to allow xuser to send to the
connman vpn service (similar to main service).

(From OE-Core rev: 7c75981944e92b5534b054058407d19de2a8a78c)

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-connectivity/connman/connman.inc | 6 ------
 1 file changed, 6 deletions(-)

(limited to 'meta/recipes-connectivity/connman/connman.inc')

diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc
index 6c062ae7a1..1712af3016 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -70,13 +70,7 @@ SYSTEMD_SERVICE_${PN} = "connman.service"
 SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service"
 SYSTEMD_WIRED_SETUP = "ExecStartPre=-${libdir}/connman/wired-setup"
 
-# This allows *everyone* to access ConnMan over DBus, without any access
-# control.  Really the at_console flag should work, which would mean that
-# both this and the xuser patch can be dropped.
 do_compile_append() {
-	sed -i -e s:deny:allow:g ${S}/src/connman-dbus.conf
-	sed -i -e s:deny:allow:g ${S}/vpn/vpn-dbus.conf
-
 	sed -i "s#ExecStart=#${SYSTEMD_WIRED_SETUP}\nExecStart=#" ${B}/src/connman.service
 }
 
-- 
cgit v1.2.3-54-g00ecf