-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Chinook
-
None
-
BB_VERSION = "1.30.0"
BUILD_SYS = "x86_64-linux"
NATIVELSBSTRING = "universal"
TARGET_SYS = "arm-agl-linux-gnueabi"
MACHINE = "nitrogen6x"
DISTRO = "poky-agl"
DISTRO_VERSION = "3.0.0+snapshot-20161221"
TUNE_FEATURES = "arm armv7a vfp thumb neon callconvention-hard cortexa9"
TARGET_FPU = "hard"
meta-fsl-arm = "HEAD:e2254e7b2ded0c2b66b1226f879b3a6d52037b2d"
meta-fsl-arm-extra = "HEAD:e95f4ae61fdaf6452d6dfa9cb59dbdf9cdf73c99"
meta-boundary = "HEAD:b526a39452ea69626cddae230718401616c99412"
meta-valid-ivi = "krogoth:acaeec5dbb4e2df39ddb9350958b819747546b02"
meta-browser = "HEAD:b251177608a8be789fe71f35e27558436ff46f50"
meta-xfce
meta-gnome = "HEAD:55c8a76da5dc099a7bc3838495c672140cedb78e"
meta-netboot = "HEAD:1a70e5e8f48f17f604ab243dfb3ff01f7aa435f6"
meta-oic = "HEAD:4d215eb63a27b5fe14216a25a760092002d13a33"
meta-qt5 = "HEAD:9aa870eecf6dc7a87678393bd55b97e21033ab48"
meta-agl-demo = "HEAD:611806e19ca6da042c5c3ad843c7d988f4e57783"
meta-security-smack
meta-security-framework = "HEAD:20bbb97f6d5400b126ae96ef446c3e60c7e16285"
meta-app-framework = "HEAD:a79a0100e61acc714a1f6b28476182b7daeede74"
meta-security-smack
meta-security-framework = "HEAD:20bbb97f6d5400b126ae96ef446c3e60c7e16285"
meta-app-framework = "HEAD:a79a0100e61acc714a1f6b28476182b7daeede74"
meta-oe
meta-multimedia
meta-efl
meta-networking
meta-python = "HEAD:55c8a76da5dc099a7bc3838495c672140cedb78e"
meta-ivi-common
meta-agl
meta-agl-bsp = "HEAD:1a70e5e8f48f17f604ab243dfb3ff01f7aa435f6"
meta
meta-poky
meta-yocto-bsp = "HEAD:ae9b341ecfcc60e970f29cfe04306411ad26c0cf"BB_VERSION = "1.30.0" BUILD_SYS = "x86_64-linux" NATIVELSBSTRING = "universal" TARGET_SYS = "arm-agl-linux-gnueabi" MACHINE = "nitrogen6x" DISTRO = "poky-agl" DISTRO_VERSION = "3.0.0+snapshot-20161221" TUNE_FEATURES = "arm armv7a vfp thumb neon callconvention-hard cortexa9" TARGET_FPU = "hard" meta-fsl-arm = "HEAD:e2254e7b2ded0c2b66b1226f879b3a6d52037b2d" meta-fsl-arm-extra = "HEAD:e95f4ae61fdaf6452d6dfa9cb59dbdf9cdf73c99" meta-boundary = "HEAD:b526a39452ea69626cddae230718401616c99412" meta-valid-ivi = "krogoth:acaeec5dbb4e2df39ddb9350958b819747546b02" meta-browser = "HEAD:b251177608a8be789fe71f35e27558436ff46f50" meta-xfce meta-gnome = "HEAD:55c8a76da5dc099a7bc3838495c672140cedb78e" meta-netboot = "HEAD:1a70e5e8f48f17f604ab243dfb3ff01f7aa435f6" meta-oic = "HEAD:4d215eb63a27b5fe14216a25a760092002d13a33" meta-qt5 = "HEAD:9aa870eecf6dc7a87678393bd55b97e21033ab48" meta-agl-demo = "HEAD:611806e19ca6da042c5c3ad843c7d988f4e57783" meta-security-smack meta-security-framework = "HEAD:20bbb97f6d5400b126ae96ef446c3e60c7e16285" meta-app-framework = "HEAD:a79a0100e61acc714a1f6b28476182b7daeede74" meta-security-smack meta-security-framework = "HEAD:20bbb97f6d5400b126ae96ef446c3e60c7e16285" meta-app-framework = "HEAD:a79a0100e61acc714a1f6b28476182b7daeede74" meta-oe meta-multimedia meta-efl meta-networking meta-python = "HEAD:55c8a76da5dc099a7bc3838495c672140cedb78e" meta-ivi-common meta-agl meta-agl-bsp = "HEAD:1a70e5e8f48f17f604ab243dfb3ff01f7aa435f6" meta meta-poky meta-yocto-bsp = "HEAD:ae9b341ecfcc60e970f29cfe04306411ad26c0cf"
root@nitrogen6x:/usr/AGL/ces2017-demo# ./installAllApps.sh
Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.18" (uid=0 pid=608 comm="dbus-send --session --print-reply --dest=org.AGL.a") interface="org.AGL.afm.user" member="install" error name="(unset)" requested_reply="0" destination="org.AGL.afm.user" (uid=0 pid=504 comm="/usr/bin/afm-user-daemon --user-dbus=unix:path=/ru") privilege="http://tizen.org/privilege/internal/dbus"
Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.19" (uid=0 pid=613 comm="dbus-send --session --print-reply --dest=org.AGL.a") interface="org.AGL.afm.user" member="install" error name="(unset)" requested_reply="0" destination="org.AGL.afm.user" (uid=0 pid=504 comm="/usr/bin/afm-user-daemon --user-dbus=unix:path=/ru") privilege="http://tizen.org/privilege/internal/dbus"
Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.20" (uid=0 pid=618 comm="dbus-send --session --print-reply --dest=org.AGL.a") interface="org.AGL.afm.user" member="install" error name="(unset)" requested_reply="0" destination="org.AGL.afm.user" (uid=0 pid=504 comm="/usr/bin/afm-user-daemon --user-dbus=unix:path=/ru") privilege="http://tizen.org/privilege/internal/dbus"
Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.21" (uid=0 pid=623 comm="dbus-send --session --print-reply --dest=org.AGL.a") interface="org.AGL.afm.user" member="install" error name="(unset)" requested_reply="0" destination="org.AGL.afm.user" (uid=0 pid=504 comm="/usr/bin/afm-user-daemon --user-dbus=unix:path=/ru") privilege="http://tizen.org/privilege/internal/dbus"
Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.22" (uid=0 pid=628 comm="dbus-send --session --print-reply --dest=org.AGL.a") interface="org.AGL.afm.user" member="install" error name="(unset)" requested_reply="0" destination="org.AGL.afm.user" (uid=0 pid=504 comm="/usr/bin/afm-user-daemon --user-dbus=unix:path=/ru") privilege="http://tizen.org/privilege/internal/dbus"
Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.23" (uid=0 pid=633 comm="dbus-send --session --print-reply --dest=org.AGL.a") interface="org.AGL.afm.user" member="install" error name="(unset)" requested_reply="0" destination="org.AGL.afm.user" (uid=0 pid=504 comm="/usr/bin/afm-user-daemon --user-dbus=unix:path=/ru") privilege="http://tizen.org/privilege/internal/dbus"
Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.24" (uid=0 pid=638 comm="dbus-send --session --print-reply --dest=org.AGL.a") interface="org.AGL.afm.user" member="install" error name="(unset)" requested_reply="0" destination="org.AGL.afm.user" (uid=0 pid=504 comm="/usr/bin/afm-user-daemon --user-dbus=unix:path=/ru") privilege="http://tizen.org/privilege/internal/dbus"
root@nitrogen6x:/usr/AGL/ces2017-demo# cat /etc/dbus-1/s
session.conf session.d/ system.conf system.d/
----------------------------------------------------------------------------------------------------------------
root@nitrogen6x:/usr/AGL/ces2017-demo# cat /etc/dbus-1/system.conf
<!-- This configuration file controls the systemwide message bus.
Add a system-local.conf and edit that rather than changing this
file directly. -->
<!-- Note that there are any number of ways you can hose yourself
security-wise by screwing up this file; in particular, you
probably don't want to listen on any more addresses, add any more
auth mechanisms, run as a different user, etc. -->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- Our well-known bus type, do not change this -->
<type>system</type>
<!-- Run as special user -->
<user>messagebus</user>
<!-- Fork into daemon mode -->
<fork/>
<!-- We use system service launching using a helper -->
<standard_system_servicedirs/>
<!-- This is a setuid helper that is used to launch system services -->
<servicehelper>/usr/lib/dbus/dbus-daemon-launch-helper</servicehelper>
<!-- Write a pid file -->
<pidfile>/var/run/messagebus.pid</pidfile>
<!-- Enable logging to syslog -->
<syslog/>
<!-- Only allow socket-credentials-based authentication -->
<auth>EXTERNAL</auth>
<!-- Only listen on a local socket. (abstract=/path/to/socket
means use abstract namespace, don't really create filesystem
file; only Linux supports this. Use path=/whatever on other
systems.) -->
<listen>unix:path=/var/run/dbus/system_bus_socket</listen>
<policy context="default">
<!-- All users can connect to system bus -->
<allow user="*"/>
<!-- Holes must be punched in service configuration files for
name ownership and sending method calls -->
<deny own="*"/>
<deny send_type="method_call"/>
<!-- By default clients require internal/dbus privilege to send and receive signaks.
This is internal privilege that is only accessible to trusted system services -->
<check send_type="signal" privilege="http://tizen.org/privilege/internal/dbus" />
<check receive_type="signal" privilege="http://tizen.org/privilege/internal/dbus" />
<!-- Reply messages (method returns, errors) are allowed
by default -->
<allow send_requested_reply="true" send_type="method_return"/>
<allow send_requested_reply="true" send_type="error"/>
<!-- All messages but signals may be received by default -->
<allow receive_type="method_call"/>
<allow receive_type="method_return"/>
<allow receive_type="error"/>
<!-- If there is a need specific bus services could be protected by Cynara as well.
However, this can lead to deadlock during the boot process when such check is made and
Cynara is not yet activated (systemd calls protected method synchronously,
dbus daemon tries to consult Cynara, Cynara waits for systemd activation).
Therefore it is advised to allow root processes to use bus services.
Currently anyone is allowed to talk to the message bus -->
<allow send_destination="org.freedesktop.DBus"/>
<allow receive_sender="org.freedesktop.DBus"/>
<!-- Disallow some specific bus services -->
<deny send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.DBus"
send_member="UpdateActivationEnvironment"/>
<deny send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.systemd1.Activator"/>
</policy>
<!-- Only systemd, which runs as root, may report activation failures. -->
<policy user="root">
<allow send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.systemd1.Activator"/>
</policy>
<!-- Config files are placed here that among other things, punch
holes in the above policy for specific services. -->
<includedir>system.d</includedir>
<!-- This is included last so local configuration can override what's
in this standard file -->
<include ignore_missing="yes">system-local.conf</include>
<include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
</busconfig>