On Tue, 2014-11-18 at 10:30 +0100, Dominig ar Foll (Intel OTC) wrote: > Le 17/11/2014 11:00, Patrick Ohly a écrit : > > I've argued that it is the latter (see also > > https://bugs.tizen.org/jira/browse/TC-1411) while the NTB developers > > claim that the less secure access control in NTB is good enough for 3.0. > You are correct, as BT FW demon run with the Bluetooth user ID, we will > have to filter other user make direct call to BlueZ. > That can be done quite easily via a dbus policy.
I doubt that a dbus-daemon policy could be used to protect against malicious users. dbus-daemon has no knowledge about which devices a user is allowed to access. We cannot block all accesses either, because that would break NTB, which relies on getting at least some D-Bus calls from a non-privileged user process handled directly by Bluez. The only solution that I see is extended resource control in the kernel part of Bluez. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
