45 lines
1.7 KiB
Plaintext
45 lines
1.7 KiB
Plaintext
<!DOCTYPE busconfig PUBLIC
|
|
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
<busconfig>
|
|
<!-- D-Bus policy configuration for Linux Hello Daemon -->
|
|
<!-- This file should be installed to /etc/dbus-1/system.d/ -->
|
|
|
|
<!-- Only root can own the service name -->
|
|
<policy user="root">
|
|
<allow own="org.linuxhello.Daemon"/>
|
|
<allow send_destination="org.linuxhello.Daemon"/>
|
|
<allow receive_sender="org.linuxhello.Daemon"/>
|
|
</policy>
|
|
|
|
<!-- Allow all users to call methods on the interface -->
|
|
<!-- Authentication and authorization is handled by the daemon itself -->
|
|
<policy context="default">
|
|
<!-- Allow introspection -->
|
|
<allow send_destination="org.linuxhello.Daemon"
|
|
send_interface="org.freedesktop.DBus.Introspectable"/>
|
|
|
|
<!-- Allow property access -->
|
|
<allow send_destination="org.linuxhello.Daemon"
|
|
send_interface="org.freedesktop.DBus.Properties"/>
|
|
|
|
<!-- Allow calling methods on the Manager interface -->
|
|
<allow send_destination="org.linuxhello.Daemon"
|
|
send_interface="org.linuxhello.Manager"/>
|
|
|
|
<!-- Allow receiving signals from the daemon -->
|
|
<allow receive_sender="org.linuxhello.Daemon"/>
|
|
</policy>
|
|
|
|
<!-- Security note:
|
|
The daemon performs its own authorization checks:
|
|
- Authentication: Available to all callers (PAM may call as any user)
|
|
- Enrollment: Only root or the target user can enroll faces
|
|
- List templates: Only root or the target user can list their templates
|
|
- Remove templates: Only root or the target user can remove their templates
|
|
|
|
D-Bus signals (EnrollmentProgress, EnrollmentComplete, Error) are broadcast
|
|
to all connected clients.
|
|
-->
|
|
</busconfig>
|