Lintian tag information: dbus-policy-without-send-destination (type: warning)
Description (from lintian-explain-tags
)
The package contains D-Bus policy configuration that uses one of the
send_* conditions, but does not specify a send_destination, and is not
specific to root.
Rules of the form
<allow send_interface="com.example.MyInterface"/>
allow messages with the given interface to be sent to *any* service, not
just the one installing the rule, which is rarely what was intended.
Similarly, on the system bus, rules of the form
<deny send_interface="com.example.MyInterface"/>
are redundant with the system bus's default-deny policy, and have
unintended effects on other services.
This check ignores rules of the form
<policy user="root">
<allow ... />
</policy>
which are commonly used for the "agent" pattern seen in services like
BlueZ and NetworkManager: a root-privileged daemon calls out to one or
more per-user user interface agent processes with no specific name, so
send_destination is not easily applicable. However, such rules should
still be made as specific as possible to avoid undesired side-effects.
Please refer to https://bugs.freedesktop.org/show_bug.cgi?id=18961 and
http://lists.freedesktop.org/archives/dbus/2008-February/009401.html for
details.
Visibility: warning
Show-Always: no
Check: desktop/dbus
Show affected packages