fix: tighten D-Bus service security policy

[fly602]

Changed the D-Bus configuration to restrict ServiceManager1 access to root user only. Previously, the default policy allowed all users to send messages to the service. Now non-root users are explicitly denied access to all interfaces including Introspectable, Properties, ObjectManager, and Peer interfaces.

This change enhances security by preventing unauthorized users from interacting with the service manager, which should only be accessible by privileged users for system management tasks.

Log: Restricted ServiceManager1 D-Bus access to root user only for security

Influence:

1. Verify that root user can still access ServiceManager1 normally
2. Test that non-root users cannot send messages to ServiceManager1
3. Check that service introspection is blocked for non-root users
4. Confirm that property access and object management are denied for regular users
5. Verify that peer interface operations are restricted to root only

fix: 加强 D-Bus 服务安全策略

修改了 D-Bus 配置，将 ServiceManager1 的访问权限限制为仅 root 用户。之前 默认策略允许所有用户向服务发送消息。现在非 root 用户被明确拒绝访问所有接
口，包括 Introspectable、Properties、ObjectManager 和 Peer 接口。

此更改通过防止未经授权的用户与服务管理器交互来增强安全性，该服务管理器应
仅由特权用户用于系统管理任务。

Log: 出于安全考虑，将 ServiceManager1 的 D-Bus 访问权限限制为仅 root 用户

Influence:

1. 验证 root 用户仍可正常访问 ServiceManager1
2. 测试非 root 用户无法向 ServiceManager1 发送消息
3. 检查非 root 用户的服务内省功能是否被阻止
4. 确认普通用户的属性访问和对象管理功能被拒绝
5. 验证 Peer 接口操作仅限 root 用户使用

[Copilot]

Pull request overview

This PR enhances security for the D-Bus ServiceManager1 service by restricting all access to the root user only. Previously, the configuration allowed any user to send messages to the service. The new policy explicitly denies non-root users from owning the service or sending any messages to it.

Key Changes:

• Changed default policy from allowing all users to explicitly denying all non-root access
• Added explicit deny rules for introspection and standard D-Bus interfaces
• Updated comments to reflect the root-only access model

Comments suppressed due to low confidence (1)

misc/org.deepin.ServiceManager1.conf:27

• The explicit deny rules for specific interfaces (lines 20-27) are redundant because line 19 already denies all messages to the service destination. In D-Bus policy, denying send_destination without specifying an interface blocks ALL interfaces including Introspectable, Properties, ObjectManager, and Peer. The general deny rule takes precedence and makes the interface-specific denies unnecessary and potentially confusing for future maintainers.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The explicit allow for the Introspectable interface is redundant because line 11 already allows all messages to the service destination. The general allow rule on line 11 permits access to ALL interfaces without needing to specify them individually. This additional rule adds no extra permissions and can be simplified.

Suggested change

	<allow send_destination="org.deepin.ServiceManager1"
	send_interface="org.freedesktop.DBus.Introspectable"/>

[Copilot]

The explicit deny for owning the service name is redundant. In D-Bus, only the policy context that has an explicit allow can own a service name. Since only the root policy allows owning org.deepin.ServiceManager1 (line 10), other users are already implicitly denied from owning it. This explicit deny adds no additional security and makes the configuration more verbose.

[deepin-ci-robot]

deepin pr auto review

我来对这个D-Bus配置文件的修改进行审查：

1. 语法逻辑分析：
   修改后的语法是正确的，符合D-Bus配置文件的规范。删除了默认策略部分，只保留了root用户的策略配置。

2. 代码质量：

• 注释更新准确，明确表达了"只有root可以拥有和访问服务"
• 删除了冗余的默认策略配置，使配置更加简洁清晰
• 结构更加合理，采用了"默认拒绝"的安全原则

3. 代码性能：
   这个修改不会对性能产生直接影响，因为D-Bus策略检查的开销很小。

4. 代码安全：
   这是一个很好的安全改进：

• 原配置允许任何用户访问服务，存在安全隐患
• 新配置只允许root用户访问，大大提高了安全性
• 采用了最小权限原则，只给必要的用户（root）授权

改进建议：

1. 考虑添加更详细的错误处理注释，说明非root用户尝试访问时的行为
2. 如果需要特定的非root用户访问，建议明确添加这些用户的策略，而不是使用默认策略
3. 可以考虑添加对特定方法或接口的更细粒度控制，而不是全部开放给root

总体来说，这是一个很好的安全改进，提高了服务的安全性，同时保持了配置的简洁性。建议采用这个修改。

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: fly602, yixinshark

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment