X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=modules%2Fluci-base%2Froot%2Fusr%2Fshare%2Frpcd%2Facl.d%2Fluci-base.json;h=5256c8bb2c1af6587128e4281b9ab1ea56a83234;hb=5ff35d8be44f5fb9d4711cfc9ea1c478577a3e0a;hp=fb7be94cf488ed96eec9816f743536f7f5b0d876;hpb=167ad7bb120bc30b186a70b66b0664434e54bc1b;p=project%2Fluci.git

diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
index fb7be94cf4..5256c8bb2c 100644
--- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
+++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
@@ -20,21 +20,58 @@
 	"luci-access": {
 		"description": "Grant access to basic LuCI procedures",
 		"read": {
+			"cgi-io": [ "backup", "download" ],
+			"file": {
+				"/": [ "list" ],
+				"/*": [ "list" ],
+				"/dev/mtdblock*": [ "read" ],
+				"/etc/crontabs/root": [ "read" ],
+				"/etc/dropbear/authorized_keys": [ "read" ],
+				"/etc/filesystems": [ "read" ],
+				"/etc/rc.local": [ "read" ],
+				"/etc/sysupgrade.conf": [ "read" ],
+				"/etc/passwd": [ "read" ],
+				"/etc/group": [ "read" ],
+				"/proc/filesystems": [ "read" ],
+				"/proc/mtd": [ "read" ],
+				"/proc/partitions": [ "read" ],
+				"/proc/sys/kernel/hostname": [ "read" ],
+				"/proc/mounts": [ "read" ]
+			},
 			"ubus": {
-				"iwinfo": [ "info" ],
-				"luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "usb" ],
+				"file": [ "list", "read", "stat" ],
+				"iwinfo": [ "assoclist", "freqlist", "txpowerlist", "countrylist" ],
+				"luci": [ "getDUIDHints", "getHostHints", "getIfaddrs", "getInitList", "getLocaltime", "getTimezones", "getLEDs", "getNetworkDevices", "getUSBDevices", "getWirelessDevices", "getSwconfigFeatures", "getSwconfigPortState", "getBlockDevices", "getMountPoints" ],
+				"luci-rpc": [ "getBoardJSON", "getDHCPLeases" ],
 				"network.device": [ "status" ],
 				"network.interface": [ "dump" ],
-				"network.wireless": [ "status" ],
 				"network": [ "get_proto_handlers" ],
+				"system": [ "validate_firmware_image" ],
 				"uci": [ "changes", "get" ]
 			},
 			"uci": [ "*" ]
 		},
 		"write": {
+			"cgi-io": [ "upload" ],
+			"file": {
+				"/etc/crontabs/root": [ "write" ],
+				"/etc/dropbear/authorized_keys": [ "write" ],
+				"/etc/luci-uploads/*": [ "write" ],
+				"/etc/rc.local": [ "write" ],
+				"/etc/sysupgrade.conf": [ "write" ],
+				"/sbin/block": [ "exec" ],
+				"/sbin/firstboot": [ "exec" ],
+				"/sbin/reboot": [ "exec" ],
+				"/sbin/sysupgrade": [ "exec" ],
+				"/bin/tar": [ "exec" ],
+				"/tmp/backup.tar.gz": [ "write" ],
+				"/tmp/firmware.bin": [ "write" ]
+			},
 			"ubus": {
-				"luci": [ "initCall", "setLocaltime", "timezone" ],
-				"uci": [ "add", "apply", "confirm", "delete", "order", "set" ]
+				"file": [ "write", "remove", "exec" ],
+				"iwinfo": [ "scan" ],
+				"luci": [ "setInitAction", "setLocaltime", "setPassword", "setBlockDetect", "setUmount", "setReboot" ],
+				"uci": [ "add", "apply", "confirm", "delete", "order", "set", "rename" ]
 			},
 			"uci": [ "*" ]
 		}
@@ -43,7 +80,7 @@
 		"description": "Grant access to firewall procedures",
 		"read": {
 			"ubus": {
-				"luci": [ "conntrack_helpers" ]
+				"luci": [ "getConntrackHelpers" ]
 			},
 			"uci": [ "firewall" ]
 		},