By using:
<deny send_destination="org.freedesktop.ModemManager1"/>
..we prevent anyone on the system from sending us signals, even if we
subscribed to them. This is clearly not what this line intended. More
importantly, we silently break mm-auth-provider-polkit, as we never
receiver 'changed' signals via PolkitAuthority. Right now, this is not
required by the implementation of PolkitAuthority, but ModemManager
should not place restrictions on the implementation of external
libraries.
So make sure we only prevent Method-Calls to be sent to us. Any other
message that we didn't expect is automatically discarded by gdbus,
anyway.
Without this change, debugging dbus policies constantly shows messages
that Polkit couldn't send the 'changed' signal to ModemManager. This is
suppressed in non-debugging mode. But it would make debugging a lot
easier, if we'd avoid force-dropping those events and not clutter the
debug-log.
This reverts commit 91898aa8b0.
See additional comments in the following bug:
https://bugzilla.gnome.org/show_bug.cgi?id=701229
Basically, 'mask' and 'unmask' operations are not the ones we should be using
or suggesting; and the Alias= for the DBus file is the correct way to go.
The '--with-polkit' configure switch now supports more options than just yes
or no:
* strict: Active user needs to explicitly authenticate when peforming an
operation defined in the Device.Control, Messaging, Location or Contacts
interfaces. Polkit policy is set to 'auth_self_keep'.
* permissive: Active user doesn't need to explicitly authenticate when
peforming an operation defined in the Device.Control, Messaging, Location or
Contacts interfaces. Polkit policy is set to 'yes'.
* none: don't use polkit.
If '--with-polkit' is not given, usage will be automatically decided based on
the presence of the Polkit headers in the system (if headers found, strict
policy will be applied, otherwise none).
Also:
* '--with-polkit' is equivalent to '--with-polkit=strict'
* '--with-polkit=yes' is equivalent to '--with-polkit=strict'
* '--with-polkit=no' is equivalent to '--with-polkit=none'
* '--without-polkit' is equivalent to '--with-polkit=none'
By default, ModemManager will always apply the strict policy, in order to
protect the user from unwanted operations in the modem (e.g. getting the PIN
locked forever after wrong PIN/PUK unlock attempts).
https://bugzilla.gnome.org/show_bug.cgi?id=701740
Avoid setting up the Alias rule, which was a helper to let us 'disable' the
systemd service including dbus-activations. Without the Alias, 'disable' will
still let starting ModemManager through dbus-activation. If you really want to
fully disallow starting MM also through dbus-activation, you should 'mask' and
'unmask' the service.
E.g.:
$ sudo systemctl mask ModemManager
ln -s '/dev/null' '/etc/systemd/system/ModemManager.service'
$ sudo mmcli -L
error: couldn't find the ModemManager process in the bus
$ sudo systemctl unmask ModemManager
rm '/etc/systemd/system/ModemManager.service'
$ sudo mmcli -L
No modems were found
https://bugzilla.gnome.org/show_bug.cgi?id=701229
These diagrams are not expected to change much, so just include the generated
PNGs in the repository, and remove 'dia' from the prerequisites to build the
documentation.
It's pointless to have libmm-common around, just merge it into libmm-glib and
make ModemManager depend on libmm-glib directly. At the end, the non-common
stuff in libmm-glib is really minimal.
