Closed LaakkonenJussi closed 3 years ago
Nice! Need to check in more detail but that goes tomorrow.
Please combine references to one single line:
[permissions] Use disable-mnt to control data storage perms, move udisks2 include. JB#53818 OMP#JOLLA-49
Also please fill in description of DataStorages to README. I think this could be also moved from internal list to "public" list.
BTW, if you can think of a better name than DataStorages, that could be also changed now.
Yeah well functionality first, documentation second. Early review gets the bugs etc. On it!
The format that needs to be used is:
dbus.system.[call|broadcast] <NAME>[.*]=<INTERFACE>[.*][@<OBJECT>[/*]]
There is no '=' in any of these call rules -> invalid rules for never-going-to-exist names / stte.
The documentation / even code is not always very clear, but you can do at least format checking with e.g.:
$ xdg-dbus-proxy 3>/dev/null --fd=3 fooname barsocket --call=org.freedesktop.UDisks2.Block.Format 'org.freedesktop.UDisks2.Block.Format' is not a valid name + rule
= not ok
$ xdg-dbus-proxy 3>/dev/null --fd=3 fooname barsocket --call=org.freedesktop.UDisks2.Block=org.freedesktop.UDisks2.Block.Format ^C
= ok
Thanks for clarifying my head with this as the documentation did not. Fixed these issues in the files.
Updated the PR and squashed the changes to two separate commits, one for UDisks2 and one for the RemovableMedia. @Tomin1 @spiiroin @okodron I guess this is ready for final review. Checked with sailjail --trace that D-Bus log did not anymore contain any DENIED
lines when trying to access removable media.
@okodron waiting for review on your side as well.
[permissions] Use disable-mnt to control data storage perms, move udisk2 include. OMP#JOLLA-49
Block access to any media mount with disable-mnt in Base.permissions. Grant permissions to all media when DataStorages permission is used, including UDisks2 D-Bus.
Move the UDisks permission include away from Base.permissions. This is to be included separately or via DataStorages permission.