[mms-engine] Run mms-engine under radio account. JB#50312

ofono is running under radio, it must be guaranteed to be present.

mms-engine/dbus-org.nemomobile.MmsEngine.service

@@ -5,5 +5,6 @@ Description=MMS engine service
 Type=dbus
 BusName=org.nemomobile.MmsEngine
 ExecStart=/usr/sbin/mms-engine -o syslog
-User=nemo
-Group=privileged
+User=radio
+Group=radio
+SupplementaryGroups=privileged inet

mms-engine/org.nemomobile.MmsEngine.dbus.conf

@@ -3,22 +3,18 @@
   "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <!-- This file goes to /etc/dbus-1/system.d -->
 <busconfig>
-  <policy user="root">
+  <policy context="default">
     <allow own="org.nemomobile.MmsEngine"/>
-    <allow send_destination="org.nemomobile.MmsEngine"/>
-    <allow send_interface="org.nemomobile.MmsEngine"/>
-  </policy>
-
-  <!-- allow radio user (ofono) signaling -->
-  <policy user="radio">
-    <allow send_destination="org.nemomobile.MmsEngine"/>
-    <allow send_interface="org.nemomobile.MmsEngine"/>
-  </policy>
-
-  <!-- allow regular user for debugging -->
-  <policy user="nemo">
-    <allow own="org.nemomobile.MmsEngine"/>
-    <allow send_destination="org.nemomobile.MmsEngine"/>
-    <allow send_interface="org.nemomobile.MmsEngine"/>
+    <!-- The actual access control is done by mms-engine at runtime -->
+    <allow send_destination="org.nemomobile.MmsEngine"
+           send_interface="org.nemomobile.MmsEngine"/>
+    <allow send_destination="org.nemomobile.MmsEngine"
+           send_interface="org.nemomobile.MmsEngine.TransferList"/>
+    <allow send_destination="org.nemomobile.MmsEngine"
+           send_interface="org.nemomobile.MmsEngine.Transfer"/>
+    <allow send_destination="org.nemomobile.MmsEngine"
+           send_interface="org.nemomobile.Logger"/>
+    <allow send_destination="org.nemomobile.MmsEngine"
+           send_interface="org.freedesktop.DBus.Introspectable"/>
   </policy>
 </busconfig>