summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-mod-network/root/usr/share/rpcd/acl.d
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2020-04-09 22:52:37 +0200
committerJo-Philipp Wich <jo@mein.io>2020-04-09 23:23:33 +0200
commitc099344013ad72d01a93b99184c72c5eeb792174 (patch)
treec01d65714fe1813b689151a31d370baca498f971 /modules/luci-mod-network/root/usr/share/rpcd/acl.d
parent1e07e3a52d4d06cc82ab07f2b7fbba0a9a6fb801 (diff)
treewide: reorganize base ACLs
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-mod-network/root/usr/share/rpcd/acl.d')
-rw-r--r--modules/luci-mod-network/root/usr/share/rpcd/acl.d/luci-mod-network.json65
1 files changed, 65 insertions, 0 deletions
diff --git a/modules/luci-mod-network/root/usr/share/rpcd/acl.d/luci-mod-network.json b/modules/luci-mod-network/root/usr/share/rpcd/acl.d/luci-mod-network.json
new file mode 100644
index 0000000000..d6c84bab27
--- /dev/null
+++ b/modules/luci-mod-network/root/usr/share/rpcd/acl.d/luci-mod-network.json
@@ -0,0 +1,65 @@
+{
+ "luci-mod-network-config": {
+ "description": "Grant access to network configuration",
+ "read": {
+ "cgi-io": [ "exec" ],
+ "file": {
+ "/usr/libexec/luci-peeraddr": [ "exec" ]
+ },
+ "ubus": {
+ "file": [ "exec" ],
+ "iwinfo": [ "assoclist", "countrylist", "freqlist", "txpowerlist" ],
+ "luci": [ "getSwconfigFeatures", "getSwconfigPortState" ]
+ },
+ "uci": [ "dhcp", "firewall", "network", "wireless" ]
+ },
+ "write": {
+ "cgi-io": [ "exec" ],
+ "file": {
+ "/sbin/ifup": [ "exec" ],
+ "/sbin/ifdown": [ "exec" ],
+ "/sbin/wifi": [ "exec" ]
+ },
+ "ubus": {
+ "file": [ "exec" ],
+ "hostapd.*": [ "del_client" ],
+ "iwinfo": [ "scan" ]
+ },
+ "uci": [ "dhcp", "firewall", "network", "wireless" ]
+ }
+ },
+
+ "luci-mod-network-dhcp": {
+ "description": "Grant access to DHCP configuration",
+ "read": {
+ "ubus": {
+ "luci-rpc": [ "getDHCPLeases", "getDUIDHints" ]
+ },
+ "uci": [ "dhcp" ]
+ },
+ "write": {
+ "uci": [ "dhcp" ]
+ }
+ },
+
+ "luci-mod-network-diagnostics": {
+ "description": "Grant access to network diagnostic tools",
+ "read": {
+ "file": {
+ "/bin/ping": [ "exec" ],
+ "/bin/ping6": [ "exec", "list" ],
+ "/bin/traceroute": [ "exec" ],
+ "/bin/traceroute6": [ "exec", "list" ],
+ "/usr/bin/nslookup": [ "exec" ],
+ "/usr/bin/ping": [ "exec" ],
+ "/usr/bin/ping6": [ "exec", "list" ],
+ "/usr/bin/traceroute": [ "exec" ],
+ "/usr/bin/traceroute6": [ "exec", "list" ]
+ },
+ "ubus": {
+ "file": [ "exec", "stat" ]
+ },
+ "uci": [ "luci" ]
+ }
+ }
+}