Build tlsdate and tlsdated in AOSP.

The tlsdate-helper target fails due to OpenSSL/BoringSSL
incompatibilities and is currently commented out.

Additionally new unprivileged user/group need to be allocated then set
here.

Bug: 22373707

Change-Id: Ie3b7c0a4284dca4bfcbf2be90ec2870471279e75

1 files changed, 31 insertions, 0 deletions

diff --git a/dbus/org.torproject.tlsdate.conf b/dbus/org.torproject.tlsdate.conf
new file mode 100644
index 0000000..78e055a
--- /dev/null
+++ b/dbus/org.torproject.tlsdate.conf
@@ -0,0 +1,31 @@
+<!DOCTYPE busconfig PUBLIC
+          "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+          "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <!-- Only certain user can own the tlsdated service -->
+  <policy user="nobody">
+    <allow own="org.torproject.tlsdate"/>
+  </policy>
+
+  <!-- Allow anyone in the given group to invoke methods -->
+  <policy group="root">
+    <allow send_destination="org.torproject.tlsdate"
+           send_interface="org.torproject.tlsdate"
+           send_member="LastSyncInfo"/>
+    <allow send_destination="org.torproject.tlsdate"
+           send_interface="org.torproject.tlsdate"
+           send_member="SetTime"/>
+    <allow send_destination="org.torproject.tlsdate"
+           send_interface="org.torproject.tlsdate"
+           send_member="CanSetTime"/>
+  </policy>
+
+  <!-- Disallow anyone to invoke methods on tlsdated interface -->
+  <policy context="default">
+    <deny send_interface="org.torproject.tlsdate" />
+    <allow send_destination="org.torproject.tlsdate"
+           send_interface="org.torproject.tlsdate"
+           send_member="LastSyncInfo"/>
+  </policy>
+</busconfig>