1 files changed, 37 insertions, 0 deletions

diff --git a/tags/d/dbus-policy-without-send-destination.tag b/tags/d/dbus-policy-without-send-destination.tag
new file mode 100644
index 0000000..65b2345
--- /dev/null
+++ b/tags/d/dbus-policy-without-send-destination.tag
@@ -0,0 +1,37 @@
+Tag: dbus-policy-without-send-destination
+Severity: warning
+Check: desktop/dbus
+Explanation: The package contains D-Bus policy configuration that uses
+ one of the <code>send&lowbar;&ast;</code> conditions, but does not specify a
+ <code>send&lowbar;destination</code>, and is not specific to root.
+ .
+ Rules of the form
+ .
+   &lt;allow send&lowbar;interface="com.example.MyInterface"/&gt;
+ .
+ allow messages with the given interface to be sent to *any*
+ service, not just the one installing the rule, which is rarely
+ what was intended.
+ .
+ Similarly, on the system bus, rules of the form
+ .
+   &lt;deny send&lowbar;interface="com.example.MyInterface"/&gt;
+ .
+ are redundant with the system bus's default-deny policy, and have
+ unintended effects on other services.
+ .
+ This check ignores rules of the form
+ .
+   &lt;policy user="root"&gt;
+     &lt;allow ... /&gt;
+   &lt;/policy&gt;
+ .
+ which are commonly used for the "agent" pattern seen in services like
+ BlueZ and NetworkManager: a root-privileged daemon calls out to
+ one or more per-user user interface agent processes with no specific
+ name, so <code>send&lowbar;destination</code> is not easily applicable.
+ However, such rules should still be made as specific as possible to
+ avoid undesired side-effects.
+See-Also:
+ https://bugs.freedesktop.org/show_bug.cgi?id=18961,
+ http://lists.freedesktop.org/archives/dbus/2008-February/009401.html