-
The policy applies only to the process sending a message, not the one receiving it. We need to be sure only the geoclue user can call the Agent's methods. Explanation by smvc from the bugreport: [...] The issue here is that every file in /etc/dbus-1/system.d applies to everything on the system bus - there is no way to limit policies to particular packages. So Geoclue2's policy allows any uid to call any method on the Properties interface at the path /org/freedesktop/GeoClue2/Agent, in *any* destination. You might think "why would any other service have an object at /org/freedesktop/GeoClue2/Agent?", but not all services distinguish between object paths: those that are implemented in terms of simplistic libdbus filters[1] typically do not. [...] https://bugs.freedesktop.org/show_bug.cgi?id=91214
a5b7bbb5
