summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2019-07-08 16:25:30 +0200
committerJo-Philipp Wich <jo@mein.io>2019-07-08 16:25:30 +0200
commitabee9138dec5814b70c9af418c27386a067ba284 (patch)
tree05184718658feb0152900ff05cda06818e0ed259
parent8055ed4c469516932a7abceed41b13cc7a11de35 (diff)
luci-base: add rpcd ACL rules
Add required ACL rules to allow access to the native ubus HTTP interface directly. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r--modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json21
1 files changed, 21 insertions, 0 deletions
diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
index ed7ad8aa8a..6cbaa3d56d 100644
--- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
+++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
@@ -7,5 +7,26 @@
"write": {
"uci": [ "*" ]
}
+ },
+ "luci-access": {
+ "description": "Grant access to basic LuCI procedures",
+ "read": {
+ "ubus": {
+ "iwinfo": [ "info" ],
+ "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "leases", "leds", "netdevs", "offload_support", "usb" ],
+ "network.device": [ "status" ],
+ "network.interface": [ "dump" ],
+ "network.wireless": [ "status" ],
+ "uci": [ "changes", "get" ]
+ },
+ "uci": [ "*" ]
+ },
+ "write": {
+ "ubus": {
+ "luci": [ "initCall", "localtime", "timezone" ],
+ "uci": [ "add", "apply", "confirm", "delete", "order", "set" ]
+ },
+ "uci": [ "*" ]
+ }
}
}