Bug 18229 - Change system.conf to correctly deny non-reply sends by default

The previous rule <allow send_requested_reply="true"/> was actually
applied to all messages, even if they weren't a reply.  This meant
that in fact the default DBus policy was effectively allow, rather
than deny as claimed.

This fix ensures that the above rule only applies to actual reply
messages.
Signed-off-by: Colin Walters <walters@verbum.org>

1 files changed, 12 insertions, 2 deletions

diff --git a/bus/system.conf.in b/bus/system.conf.in
index 6a71926e..ac2822fa 100644
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@@ -50,9 +50,19 @@
          even if they aren't in here -->
     <allow send_destination="org.freedesktop.DBus"/>
     <allow receive_sender="org.freedesktop.DBus"/>
-    <!-- valid replies are always allowed -->
-    <allow send_requested_reply="true"/>
+    <!-- allow sending valid replies -->
+    <allow send_requested_reply="true" send_type="method_return"/>
+    <allow send_requested_reply="true" send_type="error"/>
+    <!-- allow receiving valid replies -->
     <allow receive_requested_reply="true"/>
+    <!-- Note: the rule above also allows receiving of all non-reply messages
+         that are not denied later.  See:
+         https://bugs.freedesktop.org/show_bug.cgi?id=18229
+         Potentially this will be replaced in the future by the
+         following two rules:
+    <allow receive_requested_reply="true" receive_type="method_return"/>
+    <allow receive_requested_reply="true" receive_type="error"/>
+    -->
     <!-- disallow changing the activation environment of system services -->
     <deny send_destination="org.freedesktop.DBus"
           send_interface="org.freedesktop.DBus"