From abee9138dec5814b70c9af418c27386a067ba284 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Mon, 8 Jul 2019 16:25:30 +0200 Subject: luci-base: add rpcd ACL rules Add required ACL rules to allow access to the native ubus HTTP interface directly. Signed-off-by: Jo-Philipp Wich --- .../root/usr/share/rpcd/acl.d/luci-base.json | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'modules/luci-base') diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json index ed7ad8aa8..6cbaa3d56 100644 --- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json +++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json @@ -7,5 +7,26 @@ "write": { "uci": [ "*" ] } + }, + "luci-access": { + "description": "Grant access to basic LuCI procedures", + "read": { + "ubus": { + "iwinfo": [ "info" ], + "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "leases", "leds", "netdevs", "offload_support", "usb" ], + "network.device": [ "status" ], + "network.interface": [ "dump" ], + "network.wireless": [ "status" ], + "uci": [ "changes", "get" ] + }, + "uci": [ "*" ] + }, + "write": { + "ubus": { + "luci": [ "initCall", "localtime", "timezone" ], + "uci": [ "add", "apply", "confirm", "delete", "order", "set" ] + }, + "uci": [ "*" ] + } } } -- cgit v1.2.3