[libgpiod,v3,12/18] dbus: add data files

Message ID	20240718-dbus-v3-12-c9ea2604f082@linaro.org
State	Superseded
Headers	show Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FD068175F for <linux-gpio@vger.kernel.org>; Thu, 18 Jul 2024 09:29:04 +0000 (UTC) From: Bartosz Golaszewski <brgl@bgdev.pl> Date: Thu, 18 Jul 2024 11:28:06 +0200 Subject: [PATCH libgpiod v3 12/18] dbus: add data files Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20240718-dbus-v3-12-c9ea2604f082@linaro.org> References: <20240718-dbus-v3-0-c9ea2604f082@linaro.org> In-Reply-To: <20240718-dbus-v3-0-c9ea2604f082@linaro.org> To: Linus Walleij <linus.walleij@linaro.org>, Kent Gibson <warthog618@gmail.com>, Erik Schilling <erik.schilling@linaro.org>, Phil Howard <phil@gadgetoid.com>, Andy Shevchenko <andriy.shevchenko@linux.intel.com>, Viresh Kumar <viresh.kumar@linaro.org>, Dan Carpenter <dan.carpenter@linaro.org>, Philip Withnall <philip@tecnocode.co.uk> Cc: linux-gpio@vger.kernel.org, dbus@lists.freedesktop.org, Bartosz Golaszewski <bartosz.golaszewski@linaro.org>, Alexander Sverdlin <alexander.sverdlin@siemens.com>
Series	dbus: add GLib-based D-Bus daemon and command-line client \| expand [libgpiod,v3,00/18] dbus: add GLib-based D-Bus daemon and command-line client [libgpiod,v3,01/18] tests: split out reusable test code into a local static library [libgpiod,v3,02/18] tests: split out the common test code for bash scripts [libgpiod,v3,03/18] bindings: glib: add build files [libgpiod,v3,04/18] bindings: glib: add public headers [libgpiod,v3,05/18] bindings: glib: add core code [libgpiod,v3,06/18] bindings: glib: add examples [libgpiod,v3,07/18] bindings: glib: add tests [libgpiod,v3,08/18] README: document GLib bindings [libgpiod,v3,09/18] dbus: add build files [libgpiod,v3,10/18] dbus: add the API definitions [libgpiod,v3,11/18] dbus: add a wrapper around the gdbus-codegen generated header [libgpiod,v3,12/18] dbus: add data files [libgpiod,v3,13/18] dbus: add gpio-manager code [libgpiod,v3,14/18] dbus: add tests [libgpiod,v3,15/18] dbus: add a command-line client [libgpiod,v3,16/18] dbus: client: add tests [libgpiod,v3,17/18] README: document the DBus API [libgpiod,v3,18/18] TODO: drop the DBus daemon from the list

Message ID

20240718-dbus-v3-12-c9ea2604f082@linaro.org

State

Superseded

Headers

From: Bartosz Golaszewski <brgl@bgdev.pl>
Date: Thu, 18 Jul 2024 11:28:06 +0200
Subject: [PATCH libgpiod v3 12/18] dbus: add data files
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20240718-dbus-v3-12-c9ea2604f082@linaro.org>
References: <20240718-dbus-v3-0-c9ea2604f082@linaro.org>
In-Reply-To: <20240718-dbus-v3-0-c9ea2604f082@linaro.org>
To: Linus Walleij <linus.walleij@linaro.org>,
 Kent Gibson <warthog618@gmail.com>,
 Erik Schilling <erik.schilling@linaro.org>,
 Phil Howard <phil@gadgetoid.com>,
 Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
 Viresh Kumar <viresh.kumar@linaro.org>,
 Dan Carpenter <dan.carpenter@linaro.org>,
 Philip Withnall <philip@tecnocode.co.uk>
Cc: linux-gpio@vger.kernel.org, dbus@lists.freedesktop.org,
 Bartosz Golaszewski <bartosz.golaszewski@linaro.org>,
 Alexander Sverdlin <alexander.sverdlin@siemens.com>

Series

dbus: add GLib-based D-Bus daemon and command-line client | expand

Commit Message

Bartosz Golaszewski July 18, 2024, 9:28 a.m. UTC

From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>

Add the default service configuration file for the DBus GPIO API and
a systemd unit file that allows to start up the gpio-manager.

Tested-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
---
 dbus/data/90-gpio.rules        |  4 ++++
 dbus/data/gpio-manager.service | 50 ++++++++++++++++++++++++++++++++++++++++++
 dbus/data/io.gpiod1.conf       | 41 ++++++++++++++++++++++++++++++++++
 3 files changed, 95 insertions(+)

diff --git a/dbus/data/90-gpio.rules b/dbus/data/90-gpio.rules
new file mode 100644
index 0000000..ef27949
--- /dev/null
+++ b/dbus/data/90-gpio.rules
@@ -0,0 +1,4 @@ 
+# SPDX-License-Identifier: CC0-1.0
+# SPDX-FileCopyrightText: 2023 Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
+
+SUBSYSTEM=="gpio", KERNEL=="gpiochip[0-9]*", GROUP="gpio", MODE="0660"
diff --git a/dbus/data/gpio-manager.service b/dbus/data/gpio-manager.service
new file mode 100644
index 0000000..f93a6fa
--- /dev/null
+++ b/dbus/data/gpio-manager.service
@@ -0,0 +1,50 @@ 
+# SPDX-License-Identifier: CC0-1.0
+# SPDX-FileCopyrightText: 2023-2024 Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
+
+[Unit]
+Description=Centralized GPIO manager daemon
+
+[Service]
+Type=dbus
+BusName=io.gpiod1
+ExecStart=/usr/bin/gpio-manager
+Restart=always
+User=gpio-manager
+
+CapabilityBoundingSet=
+ReadOnlyDirectories=/
+NoNewPrivileges=yes
+RemoveIPC=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+ProtectClock=yes
+Delegate=no
+IPAddressDeny=any
+KeyringMode=private
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NotifyAccess=main
+PrivateMounts=no
+PrivateNetwork=no
+ProtectHostname=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallFilter=~@clock
+SystemCallFilter=~@cpu-emulation
+SystemCallFilter=~@debug
+SystemCallFilter=~@module
+SystemCallFilter=~@mount
+SystemCallFilter=~@obsolete
+SystemCallFilter=~@privileged
+SystemCallFilter=~@raw-io
+SystemCallFilter=~@reboot
+SystemCallFilter=~@swap
+
+[Install]
+WantedBy=multi-user.target
diff --git a/dbus/data/io.gpiod1.conf b/dbus/data/io.gpiod1.conf
new file mode 100644
index 0000000..99b470f
--- /dev/null
+++ b/dbus/data/io.gpiod1.conf
@@ -0,0 +1,41 @@ 
+<!-- SPDX-License-Identifier: CC-BY-SA-4.0.txt -->
+<!-- SPDX-FileCopyrightText: 2022-2024 Bartosz Golaszewski <bartosz.golaszewski@linaro.org> -->
+
+<!-- This configuration file specifies the required security policies
+     for the gpio-dbus daemon to work. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+
+  <!-- Everyone can list GPIO devices and see their properties. -->
+  <policy context="default">
+    <allow send_destination="io.gpiod1"
+           send_interface="org.freedesktop.DBus.Peer"
+           send_member="Ping"/>
+    <allow send_destination="io.gpiod1"
+           send_interface="org.freedesktop.DBus.Introspectable"/>
+    <allow send_destination="io.gpiod1"
+           send_interface="org.freedesktop.DBus.Properties"/>
+    <allow send_destination="io.gpiod1"
+           send_interface="org.freedesktop.DBus.ObjectManager"/>
+  </policy>
+
+  <!-- Daemon must run as the `gpio-manager` user. -->
+  <policy user="gpio-manager">
+    <allow own="io.gpiod1"/>
+  </policy>
+
+  <!-- Members of the `gpio` group can request and manipulate GPIO lines. -->
+  <policy group="gpio">
+    <allow send_destination="io.gpiod1"/>
+  </policy>
+
+  <!-- Root can do anything. -->
+  <policy user="root">
+    <allow own="io.gpiod1"/>
+    <allow send_destination="io.gpiod1"/>
+  </policy>
+
+</busconfig>

[libgpiod,v3,12/18] dbus: add data files

Commit Message

Patch