luci-base: add rpcd ACL rules

Add required ACL rules to allow access to the native ubus HTTP
interface directly.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
index ed7ad8aa8a62128b3b561f18d67bbd251374d703..6cbaa3d56d04f99b81b2caa292ce38ea44d139e5 100644 (file)
--- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
+++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
@@ -7,5 +7,26 @@
                "write": {
                        "uci": [ "*" ]
                }
+       },
+       "luci-access": {
+               "description": "Grant access to basic LuCI procedures",
+               "read": {
+                       "ubus": {
+                               "iwinfo": [ "info" ],
+                               "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "leases", "leds", "netdevs", "offload_support", "usb" ],
+                               "network.device": [ "status" ],
+                               "network.interface": [ "dump" ],
+                               "network.wireless": [ "status" ],
+                               "uci": [ "changes", "get" ]
+                       },
+                       "uci": [ "*" ]
+               },
+               "write": {
+                       "ubus": {
+                               "luci": [ "initCall", "localtime", "timezone" ],
+                               "uci": [ "add", "apply", "confirm", "delete", "order", "set" ]
+                       },
+                       "uci": [ "*" ]
+               }
        }
 }