warehack.ing/mcdbus
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mcdbus/docs/examples/mcdbus.conf
Ryan Malloy 5fa1eb36ef Hamilton remediation: validation, ToolError, elicitation, permission docs 
Three-pillar fix from Hamilton review:

Code quality — validate_signature() for D-Bus spec compliance,
MCDBUS_TIMEOUT env var, replace 13 error-as-success returns with
ToolError, monotonic clock deadline on tree walks, sanitize D-Bus
error messages, fix resource connection leak via module-level
BusManager, hasattr guards in conftest.

Elicitation — ctx.elicit() confirmation for system bus call_method
and all set_property calls, graceful degradation when client lacks
elicitation support, MCDBUS_REQUIRE_ELICITATION for hard-fail mode.

Permission docs — four-layer guide (systemd sandboxing, dbus-broker
policy, polkit rules, xdg-dbus-proxy) with ready-to-deploy example
configs validated against xmllint, bash -n, and systemd-analyze.
2026-03-06 11:54:31 -07:00

130 lines
4.9 KiB
Plaintext
Raw Permalink Blame History

<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<!--
D-Bus bus policy for mcdbus.
Drop this file into /etc/dbus-1/system.d/ for the system bus
or /etc/dbus-1/session.d/ for the session bus, then reload:
sudo systemctl reload dbus.service
# or: sudo systemctl reload dbus-broker.service
Works with both dbus-daemon and dbus-broker.
The "user" attribute below should match the user running mcdbus.
If using DynamicUser=yes in the systemd unit, the user name is
the service name ("mcdbus"). If using a real account, change it.
-->
<busconfig>
<!-- Default deny for mcdbus user -->
<policy user="mcdbus">
<deny send_destination="*"/>
<!--
Always allow talking to the bus daemon itself.
Without this, ListNames and other discovery calls fail.
-->
<allow send_destination="org.freedesktop.DBus"/>
<!--
Desktop notifications (session bus).
Allows sending notifications but nothing else on the service.
-->
<allow send_destination="org.freedesktop.Notifications"
send_interface="org.freedesktop.Notifications"/>
<allow send_destination="org.freedesktop.Notifications"
send_interface="org.freedesktop.DBus.Introspectable"/>
<!--
MPRIS media players (session bus).
Wildcard matching is not supported in D-Bus policy files, so you
must add one block per player. These cover the common ones.
-->
<allow send_destination="org.mpris.MediaPlayer2.firefox"/>
<allow send_destination="org.mpris.MediaPlayer2.chromium"/>
<allow send_destination="org.mpris.MediaPlayer2.spotify"/>
<allow send_destination="org.mpris.MediaPlayer2.vlc"/>
<allow send_destination="org.mpris.MediaPlayer2.mpv"/>
<!--
UPower battery status (system bus, read-only).
Only allow property reads via the standard Properties interface.
-->
<allow send_destination="org.freedesktop.UPower"
send_interface="org.freedesktop.DBus.Properties"
send_member="Get"/>
<allow send_destination="org.freedesktop.UPower"
send_interface="org.freedesktop.DBus.Properties"
send_member="GetAll"/>
<allow send_destination="org.freedesktop.UPower"
send_interface="org.freedesktop.UPower"
send_member="EnumerateDevices"/>
<allow send_destination="org.freedesktop.UPower"
send_interface="org.freedesktop.DBus.Introspectable"/>
<!--
bluez Bluetooth (system bus, read-only).
GetManagedObjects returns the full device tree.
-->
<allow send_destination="org.bluez"
send_interface="org.freedesktop.DBus.ObjectManager"
send_member="GetManagedObjects"/>
<allow send_destination="org.bluez"
send_interface="org.freedesktop.DBus.Properties"
send_member="Get"/>
<allow send_destination="org.bluez"
send_interface="org.freedesktop.DBus.Properties"
send_member="GetAll"/>
<allow send_destination="org.bluez"
send_interface="org.freedesktop.DBus.Introspectable"/>
<!--
NetworkManager (system bus, read-only).
Allow property reads only. No method calls that change state.
-->
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.DBus.Properties"
send_member="Get"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.DBus.Properties"
send_member="GetAll"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.DBus.Introspectable"/>
<!--
systemd (system bus).
ListUnits is read-only. If you also want to allow start/stop/restart,
add rules for org.freedesktop.systemd1.Manager.StartUnit etc.
Those operations also require polkit authorization (Layer 3).
-->
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ListUnits"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.DBus.Properties"
send_member="Get"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.DBus.Properties"
send_member="GetAll"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.DBus.Introspectable"/>
<!--
To add more services, follow this pattern:
<allow send_destination="org.example.MyService"
send_interface="org.example.MyService"
send_member="MyMethod"/>
For read-only access, only allow Properties.Get, Properties.GetAll,
and Introspectable.Introspect. Omit send_member to allow all methods
on an interface.
-->
</policy>
</busconfig>
Reference in New Issue View Git Blame Copy Permalink