search

chrvadala / node-ble

Bluetooth Low Energy (BLE) library written with pure Node.js (no bindings) - baked by Bluez via DBus
https://www.npmjs.com/package/node-ble
MIT License
320 stars 47 forks source link

Clarification of `node-ble.config` permissions/policy #55

Closed thehans closed 1 year ago

thehans commented 1 year ago

The README has instructions about setting permissions here: https://github.com/chrvadala/node-ble#provide-permissions

In order to allow a connection with the DBus daemon, you have to set up right permissions.

Create the file /etc/dbus-1/system.d/node-ble.conf with the following content (customize with userid)

<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <policy user="%userid%">
   <allow own="org.bluez"/>
    <allow send_destination="org.bluez"/>
    <allow send_interface="org.bluez.GattCharacteristic1"/>
    <allow send_interface="org.bluez.GattDescriptor1"/>
    <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
    <allow send_interface="org.freedesktop.DBus.Properties"/>
  </policy>
</busconfig>

I am adding node-ble to an electron app, which is using electron-forge to create a .deb package.
My plan to set up this file is for the deb installer to run a simple script during post-install:

#!/bin/bash
cp conf/node-ble.conf /etc/dbus-1/system.d/node-ble.conf

My issue is that I can't know at the time of packaging, what the username of whoever is installing the package will be.
Would it work to specify a permissions group instead of a username for the policy? And just require the user to be in that group?

...
<policy group="bluetooth">
  ...