From b0fe4bf371b21e05b03e8c4a875d80a198dd3d45 Mon Sep 17 00:00:00 2001
From: Stan Grishin <stangri@melmac.net>
Date: Mon, 21 Sep 2020 18:37:02 +0000
Subject: luci-app-vpn-policy-routing: ACL-related update

Signed-off-by: Stan Grishin <stangri@melmac.net>
---
 .../rpcd/acl.d/luci-app-vpn-policy-routing.json    | 33 +++++++++++++++++++---
 1 file changed, 29 insertions(+), 4 deletions(-)

(limited to 'applications/luci-app-vpn-policy-routing/root')

diff --git a/applications/luci-app-vpn-policy-routing/root/usr/share/rpcd/acl.d/luci-app-vpn-policy-routing.json b/applications/luci-app-vpn-policy-routing/root/usr/share/rpcd/acl.d/luci-app-vpn-policy-routing.json
index 64e73de9c..5cdb67f77 100644
--- a/applications/luci-app-vpn-policy-routing/root/usr/share/rpcd/acl.d/luci-app-vpn-policy-routing.json
+++ b/applications/luci-app-vpn-policy-routing/root/usr/share/rpcd/acl.d/luci-app-vpn-policy-routing.json
@@ -1,11 +1,36 @@
 {
 	"luci-app-vpn-policy-routing": {
-		"description": "Grant UCI access for luci-app-vpn-policy-routing",
+		"description": "Grant UCI and file access for luci-app-vpn-policy-routing",
 		"read": {
-			"uci": [ "vpn-policy-routing" ]
+			"cgi-io": [
+				"exec"
+			],
+			"file": {
+				"/usr/lib/opkg/status": [
+					"read"
+				],
+				"/etc/init.d/vpn-policy-routing *": [
+					"exec"
+				],
+				"/usr/bin/grep *": [
+					"exec"
+				],
+				"/usr/sbin/grep *": [
+					"exec"
+				],
+				"/usr/sbin/iptables *": [
+					"exec"
+				]
+			},
+			"uci": [
+				"network",
+				"vpn-policy-routing"
+			]
 		},
 		"write": {
-			"uci": [ "vpn-policy-routing" ]
+			"uci": [
+				"vpn-policy-routing"
+			]
 		}
 	}
-}
+}
\ No newline at end of file
-- 
cgit v1.2.3