Fix the D-Bus policy

0001-wpa_supplicant-don-t-do-deny-send_interface-.-in-dbu.patch

@@ -0,0 +1,45 @@
+From 64fee7148a434e4ee89d95a7c374a36d29a6f6f3 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Fri, 16 Oct 2015 19:12:15 +0200
+Subject: [PATCH] wpa_supplicant: don't do <deny send_interface="..." /> in
+ dbus service file
+
+It does more than intended; apart from denying messages to that particular
+interface it also denies all messages non-qualified with an interface globally.
+From the dbus-daemon manual:
+
+  Be careful with send_interface/receive_interface, because the
+  interface field in messages is optional. In particular, do NOT
+  specify <deny send_interface="org.foo.Bar"/>! This will cause
+  no-interface messages to be blocked for all services, which is almost
+  certainly not what you intended. Always use rules of the form: <deny
+  send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
+
+We can just safely remove those rules, since we're sufficiently protected
+by the send_destination matches and method calls are disallowed by default
+anyway.
+
+Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
+---
+ wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+index c091234..382dcb3 100644
+--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
++++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+@@ -17,11 +17,9 @@
+         <policy context="default">
+                 <deny own="fi.epitest.hostap.WPASupplicant"/>
+                 <deny send_destination="fi.epitest.hostap.WPASupplicant"/>
+-                <deny send_interface="fi.epitest.hostap.WPASupplicant"/>
+ 
+                 <deny own="fi.w1.wpa_supplicant1"/>
+                 <deny send_destination="fi.w1.wpa_supplicant1"/>
+-                <deny send_interface="fi.w1.wpa_supplicant1"/>
+                 <deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+         </policy>
+ </busconfig>
+-- 
+2.4.3
+

wpa_supplicant.spec

@@ -7,7 +7,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
 Version: 2.4
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: BSD
 Group: System Environment/Base
 Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz
@@ -44,6 +44,9 @@ Patch10: rh1231973-dbus-fix-operations-for-p2p-mgmt.patch
 # Fix a security issue - rh #rh1241907
 # http://w1.fi/security/2015-5/0001-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch
 Patch11: rh1241907-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch
+# Don't override D-Bus policy for other daemons
+# http://lists.infradead.org/pipermail/hostap/2015-October/034036.html
+Patch12: 0001-wpa_supplicant-don-t-do-deny-send_interface-.-in-dbu.patch
 
 URL: http://w1.fi/wpa_supplicant/
 
@@ -97,6 +100,7 @@ Graphical User Interface for wpa_supplicant written using QT
 %patch9 -p1 -b .cve-2015-1863
 %patch10 -p1 -b .rh1231973-dbus-fix-operations-for-p2p-mgmt
 %patch11 -p1 -b .rh1241907-ndef-length
+%patch12 -p1 -b .dbus-policy
 
 %build
 pushd wpa_supplicant
@@ -212,6 +216,9 @@ fi
 %endif
 
 %changelog
+* Fri Oct 23 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:2.4-6
+- Fix the D-Bus policy
+
 * Sat Oct  3 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:2.4-5
 - Don't order service after syslog.target (rh #1055197)
 - Mark COPYING as %%license