dbus: don't do <deny send_interface="..." /> in dbus service file

It does more than intended; apart from denying messages to that particular
interface it also denies all messages non-qualified with an
interface globally.
This blocks messages completely unrelated to wpa_supplicant, such as
NetworkManager communication with the VPN plugins.

From the dbus-daemon manual:

  Be careful with send_interface/receive_interface, because the
  interface field in messages is optional. In particular, do NOT
  specify <deny send_interface="org.foo.Bar"/>! This will cause
  no-interface messages to be blocked for all services, which is
  almost certainly not what you intended. Always use rules of the form:
  <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/>

We can just safely remove those rules, since we're sufficiently protected
by the send_destination matches and method calls are disallowed by default
anyway.

https://bugzilla.gnome.org/show_bug.cgi?id=763880

diff --git a/src/org.freedesktop.NetworkManager.conf b/src/org.freedesktop.NetworkManager.conf
index 801d9a7..3cd9af2 100644 (file)
--- a/src/org.freedesktop.NetworkManager.conf
+++ b/src/org.freedesktop.NetworkManager.conf
@@ -113,13 +113,20 @@
                     to the agents themselves. -->
                 <allow send_destination="org.freedesktop.NetworkManager"
                        send_interface="org.freedesktop.NetworkManager.AgentManager"/>
-                <deny send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
 
                <!-- Root-only functions -->
-                <deny send_interface="org.freedesktop.NetworkManager" send_member="SetLogging"/>
-                <deny send_interface="org.freedesktop.NetworkManager" send_member="Sleep"/>
-                <deny send_interface="org.freedesktop.NetworkManager.Settings" send_member="LoadConnections"/>
-                <deny send_interface="org.freedesktop.NetworkManager.Settings" send_member="ReloadConnections"/>
+                <deny send_destination="org.freedesktop.NetworkManager"
+                      send_interface="org.freedesktop.NetworkManager"
+                      send_member="SetLogging"/>
+                <deny send_destination="org.freedesktop.NetworkManager"
+                      send_interface="org.freedesktop.NetworkManager"
+                      send_member="Sleep"/>
+                <deny send_destination="org.freedesktop.NetworkManager"
+                      send_interface="org.freedesktop.NetworkManager.Settings"
+                      send_member="LoadConnections"/>
+                <deny send_destination="org.freedesktop.NetworkManager"
+                      send_interface="org.freedesktop.NetworkManager.Settings"
+                      send_member="ReloadConnections"/>
         </policy>
 
        <limit name="max_replies_per_connection">1024</limit>